Tema: Sector de arranque infectado

Hola , hace cosa de dos semanas empeze a notar una lentitud anormal en mi pc , no encontre ningun virus , pero pasando el cd de norton 2007 , antes de que arranque el s.o , cargo los archivos de navdx y pruebo todas las opciones y en la ultima de las ordenes (navdx/helperror) cuando la ejecuto me dice que tengo archivos infectados en el sector de arranque y que seguramente y cito seguramente tengo mas archivos infectados y estropeado el sistema de archivos navdx en mal estado , ya he formateado 2 veces y el problema persiste al comprobar con el cd de norton al arrancar. Es normal esto , si no lo es como consigo formatear el sector de arranque aunque pierda parte del disco duro , porque el formateo normal no me vale.
Gracias de antemano.Saludos

Gracias , te agradeceria un monton que me dijeras cual .
Y ya de paso un buen antivirus gratuito o de pago da igual , algun firwell y lo que considereis oportuno porfavor llevo 3 años con el norton y cada 5 meses me pasa algo gordo.
Porfavor agradeceria que me indicaras que programa descargar para hacer el formateo.
Muchas gracias y saludos.

es complicado borrar virus incrustados en memoria, sector de arranque.... yo te propongo que pases con paciencia estos antivirus online y peges aquí los reportes para que podamos aconsejarte que hacer.

http://www.hard-h2o.com/vertema/67064/a ... nline.html

Ok , pues cuando haya pasado los antivirus online , lo cuelgo y me decis si veis algo , muchas gracias.
Por cierto el disco duro es un segagate sata 150 de 250Gb y el otro un segagate sata II de 400Gb y me pasa en los dos.
Gracias.Saludos

Aveure , acabo de pasar el panda y o sorpresa la primera en la frente , me explico empieza el analisis en mipc ok pues bien se ha quedado al 75% del analisis colgado y hasta entonces a detectado 14 spyware , pero lo que mas me extraña es que mientras analizaba miro en el administrador los programas activos y me salen de golpe las 3 paginas del explorer abierto (correcto) pero tambien me sale abierto el Creative Media Source Go ( es una utilidad de la tarjeta de sonido) pues bien sin estar abierto este programa lo finalizo y se me ha ido todo , intentare volver a pasar el panda y los demas y os sigo informando .
Gracias y saludos

Pues nada tu , vuelvo a pasar el panda active y me marca 14 spyware y justo despues se queda clavado en E:\Inetpub\wwwroot\winxp.gif y al pasar 5 minutos aqui clavado desaparece el explorer y el analisis sin dar ningun tipo de error , simplemente desaparece , esta vez en el administrador no salia nada raro. paso los otros y sigo contando.
Gracias y Saludos.
Por cierto ahora solo tengo puesto el Hd segagate de 250 Gb que para mas informacion cuando se me lio el polllo y me di cuenta que farmateando y instalando wxp no solucionaba nada hice tres particiones.
C: que no tengo nada pero faltan 12GB y no encuentra nada .Le cambie el nobre y le puse E: pero en mi pc sale (E(C , despues tengo la E: que es donde tengo el xp y todo , tambien le intente cambiar el nombre y me sale en mi pc (C(E y la D: que esta pendiente de formato , hice esto pensando que si lograba aislar el trozo de particion en mal estado se solucionaria el problema , pero no.
Sigo pasando antivirus y os sigo contando.
Muchas Gracias y saludos

Gracias quetedigo , bien sigo el kaspersky no me detecta ningun virus , pero en los informes me pone , el de mi pc y el de areas conflictivas:
viernes, 06 de julio de 2007 20:23:51
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.0
Ultima actualización: 6/07/2007
Registros en la base antivirus: 336969
Configuración del análisis
Analizar usando las siguientes bases standard
Analizar archivos verdadero
Analizar bases de correo verdadero
Objetivo a analizar Mi PC
A:\
C:\
D:\
E:\
Estadísticas
Número de objeros analizados 27002
Virus encontrados 0
Objetos infectados 0 / 0
Objetos sospechosos 0
Duración del análisis 00:21:31

