accès aux groupes de discussion, consultation et publication d'articles, recherche de "newsgroups"...
membres, identifiez-vous
ι-mail Mot de passe
nouveau ? mot de passe oubliι ?
Chargement... Chargement en cours...
Groupes franηais belges canadiens suisses internationaux Nιtiquette
Échangez opinions et commentaires dans les forums de discussion.

Re: [OT] Ayuda virus o S.P.M.

 [  Nouvelle Discussion Nouvelle discussion  |  Rιpondre au groupe Rιpondre au groupe  |  es.comp.virus ] 

Retour : Accueil du site es comp virus  


  Sujet:   Re: [OT] Ayuda virus o S.P.M.  
 De: a...@anda.es (noSign)
 Groupes: es.comp.virus
 Organisation: Servidor Publico ES
 Date: 24. May 2008, 23:07:38
 References: 1
Averigua que ejecutable utiliza el servicio svchost.exe con process explorer
http://www.microsoft.com/spain/technet/sysinternals/utilities/ProcessExplorer.mspx

Veras que pueden ser muchos servicios legales colgados de svchost.exe , pero uno
de ellos sera el culpable de la
conexion maliciosa

Luego eliminalo como primer paso en modo a prueba fallos

Analiza con Hijack this el log que te proporciona
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php#

Puedes colgarlo aqui si prefieres, aunque existen paginas y foros de ayuda sobre
HijackThis.

