Foros de daboweb
SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc => Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware => Mensaje iniciado por: Sombra en 16 de Junio de 2004, 12:57:00 pm
-
No se si esta pregunta debe de postearse aqui. Si no es esi agradeceria a que algun moderador la moviera donde corresponda, gracias por las molestias si asi ocurre.
El problema es el siguiente, mi pagina de inicio de internet explorer se cambia automaticamente a una nueva pagina sobre busquedas en la red, y me advierte con un una ventana emergente de la existencia de un programa espia.
tengo instalado el panda antivirus y el pasado los programas spyboot y pestpatrol para la deteccion de robots espias etc...
pero sin ningun resultado, vamos que sigue cambiandome la pagina.
A ver si alguien me puede decir algo que a mi ya no se me ocurre mas.
Gracias.
SEMPER FIDELIS.
-
hola:
Bienvenido al foro sombra.
Mira este enlace y realiza un escaneo con el ad-aware 6.181 en la configuracion que ahí se indica y cuando finalice, pulsas en "mostrar log" y lo copias y pegas aqui íntegro, para que lo pueda ver Fats y darte las indicaciones pertinentes.
Te muevo este mensaje al foro de spyware.
Un saludo
-
hola:
Bienvenido al foro sombra.
Mira este enlace y realiza un escaneo con el ad-aware 6.181 en la configuracion que ahí se indica y cuando finalice, pulsas en "mostrar log" y lo copias y pegas aqui íntegro, para que lo pueda ver Fats y darte las indicaciones pertinentes.
Te muevo este mensaje al foro de spyware.
Un saludo
Hola Sombra, supongo que el enlace al que se refiere destroyer es este, sigue sus indicaciones e intetaran solucionar ese problema, con el problema que yo tenia lo consiguieron.
El enlace es:
http://www.daboweb.com/phpBB2/viewtopic.php?t=2443
-
Gracias talgo, efectivamente me olvide de pegar el enlace... creo que me hago mayor... :wink:
Un saludo
-
creo ke es esto lo ke me has pedido
a ver que pasa.
Scan initialized on 16/06/2004 16:32:00
=================================================
Started memory scan
====================
Processes Currently Running
#:1 (smss.exe)
Path:\SystemRoot\System32\smss.exe
BasePriority:NORMAL
#:2 (winlogon.exe)
Path:\??\C:\WINDOWS\SYSTEM32\winlogon.exe
BasePriority:HIGH
Build :
OS :-
Description :
Version :
Product Name:
#:3 (services.exe)
Path:C:\WINDOWS\system32\services.exe
BasePriority:NORMAL
FileSize :99 kb
Last accessed :24/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Aplicación de servicios y controlador
Version :5.1.2600.0
Product Name:Sistema operativo Microsoft® Windows®
#:4 (lsass.exe)
Path:C:\WINDOWS\system32\lsass.exe
BasePriority:NORMAL
FileSize :11 kb
Last accessed :24/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-DLL
Description :LSA Shell (Export Version)
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
#:5 (svchost.exe)
Path:C:\WINDOWS\system32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :24/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
#:6 (svchost.exe)
Path:C:\WINDOWS\System32\svchost.exe
BasePriority:NORMAL
FileSize :12 kb
Last accessed :24/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Generic Host Process for Win32 Services
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
#:7 (spoolsv.exe)
Path:C:\WINDOWS\system32\spoolsv.exe
BasePriority:NORMAL
FileSize :50 kb
Last accessed :24/08/2001 12:00:00
Build :5.1.2600.0
OS :NT-Win32-Executable
Description :Spooler SubSystem App
Version :5.1.2600.0
Product Name:Microsoft® Windows® Operating System
#:8 (Explorer.EXE)
Path:C:\WINDOWS\Explorer.EXE
BasePriority:NORMAL
FileSize :980 kb
Last accessed :24/08/2001 12:00:00
Build :6.0.2600.0
OS :NT-Win32-Executable
Description :Explorador de Windows
Version :6.0.2600.0
Product Name:Sistema operativo Microsoft® Windows®
#:9 (APVXDWIN.EXE)
Path:C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
BasePriority:NORMAL
FileSize :200 kb
Last accessed :19/10/2003 17:46:30
Build :3.0.0.0
OS :NT-Win32-Executable
Description :ApVxdWin
Version :3.10.4.0
Product Name:Panda Titanium Antivirus 2004
#:10 (nvsvc32.exe)
Path:C:\WINDOWS\System32\nvsvc32.exe
BasePriority:NORMAL
FileSize :64 kb
Last accessed :18/11/2002 15:15:00
Build :6.13.10.4109
OS :NT-Win32-DLL
Description :NVIDIA Driver Helper Service, Version 41.09
Version :6.13.10.4109
