Hola amigos, hoy me encontre con que tenía un virus muy desagradable en mi pc: Comenzó cuando ponía un USB y mi antivirus detectaba muchas cosas como virus. Luego empeoró, ya que al hacer una revisión con él (avast! antivirus) encontré una cantidad bestial de amenazas, muchas de las cuales no parecían serlo. Entre estas "amenazas" habían archivos como "CCleaner.exe", "cmd.exe", "FacebookVideoCalling.exe", "notepad.exe" (2 veces), "photoshop.exe", "regedit.exe" (2 veces), "VisualVoyAdvance.exe", y un laaaaaaaaaaaaargo etc. Por lo demás, trate de ejecutar un antimalware que está disfrazado como "iExplorer.exe" y no me deja activarlo. Cuando ejecuté el Malwarebytes Anti-Malware muchas veces la alarma del antivirus saltaba indicando la presencia de amenazas. Cuando trataba de ejecutar componentes como el Administrador de tareas (desde Ctrl+Alt+Del y ejecutar como "taskmgr"), notepad, msconfig, cmd y quien sabe que más, no podía, ya que salía que dicho programa no existía. Ah, lo otro: Intente ejecutar windows en modo seguro apretando F8 al inicio del sistema, y no podia. Salía una pantalla azul que indicaba que tal vez el PC estaba infectado de virus. Me ha pasado que he tenido que instalar programas varias veces: Al ejecutarlos el antivirus los bloquea, pero al bajarlos denuevo y analizarlos (muchas veces de la misma página), no detecta amenaza alguna. Traté de restaurar el sistema y no lo pude arreglar. Espero que me puedan ayudar a erradicar este virus sin necesidad de formatear. Un saludo.
Dependiendo de la familia del virus, este puede infectar los .exe dejandolos corruptos e inservibles, en este caso lo mejor es reinstalar el sistema operativo. Ahora, como posible solucion te recomiendo lo siguiente: Descarga este software (presiona donde dice Download now) y ejecutalo --> http://www.bleepingcomputer.com/download/anti-virus/combofix Si todo va bien ya deberias estar "limpio" y podrias correr un antivirus (en lo personal avira) Si el virus no te deja ejecutar el software, deberemos detener su proceso antes, para eso necesito mas información asi que de momento intenta bajar el software. Saludos
Ejecuté el ComboFix... la primera vez cuando iba poco más de la mitad apareció el error de "windows (bla bla bla) Enviar/No Enviar... luego lo volvi a ejecutar, y se quedo pegado casi al final... copio y pego lo qe aparecio en el programa por si acaso: Spoiler Output folder: C:\32788R22FWJFWDelete file: C:\32788R22FWJFW\023.dat Delete file: C:\32788R22FWJFW\023v.dat Delete file: C:\32788R22FWJFW\023w7.dat Delete file: C:\32788R22FWJFW\ActiveDrv.vbs Delete file: C:\32788R22FWJFW\AppDataFile.cfx Delete file: C:\32788R22FWJFW\AppDataFolder.cfx Delete file: C:\32788R22FWJFW\appinit.bad Delete file: C:\32788R22FWJFW\asp.str Delete file: C:\32788R22FWJFW\Assoc.cmd Delete file: C:\32788R22FWJFW\Auto-RC.cmd Delete file: C:\32788R22FWJFW\av.cmd Delete file: C:\32788R22FWJFW\av.vbs Delete file: C:\32788R22FWJFW\AWF.cmd Delete file: C:\32788R22FWJFW\badclsid.c Delete file: C:\32788R22FWJFW\BFE.dat Delete file: C:\32788R22FWJFW\Boot-Rk.cmd