Un saludo
noSign


"PepeGotera >" <PepeGotera <nolo@doy.ya> escribiσ en el mensaje
news:part1of1.1.WQsBeSLh0HCEyA@ue.ph...
> Hola,
>
> a ver si me podιis echar una mano, que estoy un poco desesperaete.
>
> Pues el tema es que me ha entrado un virus, spyware, malware, etc...., NPI de
donde encasillarlo.
> El bichito hace apariciσn cuando detecta conexiσn con INET, intenta conectarse
a varios sitios, pero sobre todo a
"volikozo.info (67.210.97.77:80)". Tambiιn lo ha intentado hacia el puerto 25
(SMTP)
> en algunas ocasiones.
>
> El ejecutable que intenta la conexiσn es el svchost.exe.
>
> Le he pasado el Kaspersky, el AVG antivirus, y varios a AntiSpywares (de los
confiables).
>
> Tambiιn le he pasado un par de antivirus online  (por aquello de scanear desde
un sistema limpio)
>
> Tambiιn he instalado en otra particiσn (por aquello de scanear desde un
sistema limpio), y he escaneado y nada.
>
> ΏMe podιis indicar anti-spywares, anti-malwares, antivirus, etc.. σ una mezcla
de ellos para intentar cazar al
bichito?, que me tiene hasta los cojones.
>
> ADJUNTO TXT CON UN ESTRACTO DEL CORTAFUEGOS
>
> Cualquier ayuda es de agradecer ya que me tiene hasta los co......
>
> Un Saludo y gracias de antemano
> PepeGotera
>
> =ybegin line=128 size=6203 name=LOG Firewall.txt
>
ry|k33z|ymo}y3JJJJJz|y~ymyvy3no}~sxy333JJJJJzo|~yJ|owy~y3743333333374[[d\]d\\3
’™žX’3~mz3 ™–“•™€™X
“˜™333r~~z3374[[d]cdZ[3
>  ’™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374[[d_]d_\3 ’™žX’3~mz3
™–“•™€™X“˜™333r~~z3374[\d[]d\_3 ’™žX’3~mz3 ™–
“•™€™X“˜™3
> 33r~~z3374[\d\_d]\3 ’™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374[\d]`d_\3
’™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374[\d_`d[]3
’™žX’
> 3~mz3 ™–“•™€™X“˜™333r~~z3374[]d[_d^_3 ’™žX’3~mz3
™–“•™€™X“˜™333r~~z3374[]d[_d^a3 ’™žX’3~mz3Ÿ˜
“›‘™œ•X™—333r~~z3374[]
> d[_d^b3 ’™žX’3~mz3‘‘‘X™˜–“˜‹œ˜“˜‘˜žœX™—3r~~z333374[]d[_d_[3
’™žX’3~mz3‘‘‘Xž’‹Ž–
“•X™—33r~~z33374[]d[_d_c3 ’
> ™žX’3~mz3‘‘‘Xž’‹Ž–“•X™—33r~~z33374[]d[`dZZ3
’™žX’3~mz3–‹š‹’X™—333r~~z3374[]d[`dZZ3 ’
™žX’3~mz3‘‘‘X£šX™—333
> r~~z3374[]d[`dZ\3 ’™žX’3~mz3Ÿ˜–“•X™—333r~~z3374[]d[`dZa3
’™žX’3~mz3‘‘‘X’™žœŸ–
“•X™—33r~~z33374[]d[`d[Z3 ’™ž
> X’3~mz3‘‘‘XŸœ“˜‘^‹’X“˜™33r~~z33374[]d[`d[[3
’™žX’3~mz3–™›Ÿ“˜X˜ž333r~~z3374[]d[`d[`3 ’
™žX’3~mz3‘‘‘XœŸšœ™—™ž“
> ™˜X˜ž33r~~z33374[]d[`d[a3
’™žX’3~mz3‘‘‘X”™™—‹’X™—33r~~z33374[]d[`d[b3 ’™žX’3~mz3–‹š‹’
X™—333r~~z3374[]d[`d[c3
> ’™žX’3~mz3‘‘‘Xš‹“Ž–“•“˜‘X™—33r~~z33374[]d[`d\_3
’™žX’3~mz3‘‘‘X‹––‹Ž ‹˜ž‹‘X™—33r~~z33374[]d[`d]]3 ’
™žX’3~mz3‘
> ‘‘Xž™œ—š‹£X™—33r~~z33374[]d[`d]^3