Product Name:NVIDIA Driver Helper Service, Version 41.09
#:11 (pavprsrv.exe)
Path:C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
BasePriority:NORMAL
FileSize :32 kb
Last accessed :25/09/2003 17:50:14
Build :1.0.0.0
OS :NT-Win32-Executable
Description :Panda Process Protection Service
Version :1.0.0.0
Product Name:PandaShield
#:12 (Pavsrv51.exe)
Path:C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
BasePriority:HIGH
FileSize :228 kb
Last accessed :18/10/2003 17:53:48
Build :6.3.0.0
OS :NT-Win32-Executable
Description :Panda Antivirus Service for Windows NT/2000
Version :6.3.0.614
Product Name:Panda Antivirus
#:13 (AVENGINE.EXE)
Path:C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
BasePriority:NORMAL
FileSize :96 kb
Last accessed :18/10/2003 17:57:22
Build :6.3.0.0
OS :NT-Win32-Executable
Description :Proceso análisis independiente
Version :6.3.0.505
Product Name:Panda Antivirus Windows NT/2000
#:14 (WebProxy.exe)
Path:C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
BasePriority:NORMAL
FileSize :36 kb
Last accessed :20/10/2003 2:04:42
Build :6.3.0.0
OS :NT-Win32-Executable
Description :
Version :6.3.0.505
Product Name:
#:15 (emule.exe)
Path:C:\Archivos de programa\eMule\emule.exe
BasePriority:NORMAL
FileSize :3328 kb
Last accessed :01/04/2004 23:03:26
Build :0.42.4.27
OS :NT-Win32-Executable
Description :eMule
Version :0.42.4.27
Product Name:eMule
#:16 (msnmsgr.exe)
Path:C:\Archivos de programa\MSN Messenger\msnmsgr.exe
BasePriority:NORMAL
FileSize :4572 kb
Last accessed :04/03/2004 23:01:00
Build :6.1.0.211
OS :NT-Win32-Executable
Description :Messenger
Version :6.1.0.211
Product Name:Messenger
#:17 (msiexec.exe)
Path:C:\WINDOWS\System32\msiexec.exe
BasePriority:NORMAL
FileSize :62 kb
Last accessed :24/08/2001 12:00:00
Build :2.0.2600.0
OS :NT-Win32-Executable
Description :Windows® installer
Version :2.0.2600.0
Product Name:Windows Installer - Unicode
#:18 (iexplore.exe)
Path:C:\Archivos de programa\Internet Explorer\iexplore.exe
BasePriority:NORMAL
FileSize :89 kb
Last accessed :24/08/2001 12:00:00
Build :6.0.2600.0
OS :NT-Win32-Executable
Description :Internet Explorer
Version :6.0.2600.0
Product Name:Sistema operativo Microsoft® Windows®
#:19 (SpyWatch.exe)
Path:C:\Archivos de programa\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
BasePriority:NORMAL
FileSize :530 kb
Last accessed :25/04/2003 11:56:28
Build :7.1.0.0
OS :NT-Win32-Executable
Description :SpyWatch
Version :7.1.0.0
Product Name:SpyWatch
#:20 (60F2B414.DLL)
Path:C:\Archivos de programa\BulletProofSoft.com\SpywareRemover\60F2B414.DLL
BasePriority:NORMAL
FileSize :568 kb
Last accessed :16/06/2004 16:29:45
Build :7.1.0.0
OS :NT-Win32-Executable
Description :SpyWatch
Version :7.1.0.0
Product Name:SpyWatch
#:21 (Spyware.exe)
Path:C:\Archivos de programa\BulletProofSoft.com\SpywareRemover\Spyware.exe
BasePriority:NORMAL
FileSize :706 kb
Last accessed :25/04/2003 11:56:14
Build :7.1.0.0
OS :NT-Win32-Executable
Description :Spyware Adware Remover
Version :7.1.0.0
Product Name:Spyware Adware Remover
#:22 (DCB9618A.DLL)
Path:C:\Archivos de programa\BulletProofSoft.com\SpywareRemover\DCB9618A.DLL
BasePriority:NORMAL
FileSize :1524 kb
Last accessed :16/06/2004 16:30:25
Build :7.1.0.0
OS :NT-Win32-Executable
Description :Spyware Adware Remover
Version :7.1.0.0
Product Name:Spyware Adware Remover
Memory scan result :
Total modules found :23
Suspicious modules found:
Scan complete
Started registry scan
====================
Registry scan result:
Suspicious keys found :0
Scan complete
Started folder scan
====================
Folder scan result:
Suspicious folders found :0
Started file scan
====================
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\sombra@com[1].txt
FileSize :0 kb
Last accessed :16/06/2004 12:46:20
Build :
OS :-
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\[email protected][1].txt
FileSize :0 kb
Last accessed :16/06/2004 12:45:44
Build :
OS :-
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\sombra@element5[1].txt
FileSize :0 kb
Last accessed :16/06/2004 12:46:23
Build :
OS :-
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\sombra@google[1].txt
FileSize :0 kb
Last accessed :16/06/2004 16:29:11
Build :
OS :-
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\[email protected][1].txt
