Foro de LeThe Online y Joshua Marius

Publicado: **Mar Sep 03, 2013 5:32 pm**

Otra infeccion...log de Malwarebytes abajo:

Imagen

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\‮etadpug (Trojan.Zaccess) Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.Zaccess)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.FakeAlert.RRE) Data: C:\ProgramData\ag37nhV3\ag37nhV3.exe
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.FakeAlert.RRE) Data: C:\ProgramData\ag37nhV3\ag37nhV3.exe

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) Bad: (1) Good: (0)
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) Bad: (1) Good: (0)
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) Bad: (1) Good: (0)

Folders Detected: 3
C:\Users\NLiwski\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy)
C:\Users\NLiwski\AppData\Roaming\OpenCandy\0A8DAE3B3CF84BCBA425F06C15EA2B56 (PUP.Optional.OpenCandy)
C:\Users\NLiwski\AppData\Roaming\OpenCandy\1208230EAA864CD68826D92E244576F4 (PUP.Optional.OpenCandy)

Files Detected: 19
C:\ProgramData\ag37nhV3\ag37nhV3.exe (Trojan.FakeAlert.RRE)
C:\ProgramData\ag37nhV3\1898317926637210375.exe (Trojan.Agent.RRE)
C:\Windows\Temp\167482.exe (Trojan.FakeAlert.RRE)
C:\Users\Administrator\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity)
C:\Users\dpierson\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity)
C:\Users\FaithFormation\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity)
C:\Users\olmcadmin\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity)
C:\Users\Owner\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity)
C:\Users\Reception\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity)
C:\Users\sysadmin\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity)
C:\Windows\System32\config\systemprofile\Desktop\Antivirus Security Pro support.url (Rogue.AntiVirusSecurity)
C:\Windows\System32\config\systemprofile\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity)
c:\program files\google\desktop\install\{7f00a8a8-8873-45ba-ec52-2ce0d74e2a53}\ \...\‮ﯹ๛\{7f00a8a8-8873-45ba-ec52-2ce0d74e2a53}\googleupdate.exe (Trojan.Zaccess)