’™žX’3~mz3‘‘‘X‘‹’X™—333r~~z3374[]d[`d]_3 ’
™žX’3~mz3\ZcX`\X`bX[c^333r~~z3374[]d
> [`d]`3 ’™žX’3~mz3‘‘‘Xž’‹Ž–“•X™—33r~~z33374[]d[`d]a3
’™žX’3~mz3Ÿ˜–“•X™—333r~~z3374[]d[`d^`3 ’
™žX’3~mz3œ
> ™ŸœW‹WŽ‹£X˜ž33r~~z33374[]d[`d^b3
’™žX’3~mz3‘‘‘X••‹–X˜ž33r~~z33374[]d[`d_\3 ’
™žX’3~mz3‹X‘Œš™˜™œX™—33r~~z33
> 374[]d]]d][3 ’™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374[]d_]d]`3 ’™žX’3~mz3
™–“•™€™X“˜™333r~~z3374[^d[ad^\3 ’
™žX’3~mz3 ™
> –“•™€™X“˜™333r~~z3374[^d[bdZ[3
’™žX’3~mz3Ÿ˜“›‘™œ•X™—333r~~z3374[^d[bdZ]3 ’™žX’3~mz3‘‘‘X™˜–“˜‹œ˜“˜
‘˜žœX™—3r~~z3
> 33374[^d[bdZ`3 ’™žX’3~mz3‘‘‘Xž’‹Ž–“•X™—33r~~z33374[^d[bdZ`3
’™žX’3~mz3‘‘‘Xž’‹Ž–
“•X™—33r~~z33374[^d[bdZa3 ’™
> žX’3~mz3–‹š‹’X™—333r~~z3374[^d[bdZb3
’™žX’3~mz3‘‘‘X£šX™—333r~~z3374[^d[bdZc3 ’™žX’3~mz3Ÿ˜–
“•X™—333r~~z337
> 4[^d[bd[Z3 ’™žX’3~mz3‘‘‘X’™žœŸ–“•X™—33r~~z33374[^d[bd[[3
’™žX’3~mz3‘‘‘XŸœ“˜‘^‹’X
“˜™33r~~z33374[^d[bd[\3 ’™
> žX’3~mz3–™›Ÿ“˜X˜ž333r~~z3374[^d[bd[^3
’™žX’3~mz3‘‘‘XœŸšœ™—™ž“™˜X˜ž33r~~z33374[^d[bd[^3 ’
™žX’3~mz3‘‘‘X”™™—‹’X
> ™—33r~~z33374[^d[bd[_3 ’™žX’3~mz3–‹š‹’X™—333r~~z3374[^d[bd[`3
’™žX’3~mz3‘‘‘Xš‹“Ž–“•“˜
‘X™—33r~~z33374[^d[bd\\3
> ’™žX’3~mz3‘‘‘X‹––‹Ž ‹˜ž‹‘X™—33r~~z33374[^d\\d[`3
’™žX’3~mz3‘‘‘Xž™œ—š‹£X™—33r~~z33374[^d\\d[a3 ’
™žX’3~mz3‘‘‘X
> ‘‹’X™—333r~~z3374[^d\\d[b3
’™žX’3~mz3\ZcX`\X`bX[c^333r~~z3374[^d\\d[c3 ’™žX’3~mz3‘‘‘Xž’‹Ž–
“•X™—33r~~z33374[^d\\
> d\^3 ’™žX’3~mz3Ÿ˜–“•X™—333r~~z3374[^d\\d]c3
’™žX’3~mz3œ™ŸœW‹WŽ‹£X˜ž33r~~z33374[^d\\d^c3 ’
™žX’3~mz3‘‘‘X•
> •‹–X˜ž33r~~z33374[^d\\d_b3
’™žX’3~mz3‹X‘Œš™˜™œX™—33r~~z33374[^d]`dZ\3 ’™žX’3~mz3 ™–“•™€™X
“˜™333r~~z3374[^d^
> `d]\3 ’™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374[bd]ad_b3
’™žX’3nz3\]cX\__X\__X\_Z3[cZZ333374[bd^_d_]3 ’
™žX’3~mz3 ™–“•™€
> ™X“˜™333r~~z3374[bd_`d^]3 ’™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374[cdZbd_^3
’™žX’3~mz3 ™–“•™€™X
“˜™333r~~z3374[cd\_dZb3 ’
> ™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374[cd]bd[a3 ’™žX’3~mz3
™–“•™€™X“˜™333r~~z3374[cd]bd[c3 ’™žX’3~mz3Ÿ˜
“›‘™œ•X™—333r~~
> z3374[cd]bd\\3 ’™žX’3~mz3‘‘‘X™˜–“˜‹œ˜“˜‘˜žœX™—3r~~z333374[cd]bd\]3
’™žX’3~mz3‘‘‘Xž’‹Ž–
“•X™—33r~~z33374[cd]bd
> \^3 ’™žX’3~mz3‘‘‘Xž’‹Ž–“•X™—33r~~z33374[cd]bd\_3
’™žX’3~mz3–‹š‹’X™—333r~~z3374[cd]bd\a3 ’
™žX’3~mz3‘‘‘X£š
> X™—333r~~z3374[cd]bd\b3 ’™žX’3~mz3Ÿ˜–“•X™—333r~~z3374[cd]bd]Z3
’™žX’3~mz3‘‘‘X’™žœŸ–
“•X™—33r~~z33374[cd]bd]]3
>  ’™žX’3~mz3‘‘‘XŸœ“˜‘^‹’X“˜™33r~~z33374[cd]bd]^3
’™žX’3~mz3–™›Ÿ“˜X˜ž333r~~z3374[cd]bd]`3 ’
™žX’3~mz3‘‘‘XœŸ
> šœ™—™ž“™˜X˜ž33r~~z33374[cd]bd]a3
’™žX’3~mz3‘‘‘X”™™—‹’X™—33r~~z33374[cd]bd]c3 ’™žX’3~mz3‘‘‘Xš‹“Ž–“•“˜
‘X™—33r~~z