Delete file: C:\32788R22FWJFW\Boot.bat Delete file: C:\32788R22FWJFW\BootDrv.vbs Delete file: C:\32788R22FWJFW\c.bat Delete file: C:\32788R22FWJFW\Catch-sub.cmd Delete file: C:\32788R22FWJFW\catchme.3XE Delete file: C:\32788R22FWJFW\CF-Script.cmd Delete file: C:\32788R22FWJFW\clsid.c Delete file: C:\32788R22FWJFW\Combo-Fix.sys Delete file: C:\32788R22FWJFW\Combobatch.bat Delete file: C:\32788R22FWJFW\ComboFix-Download.3XE Delete file: C:\32788R22FWJFW\Create.cmd Delete file: C:\32788R22FWJFW\Creg.dat Delete file: C:\32788R22FWJFW\CregC.cmd Delete file: C:\32788R22FWJFW\CregC.dat Delete file: C:\32788R22FWJFW\dd.3XE Delete file: C:\32788R22FWJFW\ddsDo.sed Delete file: C:\32788R22FWJFW\DelClsid.bat Delete file: C:\32788R22FWJFW\DelClsid64.bat Delete file: C:\32788R22FWJFW\desktop.ini Delete file: C:\32788R22FWJFW\DesktopFile.cfx Delete file: C:\32788R22FWJFW\Dnl.dat Delete file: C:\32788R22FWJFW\DPF.str Delete file: C:\32788R22FWJFW\DrvRun.vbs Delete file: C:\32788R22FWJFW\dumphive.3XE Delete file: C:\32788R22FWJFW\embedded.sed Delete file: C:\32788R22FWJFW\EN-US\iexplore.exe Remove folder: C:\32788R22FWJFW\EN-US\ Delete file: C:\32788R22FWJFW\ERDNT.e_e Delete file: C:\32788R22FWJFW\ERDNTDOS.LOC Delete file: C:\32788R22FWJFW\ERDNTWIN.LOC Delete file: C:\32788R22FWJFW\ERUNT.3XE Delete file: C:\32788R22FWJFW\ERUNT.LOC Delete file: C:\32788R22FWJFW\Exe.reg Delete file: C:\32788R22FWJFW\extract.3XE Delete file: C:\32788R22FWJFW\FavoriteFolder.cfx Delete file: C:\32788R22FWJFW\FavoritesFile.cfx Delete file: C:\32788R22FWJFW\FD-SV.cmd Delete file: C:\32788R22FWJFW\ffdefstr.dll Delete file: C:\32788R22FWJFW\FileKill.3XE Delete file: C:\32788R22FWJFW\files.pif Delete file: C:\32788R22FWJFW\Fin.dat Delete file: C:\32788R22FWJFW\FIND3M.bat Delete file: C:\32788R22FWJFW\firefox.exe Delete file: C:\32788R22FWJFW\FIXLSP.bat Delete file: C:\32788R22FWJFW\FKMGen.cmd Delete file: C:\32788R22FWJFW\GetHive.cmd Delete file: C:\32788R22FWJFW\grep.3XE Delete file: C:\32788R22FWJFW\gsar.3XE Delete file: C:\32788R22FWJFW\handle.3XE Delete file: C:\32788R22FWJFW\hidec.3XE Delete file: C:\32788R22FWJFW\history.bat Delete file: C:\32788R22FWJFW\hwid.pif Delete file: C:\32788R22FWJFW\iexplore.exe Delete file: C:\32788R22FWJFW\image001.gif Delete file: C:\32788R22FWJFW\Imefile.dat Delete file: C:\32788R22FWJFW\Install-RC.cmd Delete file: C:\32788R22FWJFW\katch.cmd Delete file: C:\32788R22FWJFW\Kill-All.cmd Delete file: C:\32788R22FWJFW\Ksvchost.vbs Delete file: C:\32788R22FWJFW\Lang.bat Delete file: C:\32788R22FWJFW\License\Curl - license.txt Delete file: C:\32788R22FWJFW\License\dumphive-license.txt Delete file: C:\32788R22FWJFW\License\EXTRACT.TXT Delete file: C:\32788R22FWJFW\License\FI - license.txt Delete file: C:\32788R22FWJFW\License\firefox.exe Delete file: C:\32788R22FWJFW\License\iexplore.exe Delete file: C:\32788R22FWJFW\License\mtee.txt Delete file: C:\32788R22FWJFW\License\ncmd.cfxxe Delete file: C:\32788R22FWJFW\License\pv_5_2_2.zip Delete file: C:\32788R22FWJFW\License\streamtools.zip Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.com Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.html Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.pif Delete file: C:\32788R22FWJFW\License\Zip - license.txt Remove folder: C:\32788R22FWJFW\License\ Delete file: C:\32788R22FWJFW\List-B.bat Delete file: C:\32788R22FWJFW\List-C.bat Delete file: C:\32788R22FWJFW\List-D.bat Delete file: C:\32788R22FWJFW\List.bat Delete file: C:\32788R22FWJFW\lnkread.vbs Delete file: C:\32788R22FWJFW\LocalAppDataFile.cfx Delete file: C:\32788R22FWJFW\LocalAppDataFolder.cfx Delete file: C:\32788R22FWJFW\LocalService.dat Delete file: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat Delete file: C:\32788R22FWJFW\LocalSettingsFile.cfx Delete file: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat Delete file: C:\32788R22FWJFW\mbr.3XE Delete file: C:\32788R22FWJFW\mbr.chk Delete file: C:\32788R22FWJFW\md5sum.pif Delete file: C:\32788R22FWJFW\md5sum00.pif Delete file: C:\32788R22FWJFW\MoveIt.bat Delete file: C:\32788R22FWJFW\MpsSvc.dat Delete file: C:\32788R22FWJFW\mtee.3XE Delete file: C:\32788R22FWJFW\mynul.dat Delete file: C:\32788R22FWJFW\n.pif Delete file: C:\32788R22FWJFW\ncmd.com Delete file: C:\32788R22FWJFW\ndis_combofix.dat Delete file: C:\32788R22FWJFW\ND_.bat Delete file: C:\32788R22FWJFW\ND_64.bat Delete file: C:\32788R22FWJFW\netsvc.bad.dat Delete file: C:\32788R22FWJFW\netsvc.dat Delete file: C:\32788R22FWJFW\netsvc.vista.dat Delete file: C:\32788R22FWJFW\netsvc.xp.dat Delete file: C:\32788R22FWJFW\NetworkService.dat Delete file: C:\32788R22FWJFW\NirCmd.3XE Delete file: C:\32788R22FWJFW\NirCmd.chm Delete file: C:\32788R22FWJFW\NirCmdC.3XE Delete file: C:\32788R22FWJFW\NT-OS.cmd Remove folder: C:\32788R22FWJFW\N_\ Delete file: C:\32788R22FWJFW\OSid.vbs Delete file: C:\32788R22FWJFW\P.cmd Delete file: C:\32788R22FWJFW\pausep.3XE Delete file: C:\32788R22FWJFW\PersonalFile.cfx Delete file: C:\32788R22FWJFW\PersonalFolder.cfx Delete file: C:\32788R22FWJFW\pev.3XE Delete file: C:\32788R22FWJFW\pevb.3XE Delete file: C:\32788R22FWJFW\Policies.dat Delete file: C:\32788R22FWJFW\powp.dat Delete file: C:\32788R22FWJFW\Prep.inf Delete file: C:\32788R22FWJFW\ProfilesFile.cfx Delete file: C:\32788R22FWJFW\ProfilesFolder.cfx Delete file: C:\32788R22FWJFW\ProgramsFile.cfx Delete file: C:\32788R22FWJFW\ProgramsFolder.cfx Delete file: C:\32788R22FWJFW\Purity.dat Delete file: C:\32788R22FWJFW\pv.com Delete file: C:\32788R22FWJFW\rar_sfx.cmd Delete file: C:\32788R22FWJFW\RCLink.dat Delete file: C:\32788R22FWJFW\REGDACL.sed Delete file: C:\32788R22FWJFW\RegDo.sed Delete file: C:\32788R22FWJFW\region.dat Delete file: C:\32788R22FWJFW\RegScan.cmd Delete file: C:\32788R22FWJFW\RegScan64.cmd Delete file: C:\32788R22FWJFW\restore_pt.vbs Delete file: C:\32788R22FWJFW\Rkey.cmd Delete file: C:\32788R22FWJFW\rmbr.3XE Delete file: C:\32788R22FWJFW\rogues.dat Delete file: C:\32788R22FWJFW\run2.sed Delete file: C:\32788R22FWJFW\Rust.str Delete file: C:\32788R22FWJFW\s0rt.3XE Delete file: C:\32788R22FWJFW\safeboot.dat Delete file: C:\32788R22FWJFW\safeboot.def.dat