Foros de daboweb
SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc => Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware => Mensaje iniciado por: hombredelcubo en 26 de Junio de 2004, 07:43:53 pm
-
Os cuento, resulta que ya llevo tiempo con este molesto pero de momento inofensivo adware pero el otro dia me hablaron de vuestra web y he estado leyendo algunos posts y me preguntaba si a mi tb me pudieseis ayudar.
Segun Norton 2004 (que es el que tengo instalado) el nombre del virus es ADWARE.MAINSEARCH y el nombre del archivo en cuestion va cambiando, porque lo elimino y vuelve a salir otro con distinto nombre. Ahora toma el nombre de FDOP.DLL.
tambien he pasado el Panda online pero ni siquiera me reconoce nada
Lo que me hace es cambiar la pagina de inicio por la de about:blank (pero en realidad sale una pagina de busqueda en ingles), ademas me abre ventanas dicendome que estoy infectado por un spyware (tambien en ingles), fundamentalmente cuadno estoy en algun tipo de correo (yahoo,hotmail)
Ahora estoy en vuestra disposicion, asiq si no es mucho molestar, me gustaria que me ayudarais a deshacerme de este virus.
muchas gracias de todos modos
-
Holas hombredelcubo, bienvenido al foro ;)
Mira, lo primero instálate el Ad-aware 6.181, ACTUALÍZALO y haz un full scan siguiendo los pasos de éste enlace (http://www.daboweb.com/phpBB2/viewtopic.php?t=2443)
Desde allí puedes bajarte también el programa, en el enlace de la firma de Fatsgordon ;)
Una vez hecho el scan, copia el log y publícalo aquí para que Fats le eche un vistazo y te diga lo que debes hacer (para publicar el log, cuando haya finalizado el scan clika en "Mostrar log" o "Show logfile", selecciónalo y cópialo y pégalo aquí), de acuerdo?
Saludetes ;)
-
bienvenido amigo, este primer paso es fundamental para saber a lo que nos enfrentamos, hay bichos muy molestos :wink:
un saludo y bienvenido :!:
-
Ya he instalao el adware 6.181 con su respectiva actualizacion. a continuacion he realizao el full scan con el siguiente paronama:
Muchas gracias por vuestra labor, de verdad.
Os mereceis ser pagina del año ;)
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :domingo, 27 de junio de 2004 5:11:47
Created with Ad-aware Personal, free for private use.
Using reference-file :01R325 27.06.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 1R200 12.07.2003
Internal build : 17
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6\reflist.ref
Total size : 432159 Bytes
Signature data size : 423356 Bytes
Reference data size : 8739 Bytes
Signatures total : 9938
Target categories : 10
Target families : 202
27-06-2004 5:10:33 Performing Webupdate...
Installing Update...
Reference file loaded:
Reference Number : 01R325 27.06.2004
Internal build : 257
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1274298 Bytes
Signature data size : 1253786 Bytes
Reference data size : 20448 Bytes
Signatures total : 27864
Target categories : 10
Target families : 507
27-06-2004 5:11:08 Success.
