1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Virus indetectado?

Discussão em 'Dúvidas e Suporte Técnico PC' iniciada por HoT-DoG, 22 de Agosto de 2005. (Respostas: 6; Visualizações: 754)

  1. HoT-DoG

    HoT-DoG Power Member

    Boas

    Tou aqui com um problema que me anda a moer a cabeça

    Tenho uns ficheiros a ser criados no meu disco, em várias pastas.. sao os ficheiros:

    autorun.inf e install.exe

    O autorun.inf aponta para o isntall.exe, de modo a que cada vez k abro a pasta.. o install.exe executa-se

    São criados pelo menos nas seguintes pastas: C:\ D:\ H:\ H:\Games\ D:\Programas Z:\


    O antivirus actualizado e o ad-aware actualizado.. scanam o ficheiro, e n apanham nada.. por vezes o antivirus la se lembra e diz k o ficheiro ta a tentar ser criado.. e diz k é um bot kualker, tento ver a info dele.. redireccioname para um site a dizer k o virus n existe..

    Ja apaguei todos os files do disco relacionados com install.exe e autorun,inf, apaguei cenas do registro, bootei com só as cenas que conheço no arranque.. e os ficheiros continuam a ser criados!!


    Antes de formatar o disco, queria saber se alguem sabe do que se trada, e se me pode ajudar.

    Obrigado
     
  2. DavidJamez

    DavidJamez Power Member

  3. HoT-DoG

    HoT-DoG Power Member

    TY davidjames

    Aqui está:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:14:45, on 22-08-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Executive Software\Diskeeper\DkService.exe
    D:\Program Files\No-IP\DUC20.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\PROGRA~1\Serv-U\SERVUD~1.EXE
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\RealVNC\VNC4\WinVNC4.exe
    D:\Program Files\MessengerPlus! 3\MsgPlus.exe
    D:\Program Files\Motherboard Monitor 5\MBM5.EXE
    D:\Program Files\Microsoft IntelliPoint\point32.exe
    D:\Program Files\D-Tools\daemon.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Serv-U\ServUTray.exe
    D:\WINDOWS\System32\svchost.exe
    C:\Programas\mIRC\mirc.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\nbpro\nbpro.exe
    D:\Program Files\Opera\Opera.exe
    D:\Program Files\teamspeak2_RC2\TeamSpeak.exe
    D:\Program Files\The All-Seeing Eye\eye.exe
    D:\WINDOWS\system32\mmc.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Executive Software\Diskeeper\DfrgNTFS.exe
    D:\Program Files\Executive Software\Diskeeper\DfrgNTFS.exe
    D:\Program Files\Executive Software\Diskeeper\DkIcon.exe
    D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
    G:\Rar$EX00.703\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [MBM 5] "D:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ServUTrayIcon] D:\Program Files\Serv-U\ServUTray.exe
    O4 - Startup: Speedtouch Connection.lnk = D:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
    O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{257D37CD-973A-4042-84DF-8AB9326B3D02}: NameServer = 194.65.100.117
    O20 - AppInit_DLLs: MsgPlusLoader.dll,wbsys.dll
    O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
    O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - D:\PROGRA~1\Serv-U\SERVUD~1.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Task Manager (TskMan) - Unknown owner - D:\WINDOWS\system32\TskMan.exe (file missing)
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
     
  4. DavidJamez

    DavidJamez Power Member

    abre este ficheiro e confirma a inserção de dados no registry.
    reinicia o pc e ve se volta a abrir o autorun kuando abres o disco
     
  5. HoT-DoG

    HoT-DoG Power Member

    nada :S continua a aparecer.

    ja o identifiquei com o NOD32 como sendo Win32/Robobot trojan, mas nao encontro a info de como parar que isto aconteça, nem sobre o que realmente acontece! para todos os efeitos o virus existe.. mas.. é desconhecido!
     
  6. gatohumano

    gatohumano I'm cool cuz I Fold

    experimenta pelo safemod
     
  7. Brave

    Brave Power Member

    Se quiseres ajuda avisa que eu resolvo-te isso pela assistencia remota do msn.
     

Partilhar esta Página