Delete file: C:\32788R22FWJFW\safeboot.def.vista.dat Delete file: C:\32788R22FWJFW\Safeboot.def.w7.dat Delete file: C:\32788R22FWJFW\sed.3XE Delete file: C:\32788R22FWJFW\SetEnvmt.bat Delete file: C:\32788R22FWJFW\setpath.3XE Delete file: C:\32788R22FWJFW\setpath_N.cmd Delete file: C:\32788R22FWJFW\SnapShot.cmd Delete file: C:\32788R22FWJFW\SRestore.cmd Delete file: C:\32788R22FWJFW\srizbi.md5 Delete file: C:\32788R22FWJFW\StartMenuFile.cfx Delete file: C:\32788R22FWJFW\StartMenuFolder.cfx Delete file: C:\32788R22FWJFW\StartUpFile.cfx Delete file: C:\32788R22FWJFW\SuppScan.cmd Delete file: C:\32788R22FWJFW\SvcDrv.vbs Delete file: C:\32788R22FWJFW\svchost.dat Delete file: C:\32788R22FWJFW\svchost.vista.dat Delete file: C:\32788R22FWJFW\svchost.vista.x64.dat Delete file: C:\32788R22FWJFW\svchost.w7.dat Delete file: C:\32788R22FWJFW\svchost.w7.x64.dat Delete file: C:\32788R22FWJFW\svc_wht.dat Delete file: C:\32788R22FWJFW\swreg.3XE Delete file: C:\32788R22FWJFW\swsc.3XE Delete file: C:\32788R22FWJFW\swxcacls.3XE Delete file: C:\32788R22FWJFW\system_ini.dat Delete file: C:\32788R22FWJFW\tail.3XE Delete file: C:\32788R22FWJFW\TemplatesFile.cfx Delete file: C:\32788R22FWJFW\TemplatesFolder.cfx Delete file: C:\32788R22FWJFW\toolbar.sed Delete file: C:\32788R22FWJFW\Update-CF.cmd Delete file: C:\32788R22FWJFW\VBR.pif Delete file: C:\32788R22FWJFW\VInfo Delete file: C:\32788R22FWJFW\VInfo2 Delete file: C:\32788R22FWJFW\VINFO3 Delete file: C:\32788R22FWJFW\Vipev.dat Delete file: C:\32788R22FWJFW\vistaMcode.dat Delete file: C:\32788R22FWJFW\vistareg.dat Delete file: C:\32788R22FWJFW\vun.dat Delete file: C:\32788R22FWJFW\VwinTemp.dacl Delete file: C:\32788R22FWJFW\w7Mcode.dat Delete file: C:\32788R22FWJFW\w7reg.dat Delete file: C:\32788R22FWJFW\Wmi_rem.vbs Delete file: C:\32788R22FWJFW\w_sock.dll Delete file: C:\32788R22FWJFW\XP.mac Delete file: C:\32788R22FWJFW\xpmcode.dat Delete file: C:\32788R22FWJFW\xpreg.dat Delete file: C:\32788R22FWJFW\XPSBoot.reg Delete file: C:\32788R22FWJFW\zDomain.dat Delete file: C:\32788R22FWJFW\zhsvc.dat Delete file: C:\32788R22FWJFW\zip.3XE Extract: 023.dat Extract: 023v.dat Extract: 023w7.dat Extract: AWF.cmd Extract: ActiveDrv.vbs Extract: AppDataFile.cfx Extract: AppDataFolder.cfx Extract: Assoc.cmd Extract: Auto-RC.cmd Extract: BFE.dat Extract: Boot-Rk.cmd Extract: Boot.bat Extract: BootDrv.vbs Extract: CF-Script.cmd Extract: Catch-sub.cmd Extract: Combo-Fix.sys Extract: ComboFix-Download.3XE Extract: Combobatch.bat Extract: Create.cmd Extract: Creg.dat Extract: CregC.cmd Extract: CregC.dat Extract: DPF.str Extract: DelClsid.bat Extract: DelClsid64.bat Extract: DesktopFile.cfx Extract: Dnl.dat Extract: DrvRun.vbs Extract: ERDNT.e_e Extract: ERDNTDOS.LOC Extract: ERDNTWIN.LOC Extract: ERUNT.3XE Extract: ERUNT.LOC Extract: Exe.reg Extract: FD-SV.cmd Extract: FIND3M.bat Extract: FIXLSP.bat Extract: FKMGen.cmd Extract: FavoriteFolder.cfx Extract: FavoritesFile.cfx Extract: FileKill.3XE Extract: Fin.dat Extract: GetHive.cmd Extract: Imefile.dat Extract: Install-RC.cmd Extract: Kill-All.cmd