Antivirus Pro 2010
Publicado: Mar Nov 03, 2009 2:43 pm
Eliminado completamente con Malwarebytes Antimalware
Malwarebytes' Anti-Malware 1.41
Database version: 3092
Windows 5.1.2600 Service Pack 2
11/3/2009 8:15:37 AM
mbam-log-2009-11-03 (08-15-37).txt
Scan type: Quick Scan
Objects scanned: 103769
Time elapsed: 5 minute(s), 18 second(s)
Memory Processes Infected: 8
Memory Modules Infected: 4
Registry Keys Infected: 3
Registry Values Infected: 15
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 38
Memory Processes Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert)
C:\WINDOWS\9129837.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv491254042811.exe (Trojan.Proxy)
C:\Documents and Settings\Sales & Marketing\Application Data\seres.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\svcst.exe (Rogue.AntiVirusPro)
C:\WINDOWS\SYSTEM32\qtplugin.exe (Rootkit.Agent)
C:\Documents and Settings\Sales & Marketing\restorer32_a.exe (Trojan.FakeAlert)
C:\WINDOWS\SYSTEM32\restorer32_a.exe (Trojan.FakeAlert)
Memory Modules Infected:
C:\WINDOWS\SYSTEM32\tftp.nfo (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antiviruspro_2010 (Rogue.AntiVirusPro2010)
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Trojan.FakeAlert)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Proxy)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Rogue.AntiVirusPro)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Rogue.AntiVirusPro)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent)
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter)
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.crt\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe tftp.nfo beforegllav) Good: (Explorer.exe)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
Folders Infected:
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\data (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010)
Files Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert)
C:\WINDOWS\9129837.exe (Trojan.Agent)
C:\WINDOWS\SYSTEM32\tftp.nfo (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Temp\wpv491254042811.exe (Trojan.Proxy)
C:\Documents and Settings\Sales & Marketing\Application Data\lizkavd.exe (Trojan.FakeAlert)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader)
C:\WINDOWS\SYSTEM32\_scui.cpl (Trojan.FakeAlert)
C:\WINDOWS\Temp\wpv391254259302.exe (Trojan.Sasfis)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\19B.tmp (Trojan.Downloader)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\~TM198.tmp (Trojan.Downloader)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temporary Internet Files\Content.IE5\T6UR1VT6\load[1].exe (Trojan.Downloader)
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Uninstall.exe (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\wscui.cpl (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\data\daily.cvd (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Application Data\seres.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\svcst.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\wiaserva.log (Malware.Trace)
C:\WINDOWS\SYSTEM32\qtplugin.exe (Rootkit.Agent)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\BN5.tmp (Trojan.Agent)
C:\WINDOWS\Temp\wpv321252894422.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv631253926400.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv711252921009.exe (Trojan.Agent)
C:\Documents and Settings\Sales & Marketing\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace)
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart)
C:\Documents and Settings\Sales & Marketing\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\restorer32_a.exe (Trojan.FakeAlert)
C:\WINDOWS\SYSTEM32\restorer32_a.exe (Trojan.FakeAlert)
Malwarebytes' Anti-Malware 1.41
Database version: 3092
Windows 5.1.2600 Service Pack 2
11/3/2009 8:15:37 AM
mbam-log-2009-11-03 (08-15-37).txt
Scan type: Quick Scan
Objects scanned: 103769
Time elapsed: 5 minute(s), 18 second(s)
Memory Processes Infected: 8
Memory Modules Infected: 4
Registry Keys Infected: 3
Registry Values Infected: 15
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 38
Memory Processes Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert)
C:\WINDOWS\9129837.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv491254042811.exe (Trojan.Proxy)
C:\Documents and Settings\Sales & Marketing\Application Data\seres.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\svcst.exe (Rogue.AntiVirusPro)
C:\WINDOWS\SYSTEM32\qtplugin.exe (Rootkit.Agent)
C:\Documents and Settings\Sales & Marketing\restorer32_a.exe (Trojan.FakeAlert)
C:\WINDOWS\SYSTEM32\restorer32_a.exe (Trojan.FakeAlert)
Memory Modules Infected:
C:\WINDOWS\SYSTEM32\tftp.nfo (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antiviruspro_2010 (Rogue.AntiVirusPro2010)
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Trojan.FakeAlert)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Proxy)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Rogue.AntiVirusPro)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Rogue.AntiVirusPro)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent)
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter)
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.crt\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe tftp.nfo beforegllav) Good: (Explorer.exe)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
Folders Infected:
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\data (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010)
Files Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert)
C:\WINDOWS\9129837.exe (Trojan.Agent)
C:\WINDOWS\SYSTEM32\tftp.nfo (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Temp\wpv491254042811.exe (Trojan.Proxy)
C:\Documents and Settings\Sales & Marketing\Application Data\lizkavd.exe (Trojan.FakeAlert)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader)
C:\WINDOWS\SYSTEM32\_scui.cpl (Trojan.FakeAlert)
C:\WINDOWS\Temp\wpv391254259302.exe (Trojan.Sasfis)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\19B.tmp (Trojan.Downloader)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\~TM198.tmp (Trojan.Downloader)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temporary Internet Files\Content.IE5\T6UR1VT6\load[1].exe (Trojan.Downloader)
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Uninstall.exe (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\wscui.cpl (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\data\daily.cvd (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Application Data\seres.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\svcst.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\wiaserva.log (Malware.Trace)
C:\WINDOWS\SYSTEM32\qtplugin.exe (Rootkit.Agent)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\BN5.tmp (Trojan.Agent)
C:\WINDOWS\Temp\wpv321252894422.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv631253926400.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv711252921009.exe (Trojan.Agent)
C:\Documents and Settings\Sales & Marketing\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace)
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart)
C:\Documents and Settings\Sales & Marketing\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\restorer32_a.exe (Trojan.FakeAlert)
C:\WINDOWS\SYSTEM32\restorer32_a.exe (Trojan.FakeAlert)