Update successfully downlodaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:14 %
Total physical memory:261684 kb
Available physical memory:34824 kb
Total page file size:632856 kb
Available on page file:362500 kb
Total virtual memory:2097024 kb
Available virtual memory:2043776 kb
OS:Windows 2000
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
27-06-2004 5:11:47 - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 27-06-2004 2:56:28
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\SYSTEM32\
ThreadCreationTime : 27-06-2004 2:56:57
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 27-06-2004 2:57:10
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 27/06/2004 2:57:10
Last modified : 19/06/2003 19:05:04
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 27-06-2004 2:57:11
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : DLL de servidor y ejecutable LSA (versi
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Sistema operativo Microsoft(R) Windows(R) 2000
Created on : 02/09/2003 16:58:54
Last accessed : 27/06/2004 2:57:11
Last modified : 19/06/2003 19:05:04
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 27-06-2004 2:57:28
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 01/12/1999 8:40:16
Last accessed : 27/06/2004 2:57:28
Last modified : 01/12/1999 8:40:16
#:6 [ccsetmgr.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\
ThreadCreationTime : 27-06-2004 2:57:32
BasePriority : Normal
FileSize : 229 KB
FileVersion : 2.0.0.635
ProductVersion : 2.0.0.635
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 20/08/2003 0:58:50
Last accessed : 27/06/2004 2:57:32
Last modified : 20/08/2003 0:58:50
#:7 [ccevtmgr.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\
ThreadCreationTime : 27-06-2004 2:57:36
BasePriority : Normal
FileSize : 249 KB
FileVersion : 2.0.0.635
ProductVersion : 2.0.0.635
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 20/08/2003 0:56:12
Last accessed : 27/06/2004 2:57:36
Last modified : 20/08/2003 0:56:12
#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 27-06-2004 2:57:43
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 02/09/2003 14:41:51
Last accessed : 27/06/2004 2:57:43
Last modified : 19/06/2003 19:05:04
#:9 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 27-06-2004 2:57:46
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 01/12/1999 8:40:16
Last accessed : 27/06/2004 2:57:28
Last modified : 01/12/1999 8:40:16
#:10 [navapsvc.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 27-06-2004 2:57:52
BasePriority : Normal
FileSize : 155 KB
FileVersion : 10.00.2
ProductVersion : 10.00.2
Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 30/05/2004 2:01:51
Last accessed : 27/06/2004 2:57:52
Last modified : 12/05/2004 12:53:44
#:11 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 27-06-2004 2:58:01
BasePriority : Normal
FileSize : 66 KB
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 23/11/2003 0:56:05
Last accessed : 27/06/2004 2:58:00
Last modified : 19/06/2003 19:05:04
#:12 [savscan.exe]
FilePath : C:\Archivos de programa\Norton AntiVirus\
ThreadCreationTime : 27-06-2004 2:58:05
BasePriority : Normal
FileSize : 189 KB
FileVersion : 9.2.1.14
ProductVersion : 9.2
Copyright : Copyright (c) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
OriginalFilename : SAVSCAN.EXE
ProductName : Symantec AntiVirus AutoProtect
Created on : 27/02/2004 18:26:02
Last accessed : 27/06/2004 2:58:05
Last modified : 07/11/2003 18:46:58
#:13 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 27-06-2004 2:58:16
BasePriority : Normal
FileSize : 117 KB
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Motor de Programador de tareas
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Programador de tareas de Microsoft
Created on : 23/11/2003 0:37:12
Last accessed : 27/06/2004 2:58:16
Last modified : 19/06/2003 19:05:04
#:14 [stisvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 27-06-2004 2:58:21
BasePriority : Normal
FileSize : 60 KB
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
Copyright : Copyright (C) Microsoft Corp. 1996-1997
CompanyName : Microsoft Corporation
FileDescription : Monitor de dispositivos de imagen est
InternalName : STIMON
OriginalFilename : STIMON.EXE
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 23/11/2003 1:04:51
Last accessed : 27/06/2004 2:58:21
Last modified : 19/06/2003 19:05:04
#:15 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 27-06-2004 2:58:21
BasePriority : Normal
FileSize : 238 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 22/11/2003 23:54:10
Last accessed : 27/06/2004 3:09:04
Last modified : 19/06/2003 19:05:04
#:16 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 27-06-2004 2:58:26
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Instrumental de administraci
InternalName : WINMGMT
ProductName : Instrumental de administraci
Created on : 23/11/2003 1:15:57
Last accessed : 27/06/2004 2:58:26
Last modified : 19/06/2003 19:05:04
#:17 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 27-06-2004 2:58:31
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 01/12/1999 8:40:16
Last accessed : 27/06/2004 2:57:28
Last modified : 01/12/1999 8:40:16
#:18 [ccapp.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\
ThreadCreationTime : 27-06-2004 2:59:00
BasePriority : Normal
FileSize : 69 KB
FileVersion : 2.0.0.635
ProductVersion : 2.0.0.635
