virus alert!

Ezrael

Membro
pessoal recentemente, nao sei como nem porque, o maldito Virus Alert! que ja tem sido alvo de discuçao no forum alujou-se no meu pc...

problemas:
1 - menu iniciar nao funcionava
2 - qualquer tentativa de instalar qualquer antivirus ou antispyware nao resultava
3 - tentativa de actualizar o meu antivirus (trend micro internet security pro) nao resulta porque as ligações a sites de segurança estao bloqueadas
4 - as actualizaçoes automaticas estao desligadas e nao consigo ligar de novo

usei o HijackThis e tentei resolver todos os pontos a vermelho da analise, nao resolveu...

instalei uma versao do adware free que por acaso tinha e limpou umas coisas mas nao resolveu tb (nao consigo actualiza-lo porque nao consegue aceder ao servidor pra actualizar)

nao consigo instalar o spybot por isso fora de questao

usei smitfraudfix e sim resolveu quase todos os problemas... ja consigo instalar programas, o menu iniciar ta a bombar...

no entanto actualizações e acesso a sites de segurança tipo antivirus, spyware entre outros continuam a nao abrir, assim como as actualizaçoes automaticas do windows continuam sem ligar :005::005::005::005::005::005::005::005:

o Malwarebytes AntiMalware. nao consigo sequer abrir o site >(>(

deixo aqui o log do hijackthis e espero k possam ajudar

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:24, on 19-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programs\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programs\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Programs\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Programs\Java\jre1.6.0_07\bin\jusched.exe
C:\Programs\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programs\Trust\Trust R-Series Mouse\KMConfig.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\Programs\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programs\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Programs\Trust\Trust R-Series Mouse\KMProcess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programs\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Programs\Trend Micro\BM\TMBMSRV.exe
C:\Programas\SAGEM\SAGEM F@st 800-840 E4\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programs\TRENDM~1\INTERN~1\TmPfw.exe
C:\Programs\Trend Micro\Internet Security\TmProxy.exe
C:\Programs\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Programs\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
F:\PhoneConnectorVMC.exe
C:\Programas\vodafone\vmclite\vmc.exe
C:\Programs\Mozilla Firefox\firefox.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programs\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programs\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Programs\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programs\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programs\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programs\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [usyvppbroazhrcmn] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\rnlduxvpubjjkxr.dll"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VMCL] C:\Programas\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Player] C:\Documents and Settings\Marco Rodrigues\Application Data\Adobe\Player.exe
O4 - HKLM\..\Policies\Explorer\Run: [x74MkmORBY] C:\Documents and Settings\All Users\Application Data\dqpkxgru\rypgtqzg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840 E4\dslmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Programs\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programs\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programs\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programs\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programs\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{245F3AE0-0A23-4207-9A4E-3FBE706B80DC}: NameServer = 212.18.160.133 212.18.160.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{245F3AE0-0A23-4207-9A4E-3FBE706B80DC}: NameServer = 212.18.160.133 212.18.160.134
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programs\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programas\Ficheiros comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programs\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programs\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Programs\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programs\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Programs\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programs\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11239 bytes


desculpem mais um post sobre isto mas ja n sei o k fazer :(
 
Última edição:
Tenta isto:
(consciente que vais ser minha cobaia pois ainda não sei se funciona) :p

C:\Windows\system32\drivers\etc
e abre o hosts com o bloco de notas.
Deve parecer-se com algo deste género:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
Se existir algo entre as duas últimas linhas apaga.
Exemplo:
127.0.0.1 localhost
193.164.155.107 qqcoisa
216.49.94.13 qqcoisa

::1 localhost
E tenta aceder a um destes sites para fazer um scan online:
http://www.bitdefender.com/scan8/index.html
http://us.mcafee.com/root/mfs/default.asp?cid=13121
http://www.pandasecurity.com/activescan/index/
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://housecall.trendmicro.com/

Ou então, agora sim, actualizar o AV.

O que isto vai fazer é remover as limitações que o vírus impôs ao hosts.
(se for o caso, pois é apenas um palpite meu).

Diz como correu.
 
Quanto ao Malwarebytes Anti-Malware, porque não recorrer a um amigo para o descarregar, bem como as últimas definições, e usar uma pen para transferir e instalar?

Também deve tentar isto e depois colocar um novo log do HJT.

Boa sorte.

Zee
 
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Este é um ficheiro HOSTS de exemplo utilizado pelo TCP/IP da Microsoft
# para Windows.
#
# Este ficheiro contém os mapeamentos de endereços IP para nomes de
# anfitrião. Cada entrada deve ser mantida numa linha individual. O
# endereço IP deve ser colocado na primeira coluna, seguido do nome de
# anfitrião correspondente. O endereço IP e o nome do anfitrião devem
# ser separados por pelo menos um espaço.
#
# Adicionalmente, comentários (como estes) podem ser inseridos em linhas
# individuais ou após o nome de computador indicado por um símbolo '#'.
#
# Por exemplo:
#
# 102.54.94.97 rino.acme.com # servidor de origem
# 38.25.63.10 x.acme.com # anfitrião de cliente x

127.0.0.1 localhost



parece tudo normal

qt ao Malwarebytes Anti-Malware ja consegui sacar do baixaki mas continua desactualisado, vou correr mesmo desactualizado e ver no k da, tentar nao custa :p

se nao resultar logo digo mais alguma coisa :p

obrigado
 
Back
Topo