> 33374[cd]bd]c3 ’™žX’3~mz3–‹š‹’X™—333r~~z3374[cd]bd^`3
’™žX’3~mz3‘‘‘X‹––‹Ž
‹˜ž‹‘X™—33r~~z33374[cd]bd^b3 ’™žX’
> 3~mz3‘‘‘Xž™œ—š‹£X™—33r~~z33374[cd]bd_Z3
’™žX’3~mz3‘‘‘X‘‹’X™—333r~~z3374[cd^ZdZ[3 ’
™žX’3~mz3\ZcX`\X`bX[c^333r~~z
> 3374[cd^ZdZ]3 ’™žX’3~mz3‘‘‘Xž’‹Ž–“•X™—33r~~z33374[cd^ZdZ^3
’™žX’3~mz3Ÿ˜–“•X™—333r~~z3374[cd^Zd[^3
’™žX’3
> ~mz3œ™ŸœW‹WŽ‹£X˜ž33r~~z33374[cd^Zd\Z3
’™žX’3~mz3‘‘‘X••‹–X˜ž33r~~z33374[cd^Zd\[3 ’
™žX’3~mz3‹X‘Œš™˜™œX™—3
> 3r~~z33374[cd^cd\c3 ’™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374\ZdZ[d\\3
’™žX’3~mz3 ™–“•™€™X“˜™333r~~z3374\Zd[cdZc3
’™žX’
> 3~mz3 ™–“•™€™X“˜™333r~~z3374\Zd]ad\c3 ’™žX’3~mz3
™–“•™€™X“˜™333r~~z3374\Zd_[d\_3 ’
™žX’3~mz3‘‘‘X£šX™—333r~~z3374\Zd
> _[d\_3 ’™žX’3~mz3Ÿ˜–“•X™—333r~~z3374\Zd_[d\_3
’™žX’3~mz3‘‘‘X’™žœŸ–“•X™—33r~~z33374\Zd_[d\_3 ’
™žX’3~mz3‘‘
> ‘XŸœ“˜‘^‹’X“˜™33r~~z33374\Zd_[d\_3
’™žX’3~mz3–™›Ÿ“˜X˜ž333r~~z3374\Zd_[d\_3 ’™žX’3~mz3–‹š‹’
X™—333r~~z3374\Z
> d_[d\_3 ’™žX’3~mz3‘‘‘Xž’‹Ž–“•X™—33r~~z33374\Zd_[d\_3
’™žX’3~mz3‘‘‘Xž’‹Ž–“•X™—33r~~z33374\Zd_[d\_3 
’™žX’3~
> mz3‘‘‘X™˜–“˜‹œ˜“˜‘˜žœX™—3r~~z333374\Zd_[d\_3
’™žX’3~mz3Ÿ˜“›‘™œ•X™—333r~~z3374\Zd_[d\_3 ’™žX’3~mz3 ™–
“•™€™X“˜™3
> 33r~~z3374\Zd_[d\`3 ’™žX’3~mz3‘‘‘XœŸšœ™—™ž“™˜X˜ž33r~~z33374\Zd_[d\`3
’™žX’3~mz3–‹š‹’
X™—333r~~z3374\Zd_[d\`3 ’™
> žX’3~mz3‘‘‘X”™™—‹’X™—33r~~z33374\Zd_[d\`3
’™žX’3~mz3‘‘‘Xš‹“Ž–“•“˜‘X™—33r~~z33374\Zd_[d][3 ’
™žX’3~mz3‘‘‘X‹––‹
> Ž ‹˜ž‹‘X™—33r~~z33374\Zd_[d][3
’™žX’3~mz3‘‘‘Xž™œ—š‹£X™—33r~~z33374\Zd_[d][3 ’
™žX’3~mz3\ZcX`\X`bX[c^333r~~z3374\Zd_
> [d][3 ’™žX’3~mz3‘‘‘X‘‹’X™—333r~~z3374\Zd_[d]\3
’™žX’3~mz3‘‘‘Xž’‹Ž–“•X™—33r~~z33374\Zd_[d]\3 ’
™žX’3~mz3Ÿ˜
> –“•X™—333r~~z3374\Zd_[d]\3 ’™žX’3~mz3–™‹–’™ž333r~~z3374\Zd_[d]\3
’™žX’3~mz3–™‹–’
™ž333r~~z3374\Zd_[d]a3 ’™žX
> ’3~mz3‹X‘Œš™˜™œX™—33r~~z33374\Zd_[d]a3
’™žX’3~mz3‘‘‘X••‹–X˜ž33r~~z33374\Zd_[d]a3 ’
™žX’3~mz3œ™ŸœW‹WŽ‹£X
> ˜ž33r~~z33374\Zd_[d]a3 ’™žX’3~mz3–™‹–’™ž333r~~z3333
> =yend size=6203 crc32=21850270
>


DateSujet  Auteur
24.05.
*   Re: [OT] Ayuda virus o S
noSign
24.05.
`* Re: [OT] Ayuda virus o S
c.b.
26.05.
 `* Re: [OT] Ayuda virus o S
noSign
26.05.
  `- Re: [OT] Ayuda virus o S
c.b.
Favoris Groupes favoris (0)
mot de passe cette fonctionnalitι est reservιe aux membres ayant une session active !
Rιcement visitιs Groupes rιcents (1)
dossier Pour commencer
dossier Selection thιmatique
dossier Hiιrarchie des Usenets
dossier Horoscope
dossier Mιtιo

Groups Explorer contact votre avis comment ηa marche? rechercher un groupe suggιrer un groupe abuse accueil du site   Imprimer cette page   Envoyer cette page ΰ un(e) ami(e)
Free counter and web stats