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Symantec Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 20/08/2003 0:55:56
Last accessed : 27/06/2004 2:59:00
Last modified : 20/08/2003 0:55:56
#:19 [svchost.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 27-06-2004 2:59:07
BasePriority : Normal
FileSize : 44 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2004
FileDescription : MFC Application
InternalName : svchost
OriginalFilename : SVCHOST.EXE
ProductName : SVCHOST Application
Created on : 22/06/2004 19:46:04
Last accessed : 27/06/2004 2:59:07
Last modified : 22/06/2004 19:46:04
#:20 [dslmon.exe]
FilePath : C:\Archivos de programa\Wanadoo\USB ADSL Modem\
ThreadCreationTime : 27-06-2004 2:59:11
BasePriority : Normal
FileSize : 900 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2000
FileDescription : ADIMON MFC Application
InternalName : DSLMON
OriginalFilename : ADIMON.EXE
ProductName : DSLMON Application
Created on : 23/11/2003 2:41:08
Last accessed : 27/06/2004 2:59:11
Last modified : 29/10/2002 11:15:34
#:21 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ThreadCreationTime : 27-06-2004 3:02:14
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04/03/2004 22:01:00
Last accessed : 27/06/2004 3:02:20
Last modified : 04/03/2004 22:01:00
#:22 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ThreadCreationTime : 27-06-2004 3:02:42
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 30/08/2002 17:56:44
Last accessed : 27/06/2004 3:03:09
Last modified : 30/08/2002 17:56:44
#:23 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 27-06-2004 3:02:57
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 01/12/1999 8:40:16
Last accessed : 27/06/2004 2:57:28
Last modified : 01/12/1999 8:40:16
#:24 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 27-06-2004 3:09:34
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 26/06/2004 17:27:44
Last accessed : 27/06/2004 3:09:34
Last modified : 12/07/2003 20:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
PeopleOnPage Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AutoLoaderAproposClient"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : AutoLoaderAproposClient
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{4CE5986A-005E-4B87-A91B-764B169E918A}
CoolWebSearch Object recognized!
Type : File
Data : fdop.dll
Category : Malware
Comment :
Object : c:\winnt\system32\
FileSize : 30 KB
Created on : 30/05/2004 1:49:38
Last accessed : 27/06/2004 3:02:46
Last modified : 30/05/2004 1:49:38
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{57496027-B2F5-4823-BFD6-8AC94455F658}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CE5986A-005E-4B87-A91B-764B169E918A}
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 8
Objects found so far: 10
Deep scanning and examining files (A:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for A:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 10
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:53:50
Last accessed : 27/06/2004 3:15:10
Last modified : 10/06/2004 0:53:53
Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 09/06/2004 23:45:45
Last accessed : 27/06/2004 3:15:10
Last modified : 09/06/2004 23:45:48
Tracking Cookie Object recognized!
Type : File
Data : administrador@advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:38:02
Last accessed : 27/06/2004 3:15:10
Last modified : 10/06/2004 0:38:02
Tracking Cookie Object recognized!
Type : File
Data : administrador@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:53:37
Last accessed : 27/06/2004 3:15:10
Last modified : 10/06/2004 0:53:37
Tracking Cookie Object recognized!
Type : File
Data : administrador@qksrv[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:38:18
Last accessed : 27/06/2004 3:15:10
Last modified : 10/06/2004 0:38:18
Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:40:50
Last accessed : 27/06/2004 3:15:11
Last modified : 10/06/2004 0:40:50
SexFiles.nu Object recognized!
Type : File
Data : dialerx.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileSize : 44 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2003
FileDescription : diallerX MFC Application
InternalName : diallerX
OriginalFilename : diallerX.EXE
ProductName : diallerX Application
Created on : 22/06/2004 19:46:11
Last accessed : 27/06/2004 3:24:26
Last modified : 22/06/2004 19:46:10
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 17
Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 17
Deep scanning and examining files (E:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for E:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 17
Deep scanning and examining files (F:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for F:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 17
Deep scanning and examining files (G:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for G:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 17
Deep scanning and examining files (H:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for H:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 17
Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 17
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
PeopleOnPage Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0
PeopleOnPage Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~compoundinst0
PeopleOnPage Object recognized!
