Aparecimento de Virus/Adaware: Win32/ PriceGongIE.dll que não sai

[lmcarpediem]

Boas noites, desde anteontem que se me deparou o seguinte problema no PC (que é de trabalho e contém o SO Windows XP 32b original e o antivírus Microsoft Security Essentials – MSE):

Apareceu-me uma janela do antivírus com o aviso de uma ameaça de Adware denominada “Win32/ PriceGongIE.dll” e, não consigo de forma alguma fazer desaparecer, remover, sei lá, este problema…

Fiz imediatamente correr o antivirús e remover a ameaça, mas reapareceu sempre, mesmo após os restarts feitos. Repeti uma e outra vez e, nada. Fiz correr o programa que tenho de anti malaware (o Malawarebytes – que foi precisamente aqui no fórum que me o aconselharam em tempos idos), mas nada feito, foi como se nada tivesse feito.

Fiz correr também o CC Cleaner duas vezes, sempre reiniciando o PC após cada tentativa destas todas que estou descrevendo, mas nada.

A janelinha do MSE antivírus, continua a aparecer sempre depois e, pelo que me apercebi após consulta em sites estrangeiros que efectuei (com o meu inglês apenas mediano), pude apurar não ser nada bom. Sendo um PC essencialmente de trabalho, tanto meu como da esposa, com bastantes coisas de grande responsabilidade no momento em curso, receio pelo que seja.

E por isso venho pedir a ajuda e orientação de alguém mais esclarecido nesta matéria. Agradeço por isso qualquer ajuda.

O descritivo na janela do antivírus (quando abrimos os “detalhes” deste Adaware) é o seguinte:

Categoria: Adware: Win32/ PriceGongIE.dll

Descrição: Este programa envia anúncios potencialmente indesejados para o computador.

Itens: file:c:\documents and settings\pm\Application Data\pricegong\Data\1.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\1.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\10.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\1707.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\1708.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\2140.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\2229.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\2620.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\2788.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\3374.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\371.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\4488.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\4489.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\5166.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\7251.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\7386.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\83.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\875.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\a.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\a.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\b.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\b.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\c.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\c.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\d.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\d.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\e.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\e.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\f.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\f.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\g.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\g.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\h.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\h.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\i.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\i.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\j.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\J.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\k.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\k.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\l.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\l.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\m.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\m.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\mru.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\n.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\n.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\o.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\o.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\p.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\p.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\q.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\q.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\r.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\r.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\s.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\s.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\t.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\t.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\u.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\u.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\v.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\v.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\w.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\w.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\wlu.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\x.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\x.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\y.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\y.xmlfile:c:\documents and settings\pm\Application Data\pricegong\Data\z.txtfile:c:\documents and settings\pm\Application Data\pricegong\Data\z.xmlfile:C:\Documents and Settings\PM\Definições locais\Application Data\WiseConvert_1.1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dllfolder:c:\documents and settings\pm\Application Data\pricegong\folder:c:\documents and settings\pm\Application Data\pricegong\Data\

Na página da internet a que o Anti Virus MSE faz ligação (Malware Protection Center), refere assim sobre isto:

“Adware:Win32/PriceGong is an adware program that displays certain deals related to search terms you enter in any webpage's search field.We detect Adware:Win32/PriceGong because it opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting.”

Obrigado.

Luís

 

[Blue Zee]

Corre o Malwarebytes Anti-Malware Free devidamente actualizado.
Faz uma verificação completa.

 

[lmcarpediem]

Obrigado pela atenção e resposta Blue, mas esse programa de anti-malaware é o que refiro acima que fiz correr. E ele está devidamente actualizado.

Pode me estar a escapar algo, só se te referires a uma outra qualquer versão que desconheço. Mas este que eu tenho está actualizado e, como digo acima, fiz correr várias vezes e reiniciando sempre depois o PC. Mas nada surtiu efeito.