FileSize :0 kb
Last accessed :16/06/2004 13:48:12
Build :
OS :-
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\sombra@msn[1].txt
FileSize :0 kb
Last accessed :16/06/2004 13:48:06
Build :
OS :-
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\sombra@passport[1].txt
FileSize :0 kb
Last accessed :16/06/2004 16:29:18
Build :
OS :-
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\[email protected][1].txt
FileSize :0 kb
Last accessed :16/06/2004 13:44:12
Build :
OS :-
Other file:C:\Documents and Settings\sombra.EL-31AUCYTOTHAZ\Cookies\[email protected][2].txt
FileSize :0 kb
Last accessed :16/06/2004 14:42:14
Build :
OS :-
Dialer - Other file:C:\MinGW\bin\strip.exe
FileSize :494 kb
Last accessed :07/09/2002 17:38:08
Build :
OS :-
Dialer - Other file:C:\MinGW\mingw32\bin\strip.exe
FileSize :494 kb
Last accessed :02/09/2002 23:01:47
Build :
OS :-
File scan result :
Suspicious files found :11
Scan complete
==========================================================
Spyware components found total: 11
==========================================================
Task completed on 16:47:15
Done
==========================================================
Application Version: 7.1.0
==========================================================
Major Version: 5
Minor Version: 1
Build Number Version: 2600
Platform ID: 2
Service Pack Major: 0
Service Pack Minor: 0
Suite Mask: 256
Platform: Windows XP
Platform Version: Windows XP v5.1, Build 2600
OS Product Name: NT Workstation
CSD Version:
Is Windows XP: Verdadero
Is Windows 2K: Verdadero
Is Windows NT: Verdadero
Is Windows 9x: Falso
Is Windows 95: Falso
Is Windows 98: Falso
Is Windows Me: Falso
==========================================================
-
Sombra, bienvenido al foro!
¿Serías tan amable de decirnos qué programa estás utilizando, y cuál versión del mismo? Nos es muy importante saber esto.
Muchas gracias.
-
El programa se llama spyware / adware remover 7.10
o por lo menos asi lo especifica en la informacion que da en la ayuda
espero que os valga ese.
Gracias, y siento las molestias.
SEMPER FIDELIS.
-
Vale
acabo de encontrar el ad-aware
dentro de unos minutos os pongo lo que me pedisteis
De nuevo perdon, y gracias.
SEMPER FIDELIS
-
Ok sombra, recuerda actualizarlo antes de escanear el pc..
Un saludo
-
Te tengo malas noticias... :(
Primero, el enlace que explica (en inglés): http://www.lavasoftsupport.com/index.php?showtopic=3912&hl=elbanhawy
Luego, los contenidos:
If you have purchased or used BulletProofsoft’s* (Ayman Elbanhawy) “Spy Cleaner™” or “BPS Spyware/Adware Remover™”, you have been deceived!
These programs have been cobbled together from stolen content, coding and design from our software and that of SBSD.
Someone has even gone so far as to alter the user reviews of our C|Net downloads page by making it look as though our application were negatively received (overwhelmingly we might add, when prior to this attack we had a 91% positive rating over 12million+ downloads which they altered to look as though it were 31%) while giving BPS’s software a 100% positive rating (which is absolutely impossible).
If for no other reason, this is about as suspicious a coincidence as you can get.
To get the truth about this software, you can view REAL opinions here:
http://download.com.com/3302-2144-10183773...?ob=0&pn=1&fb=2 (http://download.com.com/3302-2144-10183773.html?ob=0&pn=1&fb=2)
And if this exploit is as troublesome to you as it is to us, please let C|Net know how you feel:
http://www.cnet.com/cnetsupport/contact/1,...00.html?tag=dir (http://www.cnet.com/cnetsupport/contact/1,10161,0-3945,00.html?tag=dir)
The host for his downloads has a forum. We suggest users go there and ask why they offer pirated software for download:
http://www.topdownloads.net/cgi-bin/ikonbo...d/ikonboard.cgi (http://www.topdownloads.net/cgi-bin/ikonboard/ikonboard.cgi)
Now to show you what Ayman Elbanhawy has done:
If you look at the interface, very little has changed from our original announcement last June. Except for some additional buttons, it still uses the Ad-aware 5X UI. He is also still using the domain adaware info to imply a relationship to our software. There is no relationship other than the fact this person is attempting to steal our good name and reputation.