Type : File
Data : auf0.exe
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\
FileSize : 1471 KB
Created on : 14/01/2004 19:25:59
Last accessed : 27/06/2004 3:28:37
Last modified : 14/01/2004 19:27:02
PeopleOnPage Object recognized!
Type : File
Data : atla.dll
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 72 KB
FileVersion : 3.00.8449
ProductVersion : 6.00.8449
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows (ANSI)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 14/01/2004 20:23:10
Last accessed : 27/06/2004 3:28:38
Last modified : 14/01/2004 20:23:10
PeopleOnPage Object recognized!
Type : File
Data : atlw.dll
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 73 KB
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 14/01/2004 20:23:10
Last accessed : 27/06/2004 3:28:38
Last modified : 14/01/2004 20:23:10
PeopleOnPage Object recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 1 KB
Created on : 14/01/2004 20:23:11
Last accessed : 27/06/2004 3:28:38
Last modified : 14/01/2004 20:23:11
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 24
5:28:39 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:16:50:803
Objects scanned :71800
Objects identified :24
Objects ignored :0
New objects :24
-
pa cuando una respuesta please?
q ya lleva un par de dias y me meto to los dias y no veo respuesta alguna :( :( :(
1 saludo!
-
hola amigo, una pregunta, le has vuelto a pasar el adaware???? que te da lo mismo???
ya nos cuentas y nada amigo, ya sabes, contestamos cuando podemos
un saludo :wink:
-
Descargate el Antisecuestro, sirve para liberar el navegador Internet Explorer del secuestro por parte del spyware, acciones malignas durante la navegación por Internet Java, código malicioso, ficheros falsos al intercambiar archivos P2P o correos con dialers que modifican con gusanos la configuración de la página de inicio.
Se recomienda que tras utilizar el programa AntiSecuestro y haber liberado la página de inicio se utilice un programa antispyware.
Para descargar AntiSecuestro V.1.0:
http://www.internautas.org/restIE.zip
Cuando lo hayas usado reincia el pc en modo a prueba de fallos, y realiza un scan completo con el ad-aware y su última actualización.
Luego reincia en modo normal y comprueba q todo este bien, si aun persiste el problema, nos avisas.
Si quieres echale un vistazo a este post (http://www.daboweb.com/phpBB2/viewtopic.php?t=5377)
pero te aviso q hay muchas variantes del CoolWebSearch y puede q esa no sea la solución.
Existe un programa tambien para eliminar el CoolWebSearch, se llama CWShredder :arrow: Web: http://www.spywareinfo.com/~merijn
De todas formas te aconsejo q uses 1º el antisecuestro y luego escanees con el adaware en modo a prueba de fallos.
-
gracias chcohe pero tambien es importante saber si le dio a eliminar despues del scan, supongo que si
lo tuyo sera un excelente complemento :wink: :lol:
-
muchas gracias,
lo siento por meter algo de presion pero es que pensaba que el post se habia qdao en el olvido y ademas se peude decir que esto lo haceis por amor al arte, de verdad que lo siento,
cuanto tenga el resultado os lo escribo ;)
1 saludo
-
hombredelcubo si no es por tu aviso ni me doy cuenta :oops:
Ya nos contaras si se arregló o no el problema.