 

[Blue Zee]

Esqueci-me de mencionar para correr em Modo de Segurança mas OK, corre o AdwCleaner e põe aqui o relatório final.

 

[lmcarpediem]

Fiz conforme disseste e saiu este relatório...
(é um pouco extenso)



AdwCleaner v2.108 - Logfile created 01/26/2013 at 02:20:37
# Updated 24/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : PM - CARPEDIEM
# Boot Mode : Normal
# Running from : C:\Documents and Settings\PM\Definições locais\Temporary Internet Files\Content.IE5\N1175OJU\AdwCleaner[1].exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Programas\Mozilla Firefox\.autoreg
File Deleted : C:\Programas\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\DOCUME~1\PM\DEFINI~1\Temp\BabylonToolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\PM\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\PM\Application Data\PriceGong
Folder Deleted : C:\Programas\Babylon
Folder Deleted : C:\Programas\Conduit
Folder Deleted : C:\Programas\uTorrentBar_PT
Folder Deleted : C:\Programas\WiseConvert_1.1
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DDFCC212-9D54-48B7-A0D0-A5023DDB5B79}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38146FFF-C9D9-40D9-8972-5878491B2C2F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{569C8C3C-C70B-42D6-9761-5DF4CD7D7818}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFCC212-9D54-48B7-A0D0-A5023DDB5B79}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\uTorrentBar_PT
Key Deleted : HKCU\Software\WiseConvert_1.1
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{38146FFF-C9D9-40D9-8972-5878491B2C2F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{569C8C3C-C70B-42D6-9761-5DF4CD7D7818}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDFCC212-9D54-48B7-A0D0-A5023DDB5B79}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3242335
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{166B9CF9-2C45-4DFC-9F4B-7FFF33F0EC54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91933247-BED0-479E-9D68-2246817C3CFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98EFD8D6-74B6-4DBA-A023-4AB752E906E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F31E68A-8489-4139-9FAB-39CF27EB4FA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_PT Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDFCC212-9D54-48B7-A0D0-A5023DDB5B79}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38146FFF-C9D9-40D9-8972-5878491B2C2F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{569C8C3C-C70B-42D6-9761-5DF4CD7D7818}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_PT Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.1 Toolbar
Key Deleted : HKLM\Software\uTorrentBar_PT
Key Deleted : HKLM\Software\WiseConvert_1.1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DDFCC212-9D54-48B7-A0D0-A5023DDB5B79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{DDFCC212-9D54-48B7-A0D0-A5023DDB5B79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DDFCC212-9D54-48B7-A0D0-A5023DDB5B79}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111358&babsrc=NT_ss&mntrId=b48e514e000000000000001e8c60f576 --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [7327 octets] - [26/01/2013 02:18:21]
AdwCleaner[S1].txt - [7143 octets] - [26/01/2013 02:20:37]
########## EOF - C:\AdwCleaner[S1].txt - [7203 octets] ##########

 

[lmcarpediem]

FIZ O RESTART - CONFORME O PROPRIO PROGRAMA PEDIU E ATE AGORA TUDO BEM, IREI VER AMANHA SE RESULTOU...

Obrigado pela ajuda, darei feedback da evolução aqui amanha.

Só achei estranho apos o download desse programa de anti malaware, não ter ficado nenhum logotipo no ambiente de trabalho para poder aceder a ele outra vez no futuro ou assim. Como acedo a ele caso seja necessario mais alguma vez (pressupondo que resolveu desta)?

 

[Blue Zee]

Pelo relatório, limpou isso e muito mais. Eventualmente pode voltar mas pelas mesmas razões anteriores: preso a qualquer coisa que instalas ou em algum site menos transparente.
Parece-me que em vez de descarregar, executaste o programa directamente da net porque foi executado da pasta de temporários do IE.

Tens que descarregar o programa e "guardar como" escolhendo o local para o gravares.
Assim podes correr as vezes que quiseres com a vantagem que se actualiza automaticamente sempre que necessário.