Jump to content

Foto

icone vermelho com um x perto do relogio , spyware ou virus?



Existem 6 respostas neste tópico

#1 rewre    

rewre
  • Participante
  • 46 mensagens

Publicado 03 June 2005 - 01:14 AM

No canto inferio direito do meu PC está um incone vermelho com um x branco que fiak dando um alerta que estou infectado alguém sabe como retiro ele, é virus ou spyware ???


me ajudem por favorrrrrrrrrrrr

 

 




#2 XERLOUCO ROUMS    

XERLOUCO ROUMS

    Malwares Expert

  • Colaborador
  • 7017 mensagens

Publicado 03 June 2005 - 01:16 AM

Procedimento Padrão para a retirada do Hotoffers


 



#3 rewre    

rewre
  • Participante
  • 46 mensagens

Publicado 03 June 2005 - 11:45 AM

o meu log do hi jack this

Logfile of HijackThis v1.99.1
Scan saved at 09:36:51, on 3/6/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32shnlog.exe
C:WINDOWSSystem32hookdump.exe
C:WINDOWSSystem32intmon.exe
C:ARQUIV~1GrisoftAVGFRE~1avgamsvr.exe
C:ARQUIV~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSSystem32wuauclt.exe
C:Arquivos de programasInternet Exploreriexplore.exe
C:HjackThisHijackThis.exe


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.updatesearches.com/
F2 - REG'http://www.babooforum.com.br/idealbb/images/smilies/14.gifystem.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:WINDOWSSystem32hp9B74.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:arquivos de programasgooglegoogletoolbar2.dll
O4 - HKLM..Run: [MSN Messenger] C:WINDOWSSystem32msmsgs.exe
O4 - HKLM..Run: [PSGuard] C:Arquivos de programasPSGuardPSGuard.exe
O4 - HKCU..Run: [Intel system tool] C:WINDOWSSystem32hookdump.exe
O8 - Extra context menu item: &Google Search - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmtrans.html
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/5/s1//q.chm::/file.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLMSystemCCSServicesTcpip..{B408BD6A-8CE6-46E6-B049-A6CF7F886A36}: NameServer = 200.165.132.154
O20 - AppInit_DLLs:  c:windowssystem32hk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:ARQUIV~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:ARQUIV~1GrisoftAVGFRE~1avgupsvc.exe


 

 

fiz o scan pelo site da symatec eles detectaram mas não apagou 

me ensinem por favor

 


locaisTempvmstmpvmstmp.exe está


infectado com Adware.DelFin 
C:Documents and


SettingsParticularConfigurações


locaisTempB46203063build2.exe está


infectado com Spyware.ISearch 
C:Documents and SettingsfillipeDados


de aplicativostrte.exe está infectado


com Adware.Purityscan 



#4 Aoshi    

Aoshi
  • Participante
  • 889 mensagens

Publicado 03 June 2005 - 04:06 PM

[quote]Data: 3/6/2005
Autor: rewre

 

fiz o scan pelo site da symatec eles detectaram mas não apagou 

me ensinem por favor

 

locaisTempvmstmpvmstmp.exe está


infectado com Adware.DelFin
Chttp://www.babooforum.com.br/idealbb/images/smilies/2.gif



#5 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65240 mensagens

Publicado 03 June 2005 - 04:40 PM

Desabilite a Restauração do Sistema,entre em Modo de Segurança:

 


 

Delete

C:WINDOWSSystem32shnlog.exe


C:WINDOWSSystem32hookdump.exe


C:WINDOWSSystem32intmon.exe


C:WINDOWSSystem32wuauclt.exe


FiX em:


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.updatesearches.com/


F2 - REG ystem.ini: Shell=Explorer.exe, msmsgs.exe

O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:WINDOWSSystem32hp9B74.tmp


O4 - HKLM..Run: [MSN Messenger] C:WINDOWSSystem32msmsgs.exe


O4 - HKCU..Run: [Intel system tool] C:WINDOWSSystem32hookdump.exe


O8 - Extra context menu item: &Google Search - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:arquivos de programasgoogleGoogleToolbar2.dll/cmtrans.html

 

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/5/s1//q.chm::/file.exe

 

O20 - AppInit_DLLs:  c:windowssystem32hk.dll

 

Reinicie em Modo Normal, faça uma Limpeza Geral com este Programa

 


 

Poste um novo Log

 



#6 rewre    

rewre
  • Participante
  • 46 mensagens

Publicado 03 June 2005 - 06:22 PM

como você pediu aqui esta o log depois de ter seguido todos os passos , agradeço por tudo que você fez e agradeeço a toda equipe baboo


Logfile of HijackThis v1.99.1
Scan saved at 18:23:11, on 3/6/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes: 
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ARQUIV~1GrisoftAVGFRE~1avgamsvr.exe
C:ARQUIV~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSSystem32svchost.exe
C:Arquivos de programasInternet Exploreriexplore.exe
C:Arquivos de programasMSN Messengermsnmsgr.exe
C:HjackThisHijackThis.exe


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:arquivos de programasgooglegoogletoolbar2.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec antivírus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLMSystemCCSServicesTcpip..{B408BD6A-8CE6-46E6-B049-A6CF7F886A36}: NameServer = 200.165.132.154
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:ARQUIV~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:ARQUIV~1GrisoftAVGFRE~1avgupsvc.exe


 muito obrigado mesmo http://www.babooforu.../smilies/16.gif



#7 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65240 mensagens

Publicado 03 June 2005 - 07:03 PM


 

Está funcionando tudo direitinho agora?