-
Hola:
A veces con el volumen de mensajes diarios que hay, es normal que algun post se nos quede "rezagado" , no está mal recordar que sigue ahí... A ver si conseguimos darle solucion... :wink:
Un saludo
-
tranquilo amigo, ya nos cuentas :wink:
-
os cuento un poco, resulta que ayer por la noche segui las instrucciones que me dijisteis que siguiera: me descargue el AntiSecuestro V.1.0 y a continuacion actualice el ad-ware. reinicie el ordenador en modo a prueba de errores e hice un scan completo,
el resultado de ese scan lo tengo guardado (por si lo quereis) y me detecto creo que 36 items, y yo los elimine todos sin que diese ningun problema a la hora de eliminarlos.
bueno reinicie el ordenador y me iba perfecto (volvi a pasar el ad-ware y no me localizo nada), sin que me saliera niguna ventanita ni siquiera me cambiaba la pagina de inicio, y hoy me iba igual que ayer, hasta que ha llegao un momento que he ido a abrir una pagina de hotmail para enviar un email y ma cambiado todo (la pagina de inicio y aparecian las odiosas ventanitas)
y ahora os pregunto yo? que es lo que quereis? un log antes de pasarlo, porque si lo paso y lo elimina no me reconoce nada, pero luego vuelve a aparecer ? :S
-
reinicie el ordenador y me iba perfecto (volvi a pasar el ad-ware y no me localizo nada)
Si no te detectó nada es pq se arregló. Lo q te sucede ahora yo diría q es por alguna otra cosa, quizas instalastes algo o al navegar se te instaló algo nuevo.
Posteanos tu último log y lo miramos.
-
a ver esos resultados
primero te pongo el log de ayer, y luego el de hoy ok?
Nota: sa ma pasao volver a pasar el adware despeus de pasar el de hoy para saber si no tenia nada :oops:
-------------------------------------------------------------------------------------
[ad-ware 6 log (16-07 01.05).TXT]
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :viernes, 16 de julio de 2004 0:44:55
Created with Ad-aware Personal, free for private use.
Using reference-file :01R332 12.07.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R332 12.07.2004
Internal build : 264
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1304680 Bytes
Signature data size : 1283888 Bytes
Reference data size : 20728 Bytes
Signatures total : 28484
Target categories : 10
Target families : 520
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:74 %
Total physical memory:261684 kb
Available physical memory:191596 kb
Total page file size:632856 kb
Available on page file:564052 kb
Total virtual memory:2097024 kb
Available virtual memory:2053080 kb
OS:Windows 2000
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
16-07-2004 0:44:55 - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 15-07-2004 22:41:27
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\SYSTEM32\
ThreadCreationTime : 15-07-2004 22:41:51
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-07-2004 22:41:58
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 15/07/2004 22:41:58
Last modified : 19/06/2003 19:05:04
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-07-2004 22:41:58
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : DLL de servidor y ejecutable LSA (versi
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Sistema operativo Microsoft(R) Windows(R) 2000
Created on : 02/09/2003 16:58:54
Last accessed : 15/07/2004 22:41:58
Last modified : 19/06/2003 19:05:04
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-07-2004 22:42:05
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 01/12/1999 8:40:16
Last accessed : 15/07/2004 22:42:05
Last modified : 01/12/1999 8:40:16
#:6 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 15-07-2004 22:42:07
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Instrumental de administraci
InternalName : WINMGMT
ProductName : Instrumental de administraci
Created on : 23/11/2003 1:15:57
Last accessed : 15/07/2004 22:42:07
Last modified : 19/06/2003 19:05:04
#:7 [userinit.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 15-07-2004 22:44:10
BasePriority : Normal
FileSize : 17 KB
FileVersion : 5.00.2195.6612
ProductVersion : 5.00.2195.6612
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : userinit
OriginalFilename : USERINIT.EXE
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 15/07/2004 22:44:10
Last modified : 19/06/2003 19:05:04
#:8 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 15-07-2004 22:44:12
BasePriority : Normal
FileSize : 238 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 22/11/2003 23:54:10
Last accessed : 15/07/2004 22:44:12
Last modified : 19/06/2003 19:05:04
#:9 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 15-07-2004 22:44:34
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 26/06/2004 17:27:44
Last accessed : 15/07/2004 22:38:14
Last modified : 12/07/2003 20:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
PeopleOnPage Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AutoLoaderAproposClient"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : AutoLoaderAproposClient
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{4CE5986A-005E-4B87-A91B-764B169E918A}
CoolWebSearch Object recognized!
