SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
estoi desesperado le pase el ad-ware 6.181 y nada
Yeste:
hola, me salia como pagina de inicio aikind.info algo asi. le pase el adware actualizado 6.181 con el ultimo archivo de referencia. y esa me la quito pero me puso otra peor. me pone about.blanck pero en la pag me sale un buscador y se me abre una ventana pop up que me pone que se encontro contenido spyware en mi sistema. y cada vez que le paso el ad-ware me encuentra 3 archivos, los elimino. lo vuelvo a pasar na mas haber acabado y los vuelve a encontrar. alguna solucion ? os pongo el log que me crea el ad-ware ¿? gracias
destroyer:
hola:
Una pregunta simple, no lo tomes a mal si lo realizas correctamente. Cuando acaba el escaneo el ad aware y te muestra esos 3 archivos ¿los seleccionas y le das a limpiar o a cuarentena?
Si lo haces correctmente pero vuelven a aparecer, realiza el escaneo en modo a prueba de fallos (f8 cuando reinices el pc) y despues es mejor que cuelgues aqui el log que te dá, para poder echarle un vistazo.
Un saludo
Yeste:
cuando termina los selecciono y le doy a eliminar. tambien probe una de las veces a darle a cuarente pero la pagina de inicio cambia a una de microsoft y a los dos o tres segundos vuelvo a entrar ya ya esta el buscador otra vez. ahora mismo no puedo reiniciar el pc que toy haciendo cosas pa probar lo de modo a prueba de fallos. mientras os dejo aki el log:
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :domingo, 09 de mayo de 2004 16:09:10
Created with Ad-aware Personal, free for private use.
Using reference-file :01R303 08.05.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R303 08.05.2004
Internal build : 235
File location : C:\ARCHIV~1\LAVASOFT\AD-AWA~1\reflist.ref
Total size : 1096786 Bytes
Signature data size : 1078166 Bytes
Reference data size : 18556 Bytes
Signatures total : 24182
Target categories : 10
Target families : 463
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:46 %
Total physical memory:261616 kb
Available physical memory:119908 kb
Total page file size:633836 kb
Available on page file:339908 kb
Total virtual memory:2097024 kb
Available virtual memory:2056376 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
09-05-2004 16:09:10 - Scan started. (Smart mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 03-05-2004 12:23:14
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 03-05-2004 12:23:19
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03-05-2004 12:23:20
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 24/08/2001 8:00:00
Last accessed : 08/05/2004 22:00:00
Last modified : 24/08/2001 8:00:00
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03-05-2004 12:23:20
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 24/08/2001 8:00:00
Last accessed : 08/05/2004 22:00:00
Last modified : 24/08/2001 8:00:00
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03-05-2004 12:23:21
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 8:00:00
Last accessed : 08/05/2004 22:00:00
Last modified : 24/08/2001 8:00:00
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 03-05-2004 12:23:21
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 24/08/2001 8:00:00
Last accessed : 08/05/2004 22:00:00
Last modified : 24/08/2001 8:00:00
#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03-05-2004 12:23:23
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 24/08/2001 8:00:00
Last accessed : 08/05/2004 22:00:00
Last modified : 24/08/2001 8:00:00
#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 09-05-2004 13:11:38
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 24/08/2001 8:00:00
Last accessed : 08/05/2004 22:00:00
Last modified : 24/08/2001 8:00:00
#:9 [tidslmon.exe]
FilePath : C:\ARCHIV~1\KITADS~1\bin\win2k\
ThreadCreationTime : 09-05-2004 13:11:39
BasePriority : Normal
FileSize : 412 KB
FileVersion : O4.0.0.2
ProductVersion : O4.0.0.2
Copyright : Copyright (C) 2000
FileDescription : mcp MFC Application
InternalName : mcp
OriginalFilename : mcp.EXE
ProductName : mcp Application
Created on : 01/05/2004 16:08:21
Last accessed : 08/05/2004 22:00:00
Last modified : 14/11/2001 13:02:40
#:10 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ThreadCreationTime : 09-05-2004 13:11:40
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0133
ProductVersion : Version 6.2
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 19/04/2004 3:45:08
Last accessed : 08/05/2004 22:00:00
Last modified : 19/04/2004 3:45:08
#:11 [server4pc.exe]
FilePath : C:\Archivos de programa\TechniSat DVB\bin\
ThreadCreationTime : 09-05-2004 13:11:40
BasePriority : Normal
FileSize : 420 KB
FileVersion : 4, 2, 8, 9999
ProductVersion : 4, 2, 8, 9999
Copyright : Copyright
CompanyName : B2C2, Inc.
FileDescription : Server4PC
InternalName : SkyServer
OriginalFilename : SkyServer.EXE
ProductName : Broadband4PC
Created on : 07/05/2004 14:56:46
Last accessed : 08/05/2004 22:00:00
Last modified : 18/08/2003 22:30:32
#:12 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 09-05-2004 13:11:43
BasePriority : Normal
FileSize : 23 KB
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
Copyright : Copyright (C) Creative Technology Ltd. 1998-2001
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
OriginalFilename : DevLdr32.exe
ProductName : Creative Ring3 NT Inteface
Created on : 01/05/2004 15:49:14
Last accessed : 08/05/2004 22:00:00
Last modified : 22/08/2001 20:15:30
#:13 [progdvb.exe]
FilePath : C:\ProgDVB\
ThreadCreationTime : 09-05-2004 13:43:51
BasePriority : High
FileSize : 992 KB
FileVersion : 4.32.1
ProductVersion : 4.32.2
FileDescription : ProgDVB
InternalName : ProgDVB
OriginalFilename : ProgDVB.EXE
ProductName : ProgDVB Application
Created on : 30/04/2004 19:25:05
Last accessed : 08/05/2004 22:00:00
Last modified : 12/03/2004 19:21:42
#:14 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ThreadCreationTime : 09-05-2004 14:00:29
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 01/05/2004 15:53:50
Last accessed : 08/05/2004 22:00:00
Last modified : 24/08/2001 10:00:00
#:15 [ad-aware.exe]
FilePath : C:\ARCHIV~1\LAVASOFT\AD-AWA~1\
ThreadCreationTime : 09-05-2004 14:09:00
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 09/05/2004 12:37:01
Last accessed : 08/05/2004 22:00:00
Last modified : 12/07/2003 19:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 3
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : saul@tradedoubler[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Saul\Cookies\
Created on : 09/05/2004 13:37:17
Last accessed : 08/05/2004 22:00:00
Last modified : 09/05/2004 13:37:18
Tracking Cookie Object recognized!
Type : File
Data : saul@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Saul\Cookies\
Created on : 09/05/2004 13:37:45
Last accessed : 08/05/2004 22:00:00
Last modified : 09/05/2004 13:37:46
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 5
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 7
16:11:28 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:02:15:687
Objects scanned :38723
Objects identified :7
Objects ignored :0
New objects :7
MUCHAS GRACIAS
destroyer:
hola:
A primera vista parece que tienes un malware llamado "coolwebsearch " el problema, es que cuenta con muchas versiones diferentes y habria que estudiar tu caso paso a paso, y en esto, sí te pediría tuvieses paciencia hasta que se pase nuestro compañero Fats y te oriente sobre las acciones que debas tomar.
Ya le he dejado un aviso, y seguro que en cuanto lo lea se pasa por aqui..
Un saludo amigo.
Yeste:
que la verdad contal de conseguir quitarlo no me importa el tiempo que pase. y muchas gracias por todo
Navegación
[#] Página Siguiente
Ir a la versión completa