Extract: Ksvchost.vbs Extract: Lang.bat Extract: List-B.bat Extract: List-C.bat Extract: List-D.bat Extract: List.bat Extract: LocalAppDataFile.cfx Extract: LocalAppDataFolder.cfx Extract: LocalService.dat Extract: LocalServiceNetworkRestricted.dat Extract: LocalSettingsFile.cfx Extract: LocalSystemNetworkRestricted.dat Extract: MoveIt.bat Extract: MpsSvc.dat Extract: ND_.bat Extract: ND_64.bat Extract: NT-OS.cmd Extract: NetworkService.dat Extract: NirCmd.3XE Extract: NirCmd.chm Extract: NirCmdC.3XE Extract: NirScript.dat Extract: OSid.vbs Extract: P.cmd Extract: PersonalFile.cfx Extract: PersonalFolder.cfx Extract: Policies.dat Extract: Prep.inf Extract: ProfilesFile.cfx Extract: ProfilesFolder.cfx Extract: ProgramsFile.cfx Extract: ProgramsFolder.cfx Extract: Purity.dat Extract: RCLink.dat Extract: REGDACL.sed Extract: RegDo.sed Extract: RegScan.cmd Extract: RegScan64.cmd Extract: Rkey.cmd Extract: Rust.str Extract: SRestore.cmd Extract: Safeboot.def.w7.dat Extract: SetEnvmt.bat Extract: SnapShot.cmd Extract: StartMenuFile.cfx Extract: StartMenuFolder.cfx Extract: StartUpFile.cfx Extract: SuppScan.cmd Extract: SvcDrv.vbs Extract: TemplatesFile.cfx Extract: TemplatesFolder.cfx Extract: Update-CF.cmd Extract: VBR.pif Extract: VINFO3 Extract: VInfo Extract: VInfo2 Extract: Vipev.dat Extract: VwinTemp.dacl Extract: Wmi_rem.vbs Extract: XPSBoot.reg Extract: appinit.bad Extract: asp.str Extract: av.cmd Extract: av.vbs Extract: badclsid.c Extract: c.bat Extract: catchme.3XE Extract: clsid.c Extract: dd.3XE Extract: ddsDo.sed Extract: dumphive.3XE Extract: embedded.sed Extract: extract.3XE Extract: ffdefstr.dll Extract: files.pif Extract: firefox.exe Extract: fl0.bat Extract: grep.3XE Extract: gsar.3XE Extract: handle.3XE Extract: hidec.3XE Extract: history.bat Extract: hwid.pif Extract: iexplore.exe Extract: image001.gif Extract: katch.cmd Extract: lnkread.vbs Extract: mbr.3XE Extract: mbr.chk Extract: md5sum.pif Extract: md5sum00.pif Extract: mtee.3XE Extract: mynul.dat Extract: n.pif Extract: ncmd.com Extract: ndis_combofix.dat Extract: netsvc.bad.dat Extract: netsvc.dat Extract: netsvc.vista.dat Extract: netsvc.xp.dat Extract: pausep.3XE Extract: pev.3XE Extract: pevb.3XE Extract: powp.dat Extract: pv.com Extract: region.dat Extract: restore_pt.vbs Extract: rmbr.3XE Extract: rogues.dat Extract: run2.sed Extract: s0rt.3XE Extract: safeboot.dat Extract: safeboot.def.dat Extract: safeboot.def.vista.dat Extract: sed.3XE Extract: setpath.3XE Extract: srizbi.md5 Extract: svc_wht.dat Extract: svchost.dat Extract: svchost.vista.dat Extract: svchost.vista.x64.dat Extract: svchost.w7.dat Extract: svchost.w7.x64.dat Extract: swreg.3XE Extract: swsc.3XE Extract: swxcacls.3XE Extract: system_ini.dat Extract: tail.3XE Extract: toolbar.sed Extract: vistaMcode.dat Extract: vistareg.dat Extract: vun.dat Extract: w7Mcode.dat Extract: w7reg.dat Extract: w_sock.dll Extract: xpmcode.dat Extract: xpreg.dat Extract: zDomain.dat Extract: zhsvc.dat Extract: zip.3XE Output folder: C:\32788R22FWJFW\EN-US Extract: iexplore.exe Output folder: C:\32788R22FWJFW\License Extract: Curl - license.txt Extract: EXTRACT.TXT Extract: FI - license.txt Extract: UnxUtilsDist.com Extract: UnxUtilsDist.html Extract: UnxUtilsDist.pif Extract: Zip - license.txt Extract: dumphive-license.txt Extract: firefox.exe Extract: iexplore.exe Extract: mtee.txt Extract: ncmd.cfxxe Extract: pv_5_2_2.zip Extract: streamtools.zip Output folder: C:\32788R22FWJFW\N_ Output folder: C:\32788R22FWJFW El Malwarebytes ya lo había usado... solo que en análisis rápido, y el antivirus que tengo salto un par de veces detectando en el Malwarebytes un elemento malicioso.
Y como te funciona ahora el equipo? notas alguna mejora? Te elimino bastantes archivos infectados, trata de pasar un ccleanner y actualiza tu antivirus. Espero te haya funcionado, Saludos
En verdad no se ve ninguna mejora tangible. De todas formas, eché a correr un scanner completo con el Malwarebytes; hasta ahora lleva 2 objetos detectados... De todas formas, aún sigo sin poder activar el taskmgr, cmd, registro y esas cosas, el mismo mensaje de "windows no puede encontrar el archivo"... cuando termine el malwarebytes pasaré el ccleaner, pero que puedo hacer para recuperar el taskmgr y esas cosas? Muchas gracias por tu ayuda
Si tienes un disco de Windows XP haz esto Cierra todos los programas Clic en "Menú Inicio", "Ejecutar". Escriba "sfc /scannow" (sin comillas) y presiona enter. Saldrá una ventana negra llamada: "Protección de archivos de Windows" Es probable que este te pida el CD de instalación.
Y no hay una forma de hacerlo sin el CD de instalación? Por lo demás, ayer hize un scanner completo con el Malwarebytes. Cuando terminó el scanner, el Avast dio 4 alertas de amezanas, todas tenían relación con el Malwarebytes. ¿Me recomiendas desinstalar el antivirus o qué?
Esperame se me ocurre algo, pero debo instalar el XP en una maquina virtual ya que solo uso win 7. te tengo una respuesta en 2 hrs app Saludos
Baja lo siguiente y ejecutalo http://cristianfuentes.cl/stuff/registro.reg Me comentas como te fue, lo otro lo que hicimos no mejora el rendimiento del sistema, si no que te limpia de virus. Respecto al Antivirus podrias bajar el Avira, almenos yo uso ese y me funciona bastante bien. Saludos
Lo bajé y lo ejecuté, pero igual no pude abrir el regedit desde ejecutar. De todas formas, pillé otra forma. Puse "regedit.exe" en el buscador de windows, y apareció un archivo denominado "48_regedit.exe" de igual forma, fui a la carpeta y encontré los archivos "60_taskmgr.exe", "9_cmd.exe" y todos los archivos que no podía abrir desde ejecutar. La carpeta donde encontré todos los archivos fue C:\WINDOWS\BricoPacks\SysFiles No sé si estos archivos en la carpeta se podran abrir desde ejecutar o aprovecharlos de alguna manera para recuperarlos. Saludos
Pero a ver... entendamos algo, no puedes abrir los archivos por que no se encuentran en el sistema o por que "estan bloqueados por el administrador" y los archivos que tienes en C:\WINDOWS\BricoPacks\SysFiles debes quitarle el numero y guion "60_" y copiarlos a C:\WINDOWS\ Me cuentas