Type : File
Data : fdop.dll
Category : Malware
Comment :
Object : c:\winnt\system32\
FileSize : 30 KB
Created on : 30/05/2004 1:49:38
Last accessed : 15/07/2004 22:34:59
Last modified : 30/05/2004 1:49:38
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{57496027-B2F5-4823-BFD6-8AC94455F658}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\fdop.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CE5986A-005E-4B87-A91B-764B169E918A}
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 8
Objects found so far: 10
Deep scanning and examining files (A:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for A:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 10
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:53:50
Last accessed : 15/07/2004 22:56:14
Last modified : 10/06/2004 0:53:53
Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 09/06/2004 23:45:45
Last accessed : 15/07/2004 22:56:14
Last modified : 09/06/2004 23:45:48
Tracking Cookie Object recognized!
Type : File
Data : administrador@advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:38:02
Last accessed : 15/07/2004 22:56:14
Last modified : 10/06/2004 0:38:02
Tracking Cookie Object recognized!
Type : File
Data : administrador@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:53:37
Last accessed : 15/07/2004 22:56:15
Last modified : 10/06/2004 0:53:37
Tracking Cookie Object recognized!
Type : File
Data : administrador@doubleclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 18:25:42
Last accessed : 15/07/2004 22:56:15
Last modified : 01/07/2004 18:28:40
Tracking Cookie Object recognized!
Type : File
Data : administrador@mediaplex[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 19:59:24
Last accessed : 15/07/2004 22:56:15
Last modified : 01/07/2004 19:59:28
Tracking Cookie Object recognized!
Type : File
Data : administrador@paycounter[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 18:06:57
Last accessed : 15/07/2004 22:56:16
Last modified : 01/07/2004 18:06:57
Tracking Cookie Object recognized!
Type : File
Data : administrador@qksrv[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:38:18
Last accessed : 15/07/2004 22:56:16
Last modified : 10/06/2004 0:38:18
Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 10/06/2004 0:40:50
Last accessed : 15/07/2004 22:56:16
Last modified : 10/06/2004 0:40:50
Tracking Cookie Object recognized!
Type : File
Data : administrador@sexlist[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 17:58:04
Last accessed : 15/07/2004 22:56:16
Last modified : 01/07/2004 17:58:04
Tracking Cookie Object recognized!
Type : File
Data : administrador@tradedoubler[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 22:13:33
Last accessed : 15/07/2004 22:56:16
Last modified : 01/07/2004 22:13:33
Tracking Cookie Object recognized!
Type : File
Data : administrador@xxxcounter[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Configuración local\Temp\Cookies\
Created on : 01/07/2004 17:58:15
Last accessed : 15/07/2004 22:56:17
Last modified : 01/07/2004 17:58:15
Tracking Cookie Object recognized!
Type : File
Data : administrador@bfast[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 14/07/2004 23:35:02
Last accessed : 15/07/2004 22:57:07
Last modified : 14/07/2004 23:35:03
Tracking Cookie Object recognized!
Type : File
Data : administrador@doubleclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 15/07/2004 0:14:30
Last accessed : 15/07/2004 22:57:07
Last modified : 15/07/2004 0:15:43
Tracking Cookie Object recognized!
Type : File
Data : administrador@fastclick[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 14/07/2004 22:24:43
Last accessed : 15/07/2004 22:57:08
Last modified : 14/07/2004 22:24:57
Tracking Cookie Object recognized!
Type : File
Data : administrador@gator[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 14/07/2004 22:24:45
Last accessed : 15/07/2004 22:57:08
Last modified : 14/07/2004 22:24:58
Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 15/07/2004 0:16:06
Last accessed : 15/07/2004 22:57:08
Last modified : 15/07/2004 0:16:06
Tracking Cookie Object recognized!
