Necesito ayuda con este virus

hernanxpp · 2015-08-14T17:28:07-0500

Hola amigo de forobeta

Tengo un problema grave con un virus, avast no lo ha podido eliminar y ya me tiene cansado porque me
esta bloqueando una pagina en le que estoy trabajando.

Lo que esta haciendo el virus es colocarme una pagina distinta en la que trabajo como cuando uno
entra a las paginas o dominios que tienen parqueados y solo aparece publicidad o como resultados
de una busqueda

Cuando intento compartir un articulo en google+ me aparace en la descripcion lo siguiente en ingles y
sin la imagen del post

Find Cash Advance, Debt Consolidation and more at Get the best of Insurance or Free Credit Report, browse our section on Cell Phones or learn

Necesito algun colega que me ayude.

PS: al parecer es solo con google chrome pues con otro me aparece la pagina de wordpress bien y recien
la estoy creando

Cicklow · 2015-08-14T17:29:25-0500

pasa combofix, adwcleaner, junk removal. y avisa como te va

hernanxpp · 2015-08-14T17:32:25-0500

cicklow dijo:
pasa combofix, adwcleaner, junk removal. y avisa como te va

ok voy a realizarlo

Cicklow · 2015-08-14T17:37:24-0500

hernanxpp dijo:
ok voy a realizarlo

estaba desde el cel por eso no te pase los links

ComboFix Download
AdwCleaner Download
Junkware Removal Tool Download

hernanxpp · 2015-08-14T17:51:18-0500

cicklow dijo:
estaba desde el cel por eso no te pase los links
ComboFix Download
AdwCleaner Download
Junkware Removal Tool Download

Muchas gracias Cicklow, pase los dos primeros y me eliminaron algunos archivos infectados,
coloco el resultado del adwcleaner

***** [ Services ] *****

[-] Service Deleted : SSFK

***** [ Folders ] *****

[#] Folder Deleted : C:\ProgramData\IHProtectUpDate
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[#] Folder Deleted : C:\Users\usuario\AppData\Roaming\WinZipper

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [default_newtabff@gmail.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\HomeTab
[-] Key Deleted : HKCU\Software\simplytech
[-] Key Deleted : HKCU\Software\Vittalia
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKCU\Software\WajIntEnhance
[-] Key Deleted : HKCU\Software\SearchProtectWS
[-] Key Deleted : HKCU\Software\Linkey
[-] Key Deleted : HKCU\Software\Kromtech
[-] Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\Iminent
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\SupTab
[-] Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\winzipersvc
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\WajIntEnhance
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\AIM Toolbar
[-] Key Deleted : HKLM\SOFTWARE\FFPluginHp
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\HomeTab
[!] Key Not Deleted : [x64] HKCU\Software\simplytech
[!] Key Not Deleted : [x64] HKCU\Software\Vittalia
[!] Key Not Deleted : [x64] HKCU\Software\TNT2
[!] Key Not Deleted : [x64] HKCU\Software\WajIntEnhance
[!] Key Not Deleted : [x64] HKCU\Software\SearchProtectWS
[!] Key Not Deleted : [x64] HKCU\Software\Linkey
[!] Key Not Deleted : [x64] HKCU\Software\Kromtech
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}

***** [ Web browsers ] *****

[-] [C:\Users\familia\AppData\Roaming\Mozilla\Firefox\Profiles\i0g1htq8.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts=1438165640&z=abfac91b0e269a009fd8c74g4zbcebbg2q5wbq0c1e&from=wpm07173&uid=WDCXWD2500YS-01SHB0_WD-WCANY171943319433");
[-] [C:\Users\familia\AppData\Roaming\Mozilla\Firefox\Profiles\i0g1htq8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://search.delta-homes.com/favicon.ico");
[-] [C:\Users\familia\AppData\Roaming\Mozilla\Firefox\Profiles\i0g1htq8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.url", "hxxp://search.delta-homes.com/web/?type=ds&ts=1438165640&z=abfac91b0e269a009fd8c74g4zbcebbg2q5wbq0c1e&from=wpm07173&uid=WDCXWD2500YS-01SHB0_WD-WCANY171943[...]
[-] [C:\Users\familia\AppData\Roaming\Mozilla\Firefox\Profiles\i0g1htq8.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-homes.com/?type=hp&ts=1438165640&z=abfac91b0e269a009fd8c74g4zbcebbg2q5wbq0c1e&from=wpm07173&uid=WDCXWD2500YS-01SHB0_WD-WCANY171943319433");
[-] [C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://search.delta-homes.com/webfavicon.ico

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [9121 octets] - [14/08/2015 17:42:54]
C:\AdwCleaner[S1].txt - [8641 octets] - [14/08/2015 17:42:06]

########## EOF - C:\AdwCleaner[C1].txt - [9247 octets] ##########

- - - Actualizado - - -

cicklow dijo:
estaba desde el cel por eso no te pase los links

Muchas gracias MOD, pase el ultimo y me termino de eliminar unas extensiones ocultas que estaban en los
navegadores, al parecer ya se soluciono el problema 8:8:8:

De nuevo gracias :encouragement::encouragement::encouragement:

marioverent · 2015-08-15T05:56:20-0500

cambia de antivirus , usa otro el avast se le cuelan algunos virus

Necesito ayuda con este virus

hernanxpp Seguir

Cicklow

hernanxpp

Cicklow

hernanxpp

marioverent