Help - Search - Members
Full Version: Ajuda com Trojan.Generic
Kaspersky Lab Forum > Fórum em Português > Vírus
ajudaeuu
3.01.2009 02:03
Por favor me ajudem...
Tenho 14 anos.. Meu nome é Breno.... Eu li uns tópicos para tirar o virus Trojan.Generic... Mas eu não entendi nada

Por Favor me ajudem... Eu li uns "trécos" de ComboFix que tira este virus.. Mas eu não entendi

Por Favor se eu chega pro meu pai e fala: "Pai pc ta com virus vai te que formata" ELE ME MATAAA

PLSS AJUDA =(

Eu uso o KIS ingles 2009... e não entendo muito bem em ingles... eu sou novo com o anti-virus...

O Kis detecta ele e ja enviou para quarentena.. mas não sei onde clica pra tira.. mas eu vi em um post que mesmo tirando pelo Kis ele volta...

O virus fica abrindo umas pop-ups pornos.. CiD... Mercado Livre..

ME AJUDEEEM!!!

e tambem... Ele Cria umas pasta nos Arquivos de Programa com um desisntalador estranho com o nome de "DENT FIRST WAIT" e outra de "Circle Developement"
ajudaeuu
3.01.2009 02:55
Eu descobri oque é o ComboFix

E Aqui vai o meu Log:

ComboFix 09-01-01.02 - OEM 2009-01-02 21:36:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1022.536 [GMT -2:00]
Executando de: c:\documents and settings\OEM\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-02 to 2009-01-02 ))))))))))))))))))))))))))))
.

2009-01-02 19:41 . 2009-01-02 19:41 <DIR> d-------- c:\arquivos de programas\DENT FIRST WAIT
2009-01-02 18:51 . 2009-01-02 20:02 <DIR> d-------- c:\documents and settings\OEM\Dados de aplicativos\DENT FIRST WAIT
2009-01-02 18:51 . 2009-01-02 19:42 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Mail For File Wave
2009-01-02 18:50 . 2009-01-02 18:50 <DIR> d-------- c:\arquivos de programas\Circle Developement
2009-01-01 20:22 . 2009-01-01 20:22 <DIR> d-------- c:\windows\system32\bits
2009-01-01 20:22 . 2009-01-01 20:22 <DIR> d-------- c:\windows\l2schemas
2009-01-01 20:19 . 2009-01-01 20:23 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-01 20:17 . 2007-04-17 07:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-01 20:17 . 2007-03-08 03:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-01 20:17 . 2008-10-16 18:23 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-01 20:17 . 2008-10-16 18:23 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-01 20:17 . 2008-10-16 11:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-01-01 20:16 . 2008-10-16 18:23 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-01 20:16 . 2008-10-16 18:23 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-01 20:16 . 2008-10-16 18:23 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-01 20:16 . 2008-10-16 18:23 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-01 20:15 . 2009-01-02 03:07 1,355 --a------ c:\windows\imsins.BAK
2009-01-01 20:11 . 2008-09-08 08:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-01 20:08 . 2008-09-15 13:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-01 20:07 . 2008-08-14 11:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-01 20:07 . 2008-08-14 11:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-01 20:07 . 2008-08-14 11:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-01 20:07 . 2008-08-14 11:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-01 20:06 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-01 20:06 . 2008-05-01 12:36 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-01-01 20:05 . 2008-04-11 17:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-01 20:04 . 2008-10-15 14:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-01 20:03 . 2008-09-04 15:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-01 19:56 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-01 19:56 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-01 19:56 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-30 05:25 . 2008-12-30 05:25 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-30 05:25 . 2008-12-30 05:25 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-30 05:24 . 2009-01-02 20:06 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2008-12-30 05:24 . 2008-12-30 05:24 <DIR> d-------- c:\arquivos de programas\Kaspersky Lab
2008-12-30 05:24 . 2009-01-02 21:38 2,971,168 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-30 05:24 . 2009-01-02 21:38 475,168 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-30 05:24 . 2009-01-02 21:38 25,340 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-30 05:24 . 2009-01-02 21:38 3,752 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-29 23:47 . 2008-12-30 02:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2008-12-29 23:15 . 2008-12-29 23:16 <DIR> d-------- c:\arquivos de programas\FireFox
2008-12-28 16:49 . 2008-12-28 16:49 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2008-12-28 07:49 . 2009-01-02 19:39 <DIR> d-------- c:\arquivos de programas\Messenger Plus! Live
2008-12-28 04:52 . 2008-12-28 04:52 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive
2008-12-22 18:50 . 2003-07-17 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-12-22 18:50 . 2005-01-01 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-12-22 18:49 . 2008-12-22 18:49 <DIR> d-------- C:\Program Files
2008-12-22 18:48 . 2008-12-22 18:48 <DIR> d-------- c:\arquivos de programas\OnGame