Type : File
Data : administrador@hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 15/07/2004 0:16:03
Last accessed : 15/07/2004 22:57:08
Last modified : 15/07/2004 0:16:06
Tracking Cookie Object recognized!
Type : File
Data : administrador@paycounter[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 15/07/2004 0:28:01
Last accessed : 15/07/2004 22:57:08
Last modified : 15/07/2004 0:28:01
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (E:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for E:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (F:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for F:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (G:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for G:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Deep scanning and examining files (H:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for H:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 29
Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 29
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
PeopleOnPage Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0
PeopleOnPage Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~compoundinst0
PeopleOnPage Object recognized!
Type : File
Data : auf0.exe
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\
FileSize : 1471 KB
Created on : 14/01/2004 19:25:59
Last accessed : 15/07/2004 23:04:51
Last modified : 14/01/2004 19:27:02
PeopleOnPage Object recognized!
Type : File
Data : atla.dll
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 72 KB
FileVersion : 3.00.8449
ProductVersion : 6.00.8449
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows (ANSI)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 14/01/2004 20:23:10
Last accessed : 15/07/2004 23:04:51
Last modified : 14/01/2004 20:23:10
PeopleOnPage Object recognized!
Type : File
Data : atlw.dll
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 73 KB
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 14/01/2004 20:23:10
Last accessed : 15/07/2004 23:04:51
Last modified : 14/01/2004 20:23:10
PeopleOnPage Object recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : c:\docume~1\admini~1\config~1\temp\~apropos0\
FileSize : 1 KB
Created on : 14/01/2004 20:23:11
Last accessed : 15/07/2004 23:04:51
Last modified : 14/01/2004 20:23:11
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 36
1:04:53 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:19:55:519
Objects scanned :80720
Objects identified :36
Objects ignored :0
New objects :36
-------------------------------------------------------------------------------------
[ad-ware 6 log (17-07 00.55).TXT]
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :sábado, 17 de julio de 2004 0:42:02
Created with Ad-aware Personal, free for private use.
Using reference-file :01R332 12.07.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R332 12.07.2004
Internal build : 264
File location : C:\Archivos de programa\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1304680 Bytes
Signature data size : 1283888 Bytes
Reference data size : 20728 Bytes
Signatures total : 28484
Target categories : 10
Target families : 520
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:74 %
Total physical memory:261684 kb
Available physical memory:192540 kb
Total page file size:632856 kb
Available on page file:564420 kb
Total virtual memory:2097024 kb
Available virtual memory:2053092 kb
OS:Windows 2000
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
17-07-2004 0:42:02 - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 16-07-2004 22:37:55
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\SYSTEM32\
ThreadCreationTime : 16-07-2004 22:38:19
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 16-07-2004 22:38:26
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 16/07/2004 22:36:32
Last modified : 19/06/2003 19:05:04
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 16-07-2004 22:38:26
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : DLL de servidor y ejecutable LSA (versi
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Sistema operativo Microsoft(R) Windows(R) 2000
Created on : 02/09/2003 16:58:54
Last accessed : 16/07/2004 22:36:32
Last modified : 19/06/2003 19:05:04
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 16-07-2004 22:38:32
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 01/12/1999 8:40:16
Last accessed : 16/07/2004 22:38:32
Last modified : 01/12/1999 8:40:16
#:6 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 16-07-2004 22:38:34
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Instrumental de administraci
InternalName : WINMGMT
ProductName : Instrumental de administraci
Created on : 23/11/2003 1:15:57
Last accessed : 16/07/2004 22:38:34
Last modified : 19/06/2003 19:05:04
#:7 [userinit.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 16-07-2004 22:40:37
BasePriority : Normal
FileSize : 17 KB
FileVersion : 5.00.2195.6612
ProductVersion : 5.00.2195.6612
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Aplicaci
InternalName : userinit
OriginalFilename : USERINIT.EXE
ProductName : Sistema operativo Microsoft(R) Windows (R) 2000
Created on : 02/09/2003 16:58:57
Last accessed : 16/07/2004 22:40:37
Last modified : 19/06/2003 19:05:04
#:8 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 16-07-2004 22:40:39
BasePriority : Normal
FileSize : 238 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 22/11/2003 23:54:10
Last accessed : 16/07/2004 22:40:39
Last modified : 19/06/2003 19:05:04
#:9 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-aware 6\
ThreadCreationTime : 16-07-2004 22:41:47
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 26/06/2004 17:27:44
Last accessed : 16/07/2004 22:41:47
Last modified : 12/07/2003 20:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINNT\TEMP\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINNT\TEMP\sp.html"
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINNT\TEMP\sp.html"
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{30D24C24-EA2F-41FC-8BCF-4CAE6277F0E9}
CoolWebSearch Object recognized!
