To com virus

[Tash]

eu baixei um negocio aqui e o site tava escondido o link e eu abri ele pq era uma pasta ai fui em propriedades dele e tava la como arquivo proteçao de tela

ai passei o anti virus por um site no arquivo ai tinha virus nele
AVG 7.5.0.467 05.30.2007 PSW.Generic4.LMD
F-Secure 6.70.13030.0 05.30.2007 Trojan-PSW.Win32.Tibia.ag
Ikarus T3.1.1.8 05.30.2007 Trojan-Downloader.Win32.Small.dbv
Kaspersky 4.0.2.24 05.30.2007 Trojan-PSW.Win32.Tibia.ag
Norman 5.80.02 05.30.2007 W32/Tibia.FD
Webwasher-Gateway 6.0.1 05.30.2007 Win32.Malware.gen (suspicious)

e agora qq eu faço?? eu tirei o arquivo q era o nome pelo regedit, sera q ainda to com virus?/

[Ettelen]

Passa o anti-virus denovo pra ver o novo log...

[Tash]

mais o avast nao ta pegando

[Tash]

ae consegui excluir o arquivo! antes nao conseguia

consegui pq reniciei o pc

sera q to com virus??

[Ettelen]

Ops, desculpa cara, eu li desatentamente da primeira vez. Agora entendi.
Bem, vamos ver se ele está rodando no pc. Baixe o HiJackThis
salve ele na area de trabalho, execute-o e clique no primeiro botão "Do a scan and save a log file (ou algo assim)
Daí, na pasta que você salvou o arquivo vai aparecer um log no bloco de notas, posta esse log aqui pra mim...

(O download é seguro, do Linha Defensiva da Uol.)

[Tash]

Logfile of HijackThis v1.99.1
Scan saved at 16:02:35, on 30/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\Explorer*****
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv*****
C:\Arquivos de programas\Alwil Software\Avast4\ashServ*****
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp*****
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd*****
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr*****
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01*****
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched*****
C:\WINDOWS\system32\pctspk*****
C:\WINDOWS\services*****
C:\WINDOWS\system32\ctfmon*****
C:\Arquivos de programas\MSN Messenger\msnmsgr*****
C:\WINDOWS\system32\spoolsv*****
C:\WINDOWS\system32\nvsvc32*****
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService*****
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv*****
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv*****
C:\Arquivos de programas\Mozilla Firefox\firefox*****
C:\Tibia Global\Tibia*****
C:\Arquivos de programas\Internet Explorer\IEXPLORE*****
C:\WINDOWS\System32\WScript*****
C:\Documents and Settings\Administrador\Desktop\kav5.0.156_personal nb*****
C:\Arquivos de programas\Windows NT\Acessórios\WORDPAD*****
C:\Documents and Settings\Administrador\Desktop\HijackThis*****

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook*****
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg*****
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp*****
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd*****"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr*****"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9*****
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01*****
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched*****
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Arquivos de programas\AceGain\LiveUpdate\LiveUpdate*****
O4 - HKLM\..\Run: [PCTVOICE] pctspk*****
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [orcToByloLatwe] C:\WINDOWS\services*****
O4 - HKLM\..\Run: [KAVPersonal50] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav***** /minimize
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr*****" /background
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader*****
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl*****
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA*****
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL*****/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc*****
O23 - Service: Apache2 - Unknown owner - C:\AppServ\Apache\bin\Apache*****" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv*****
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ*****
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv*****" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv*****" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT*****
O23 - Service: kavsvc - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc*****
O23 - Service: mysql - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt***** (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService*****

[Ettelen]

Baixa o BankerFix e roda ele, faz todos os procedimentos que o programa mandar, reinicia e cria mais um log pra mim.

(BankerFix pela LinhaDefensiva também)

[Vitor Pinto]

ta com viruz vai no medico (oO')

[Tash]

e acho q consegui cara! coloquei o Kaspersky e ele detecto 2 virus xD

vlw ae!!

[Andrew thunder]

Primeiro acho que log é proibido a menos que seja por MP. Segundo, se o seu avast não está pegando, pode haver um killer no seu sistema, faça um scan online com o Ewido e veja os resultados.