Henrique - R...
Cyber Highlander
Registrado
6.6K Mensagens
1.7K Curtidas
O Comodo aqui detectou como Win32.IBryte.X esse falso instalador do java.
E logo em seguida seu firewall alertou sobre um pacote em TCP direcionado ao processo wininit.exe.
TmfeijoMMonr...
Cyber Highlander
Registrado
13.7K Mensagens
4.2K Curtidas
Boa tarde !
Creio que com a chegada no Brasil; do site de buscas baidu maide in China; estes episódios vão crescer . Dos mais variados adwares .
Aqui vou rodar o ad aware . Só vou esperar a boa vontade da instalação :
http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-21-14at1206PM.png.html?sort=3&o=0
http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-21-14at1218PM.png.html?sort=3&o=0
Não pegou nada; porém este software não tem mais a eficiência de 10 anos atrás .
http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-21-14at0150PM.png.html?sort=3&o=0
Coincidência :
https://www.hardware.com.br/comunidade/v-t/1344563/
https://www.hardware.com.br/comunidade/antivirus-detectou/992751/
http://cjoint.com/data/0FzsAWMReqX.htm
D:\Arquivos de programas\Java\jre6\bin\java.exe
c:\program files\Java\jre7\bin\jp2ssv.dll ( atual )
Após quase exatos 5 anos !
http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-25-14at0206PM.png.html?sort=3&o=0
Runscanner logfile http://www.runscanner.net
* = signed file
- = file not found
General info
------------
Computer name : EDSON-PC
Creation time : 25/06/2014 14:01:37
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.11.9600.17126
OS : Windows 7 Home Basic
OS Build : 7601
OS SP : Service Pack 1
RunScanner Version : 2.0.0.60
User Language : Português (Brasil)
User rights : Administrator
Windows folder : C:\Windows
Running processes
-----------------
* C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Windows\System32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
* C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
* C:\Program Files\Comodo\Dragon\dragon_updater.exe
* C:\PROGRA~1\GbPlugin\gbpsv.exe (GAS Tecnologia)
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\taskhost.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Users\EDSON\Downloads\runscanner.exe (Runscanner.net)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
Unrated items
-------------
002 * C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
010 * C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service)
010 * C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service)
010 * C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 12.0 r0)
010 * C:\Program Files\AVAST Software\Avast\AvastSvc.exe (avast! Service)
010 * C:\Program Files\Comodo\Dragon\dragon_updater.exe (dragon_updater.exe)
010 * C:\PROGRA~1\GbPlugin\GbpSv.exe (G-Buster Browser Defense - Service)
010 * C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (maintenanceservice.exe)
011 c:\windows\system32\drivers\aswHwid.sys (aswHwid.sys)
011 * C:\Windows\system32\drivers\aswRvrt.sys (aswRvrt.sys)
011 c:\windows\system32\drivers\aswSnx.sys (aswSnx.sys)
011 c:\windows\system32\drivers\aswSP.sys (aswSP.sys)
011 c:\windows\system32\drivers\aswStm.sys (aswStm.sys)
011 * C:\Windows\system32\drivers\aswVmm.sys (aswVmm.sys)
011 * c:\windows\system32\drivers\aswMonFlt.sys (avast! File System Minifilter for Windows 2003/Vista)
011 * c:\windows\system32\drivers\aswRdr2.sys (avast! WFP Redirect Driver)
011 * C:\Windows\system32\DRIVERS\gbpndisrdn.sys (GAS Tecnologia - LWF Helper Driver)
011 * C:\Windows\system32\drivers\gbpkm.sys (GbPlugin Device Driver)
035 * C:\Program Files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe (Google Inc.) {8A69D345-D564-463c-AFF1-A69D9E530F96}
047 Zone: seg.bb.com.br : https://seg.bb.com.br
047 Zone: www.bancobrasil.com.br : *.www.bancobrasil.com.br
047 Zone: www.bb.com.br : *.www.bb.com.br
047 Zone: www.bb.com.br : http://www.bb.com.br
047 Zone: www14.bancobrasil.com.br : https://www14.bancobrasil.com.br
047 Zone: www14.bancobrasil.com.br : *.www14.bancobrasil.com.br
047 Zone: www2.bancobrasil.com.br : *.www2.bancobrasil.com.br
047 Zone: www2.bancobrasil.com.br : https://www2.bancobrasil.com.br
050 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {E37CB5F0-51F5-4395-A808-5FA49E399F83}
052 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {C41A1C0E-EA6C-11D4-B1B8-444553540000}
052 * C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
052 * C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
061 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {98C11555-BC81-40aa-A053-DAADC5630000}
061 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {E37CB5F0-51F5-4395-A808-5FA49E399F83}
062 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)
104 * C:\Windows\system32\Macromed\Flash\Flash32_12_0_0_70.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}
173 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 GUID / CLSID not found
221 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 GUID / CLSID not found
223 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
227 GUID / CLSID not found
231 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
241 * C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) {472083B0-C522-11CF-8763-00608CC02F24}
254 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {98C11555-BC81-40aa-A053-DAADC5630000}
Missing files
-------------
011 C:\Users\EDSON\AppData\Local\Temp\catchme.sys
032 rdpclip
052 C:\Program Files\Java\jre7\bin\jp2ssv.dll
http://cjoint.com/data3/3FAwadBwYIW.htm
http://cjoint.com/data/0FAvYNFAeBA.htm
http://cjoint.com/data3/3FAw6AJHlOo.htm
http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-30-14at0954PM.png.html?sort=3&o=0
http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-30-14at0947PM.png.html?sort=3&o=0
http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-30-14at1007PM.png.html?sort=3&o=0
Abraços