Longtime users of our software will notice many lingering similarities (despite an attempt to change this after our last confrontation) including the use of an “Ignore list” and how the various modules are named with a *-watch. You will also notice the way the logfile looks (familiar?):
http://www.bulletproofsoft.com/SpywareHlp/.../index.html#6.2 (http://www.bulletproofsoft.com/SpywareHlp/Help/index.html#6.2)
In his rush to put his “online help” together, he didn’t pay much attention to the actual content as he shows a false positive for the “Liveshows” dialer. Take a look and please don’t use this if you have Microsoft office as you might end up removing your “FindFast” application.
You will also notice that he uses the exact text supplied with our 5X version help manual for the creation of language files (he actually USES the ones we supplied that were made by ourselves and our users):
5.7.1 Adding your own language modules: Back to Top -->
Step 1) Copy the "English.ini" file located in the installation folder/Lang, and name it with the name of the language you are making.
Example: Japanese.ini.
Note: Don't change the file extension, keep it as ".INI".
Step 2) Make an icon 16x16 pixels with the flag for your country language pack, and save it in bitmap format.
Example: Japanese.bmp
Note: It must have the same name as the language.ini file, and have the extension ".BMP"
Step 3) Edit the file with notepad or any text editor.
Example:
;Backup Window <--- This line is a comment since it starts with the ";"
1400=Restore
1401=Clean
1402=Cancel
The strings will be changed to your language
Example to change them to French:
; Fenêtre auxiliaire
1400=restaurez
1401=propre
1402=annulez
While he changed this slightly to alter the string numbers (from 1000 to start with 1400) and added some content to reflect the “features” he added, there is no real difference between our language packs and the ones he offers.
As we are not the only software maker affected, you may wish to investigate these domains for examples of other pirated/plagiarized software bulletproofsoft.com, topdownloads.com, and rizal.com. We are sure that you will be amazed at the audacity of those behind this and how far they are willing to go to try and get your money.
Team Lavasoft
*)Please note that Bulletproofsoft is NOT affiliated with Bulletproof Software, the makers of BulletProof-FTP."Bulletproofsoft" too is selling several FTP clients, and this is yet another example of their deceptive marketing practices.
Por si no quedó claro: la firma Bulletproofsoft ha robado contenidos, código y diseño del Ad-aware y del SpyBot Search & Destroy. Y si no bastase con esto, pueden leer lo que dice el texto.
Mi consejo: desinstalá el spyware / adware remover 7.10.
-
Joer.. :shock: :shock:
-
Me parecía conocido el formato del log...
-
Muy bien, por fin aqui esta con el ad-aware 6.181
desinstalare el otro programa.
Gracias
Lavasoft Ad-aware Professional Build 158
Logfile created on :miércoles, 16 de junio de 2004 22:34:54
Using reference-file :0R150 05.07.2003
______________________________________________________
Ad-aware Settings
=========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : sombra@bravenet[1].txt
Object : C:\Documents and Settings\sombra\Cookies\
Created on : 14/08/2003 14:47:03
Last accessed : 16/06/2004 20:35:25
Last modified : 14/08/2003 14:47:03
Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\sombra\Cookies\
Created on : 13/08/2003 20:35:23
Last accessed : 16/06/2004 20:35:26
Last modified : 14/08/2003 21:55:52
Tracking Cookie Object recognized!
Type : File
Data : sombra@sexlist[1].txt
Object : C:\Documents and Settings\sombra\Cookies\
Created on : 13/08/2003 20:29:03
Last accessed : 16/06/2004 20:35:26
Last modified : 13/08/2003 20:29:03
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 3
Scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 3
Scanning and examining files (H:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for H:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 3
22:36:38 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:01:44:310
Objects scanned :49752
Objects identified :3
Objects ignored :0
New objects :3
-
hola sombra
No es correcta la version del programa.. Mira en el post de Fats, pulsa sobre el enlace de descarga del ad-aware
http://www.lavasoft.de/support/download/
instalalo y actualizalo antes de escanear. La version que has instalado no es la 6.181 , desinstalala antes de colocar esta nueva
Un saludo
-
Sombra,
lo que necesito saber ahora es (por favor, en total confianza) si la versión Pro del Ad-aware que tenés la compraste o la copiaste. Esto lo pregunto porque si la compraste tenés derecho a actualizarla a la 6.181 Professional gratis. Pero vas a necesitar los datos de compra.
Si no fue así, desinstalá POR COMPLETO la vieja versión antes de instalar la otra. Si no hacés esto vas a tener inconvenientes con el Ad-aware (que ya han sido reportados por muchos usuarios y se llegó a la conclusión esa).
-
Perdón: en cualquier caso, sea comprada o no, desinstalá por completo la vieja versión antes de instalar la nueva.
Que quede bien claro que no tiene que ver con si es pirateada o no.