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 23:40 --------- d-----w c:\documents and settings\OEM\Dados de aplicativos\Skype
2009-01-02 20:46 --------- d-----w c:\documents and settings\OEM\Dados de aplicativos\skypePM
2009-01-02 05:02 --------- d-----w c:\arquivos de programas\Microsoft Works
2008-12-28 07:44 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller
2008-12-28 07:41 --------- d-----w c:\arquivos de programas\Windows Live
2008-12-09 19:29 --------- d-----w c:\arquivos de programas\Java
2008-11-27 20:21 --------- d-----w c:\arquivos de programas\Google
2008-11-15 20:05 --------- d-----w c:\arquivos de programas\AGEIA Technologies
2008-11-15 20:04 --------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-11-11 21:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
2008-11-11 18:48 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Steam"="d:\valve\steam.exe" [2008-11-29 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"file wave user bat"="c:\documents and settings\All Users\Dados de aplicativos\Mail For File Wave\eggs okay.exe" [2009-01-02 770048]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
--a------ 2006-02-17 11:40 270336 c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 15:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 15:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 08:43 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 15:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-11-14 07:21 16270848 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 08:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\Valve\\SteamApps\\atgod101\\condition zero\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Valve\\SteamApps\\atgod101\\counter-strike\\hl.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\Cabal\\CABAL Online (BRAZIL)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"d:\\Valve\\SteamApps\\mato606\\counter-strike source\\hl2.exe"=
"d:\\Valve\\SteamApps\\mato606\\counter-strike\\hl.exe"=
"d:\\Valve\\steam.exe"=
"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys []
S3 XDva205;XDva205;\??\c:\windows\system32\XDva205.sys []
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-01-02 c:\windows\Tasks\AE00A756919720FA.job
- c:\docume~1\oem\dadosd~1\dentfi~1\List one show.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-BIND SKIP - c:\docume~1\OEM\DADOSD~1\DENTFI~1\interstupidmeta.exe


.
------- Scan Suplementar -------
.
uStart Page = www.mysuperyes.com/mysuperyes/blazed/Black/aT%2BGod.php
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 21:40:06
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*NULL*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(2880)
c:\arquiv~1\WINDOW~2\wmpband.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\rundll32.exe
c:\arquivos de programas\Internet Explorer\iexplore.exe
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-01-02 21:42:40 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-01-02 23:42:35

Pré-execução: 11 pasta(s) 26.626.097.152 bytes disponíveis
Pós execução: 11 pasta(s) 26,647,613,440 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

197 --- E O F --- 2009-01-02 05:07:23
ajudaeuu
3.01.2009 05:04
Aqui vai uma imagem [desculpe pelo triple post]

http://img523.imageshack.us/img523/5373/imagemcd5.png
DonKid
3.01.2009 06:34
Você terá que atualizar os programas com as vulnerabilidades.
Leia um tutorial aqui.
Abra o seu KIS, clique Detected>Quarentine.
Envie os arquivos para análise.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.