Type : File
Data : aok.dll
Category : Malware
Comment :
Object : c:\winnt\system32\
FileSize : 30 KB
Created on : 16/07/2004 16:11:36
Last accessed : 16/07/2004 21:55:56
Last modified : 16/07/2004 16:11:36
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{B15CB30E-1EAA-472F-BF70-ED1FD32C1EA2}
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain
CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : c:\winnt\system32\aok.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30D24C24-EA2F-41FC-8BCF-4CAE6277F0E9}
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 17
Objects found so far: 18
Deep scanning and examining files (A:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for A:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 18
Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : administrador@2o7[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 22:30:03
Last accessed : 16/07/2004 22:30:03
Last modified : 16/07/2004 22:30:03
Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 20:54:35
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 21:11:28
Tracking Cookie Object recognized!
Type : File
Data : administrador@atdmt[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 16:18:55
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 16:18:55
Tracking Cookie Object recognized!
Type : File
Data : administrador@doubleclick[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 20:34:50
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 20:34:54
Tracking Cookie Object recognized!
Type : File
Data : administrador@fastclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 17:00:42
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 17:00:42
Tracking Cookie Object recognized!
Type : File
Data : administrador@gator[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 16:57:43
Last accessed : 16/07/2004 22:46:44
Last modified : 16/07/2004 16:58:07
Tracking Cookie Object recognized!
Type : File
Data : administrador@mediaplex[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Administrador\Cookies\
Created on : 16/07/2004 20:34:51
Last accessed : 16/07/2004 22:46:45
Last modified : 16/07/2004 20:34:51
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (E:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for E:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (F:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for F:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (G:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for G:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Deep scanning and examining files (H:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for H:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 25
Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 25
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout
CoolWebSearch Object recognized!
Type : File
Data : sp.html
Category : Malware
Comment :
Object : c:\docume~1\admini~1\config~1\temp\
FileSize : 7 KB
Created on : 16/07/2004 16:17:48
Last accessed : 16/07/2004 22:26:06
Last modified : 16/07/2004 22:26:06
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 27
0:54:45 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:12:41:104
Objects scanned :79917
Objects identified :27
Objects ignored :0
New objects :27
-
tengo noticias nuevas:
resulta que he estado mirando un poco esto de los spyware y decidi bajarme dos programas : Cwshredder y X-Cleaner Freeware Version 2.0 y parece que el ordena me va mejor, tuve que cambiar la pagina de inicio pero de momento no me vuelto a infectar o que aparecieran los sintomas...
otra cosa, estoy pasando el adware y siempre me encuentra algo, aunq ya no me encuentra veintitantos que me encontraba antes. ahora solo 7, esto es normal o porque se produce que nunca esta limpio del todo ?
muchas gracias por todo ;)
-
es normal o porque se produce que nunca esta limpio del todo?
Si es normal, seguramente sólo sean cookies.
El Cwshredder está especialmente diseñada para eliminar de tu sistema todos los elementos de spyware relacionados con CoolWebSearch.
-
yo no se que tiene este ordenador pero es indescriptible, no pasa de un dia y ya me ha vuelto a pasarme!! tiene solucion antes de formatearlo??
yo no se que hare o que es lo q pasa que reactiva el espia!!!