Bombre del objeto infectado Nombre del virus Última acción
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\System Volume Information\_restore{777DF4E6-8ED0-4D05-9B72-7EBE1998EA92}\RP41\change.log Object is locked saltado
E:\Archivos de programa\Archivos comunes\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked saltado
E:\Archivos de programa\Archivos comunes\Symantec Shared\NFWEVT.LOG Object is locked saltado
E:\Archivos de programa\Archivos comunes\Symantec Shared\SNDALRT.log Object is locked saltado
E:\Archivos de programa\Archivos comunes\Symantec Shared\SNDCON.log Object is locked saltado
E:\Archivos de programa\Archivos comunes\Symantec Shared\SNDDBG.log Object is locked saltado
E:\Archivos de programa\Archivos comunes\Symantec Shared\SNDFW.log Object is locked saltado
E:\Archivos de programa\Archivos comunes\Symantec Shared\SNDIDS.log Object is locked saltado
E:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSYS.log Object is locked saltado
E:\Archivos de programa\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked saltado
E:\Archivos de programa\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked saltado
E:\Archivos de programa\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked saltado
E:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
E:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
E:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
E:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
E:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\MSHist0120070706200707 07\index.dat Object is locked saltado
E:\Documents and Settings\Administrador\Cookies\index.dat Object is locked saltado
E:\Documents and Settings\Administrador\NTUSER.DAT Object is locked saltado
E:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\Common Client\settings.dat Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\LiveUpdate\2007-07-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBConfig.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBDebug.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBDetect.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBNotify.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBRefr.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBSetCfg.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBSetCfg2.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBSetDev.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBSetLoc.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBSetUsr.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBStHash.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\BBValid.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\SPPolicy.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\SPStart.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SPBBC\SPStop.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtErEvt.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtETmp\0CDAFF67.TMP Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtETmp\6DCE1673.TMP Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtMoEvt.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtNvEvt.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtScEvt.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtTxFEvt.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtViEvt.log Object is locked saltado
E:\Documents and Settings\All Users\Datos de programa\Symantec\SubEng\submissions.idx Object is locked saltado
E:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
E:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
E:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
E:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
E:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
E:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
E:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
E:\Documents and Settings\NetworkService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
E:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked saltado
E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
E:\Inetpub\catalog.wci\00000002.ps1 Object is locked saltado
E:\Inetpub\catalog.wci\00000002.ps2 Object is locked saltado
E:\Inetpub\catalog.wci\00010002.ci Object is locked saltado
E:\Inetpub\catalog.wci\cicat.fid Object is locked saltado
E:\Inetpub\catalog.wci\cicat.hsh Object is locked saltado
E:\Inetpub\catalog.wci\CiCL0001.000 Object is locked saltado
E:\Inetpub\catalog.wci\CiP10000.000 Object is locked saltado
E:\Inetpub\catalog.wci\CiP20000.000 Object is locked saltado
E:\Inetpub\catalog.wci\CiPT0000.000 Object is locked saltado
E:\Inetpub\catalog.wci\CiSL0001.000 Object is locked saltado
E:\Inetpub\catalog.wci\CiSP0000.000 Object is locked saltado
E:\Inetpub\catalog.wci\CiST0000.000 Object is locked saltado
E:\Inetpub\catalog.wci\CiVP0000.000 Object is locked saltado
E:\Inetpub\catalog.wci\INDEX.000 Object is locked saltado
E:\Inetpub\catalog.wci\propstor.bk1 Object is locked saltado
E:\Inetpub\catalog.wci\propstor.bk2 Object is locked saltado
E:\System Volume Information\catalog.wci\00000002.ps1 Object is locked saltado
E:\System Volume Information\catalog.wci\00000002.ps2 Object is locked saltado
E:\System Volume Information\catalog.wci\00010001.ci Object is locked saltado
E:\System Volume Information\catalog.wci\cicat.fid Object is locked saltado
E:\System Volume Information\catalog.wci\cicat.hsh Object is locked saltado
E:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked saltado
E:\System Volume Information\catalog.wci\CiP10000.000 Object is locked saltado
E:\System Volume Information\catalog.wci\CiP20000.000 Object is locked saltado
E:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked saltado
E:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked saltado
E:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked saltado
E:\System Volume Information\catalog.wci\CiST0000.000 Object is locked saltado
E:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked saltado
E:\System Volume Information\catalog.wci\INDEX.000 Object is locked saltado
E:\System Volume Information\catalog.wci\propstor.bk1 Object is locked saltado
E:\System Volume Information\catalog.wci\propstor.bk2 Object is locked saltado
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
E:\System Volume Information\_restore{777DF4E6-8ED0-4D05-9B72-7EBE1998EA92}\RP41\change.log Object is locked saltado
E:\WINDOWS\CSC\00000001 Object is locked saltado
E:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
E:\WINDOWS\SchedLgU.Txt Object is locked saltado
E:\WINDOWS\SoftwareDistribution\EventCache\{690ECB 75-EE3D-48F6-A37A-C7B6E2A72F6A}.bin Object is locked saltado
E:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
E:\WINDOWS\Sti_Trace.log Object is locked saltado
E:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
E:\WINDOWS\system32\config\default Object is locked saltado
E:\WINDOWS\system32\config\default.LOG Object is locked saltado
E:\WINDOWS\system32\config\SAM Object is locked saltado
E:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
E:\WINDOWS\system32\config\SECURITY Object is locked saltado
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
E:\WINDOWS\system32\config\software Object is locked saltado
E:\WINDOWS\system32\config\software.LOG Object is locked saltado
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
E:\WINDOWS\system32\config\system Object is locked saltado
E:\WINDOWS\system32\config\system.LOG Object is locked saltado
E:\WINDOWS\system32\h323log.txt Object is locked saltado
E:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked saltado
E:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked saltado
E:\WINDOWS\system32\msmq\storage\QMLog Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
E:\WINDOWS\Temp\Perflib_Perfdata_168.dat Object is locked saltado
E:\WINDOWS\wiadebug.log Object is locked saltado
E:\WINDOWS\wiaservc.log Object is locked saltado
E:\WINDOWS\WindowsUpdate.log Object is locked saltado
Análisis completado.
Bien y en el de areas conflictivas:
iernes, 06 de julio de 2007 20:29:27
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.0
Ultima actualización: 6/07/2007
Registros en la base antivirus: 336969
Configuración del análisis
Analizar usando las siguientes bases standard
Analizar archivos verdadero
Analizar bases de correo verdadero
Objetivo a analizar Áreas críticas
E:\WINDOWS
E:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\
Estadísticas
Número de objeros analizados 15840
Virus encontrados 0
Objetos infectados 0 / 0
Objetos sospechosos 0
Duración del análisis 00:03:12

Bombre del objeto infectado Nombre del virus Última acción
E:\WINDOWS\CSC\00000001 Object is locked saltado
E:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
E:\WINDOWS\SchedLgU.Txt Object is locked saltado
E:\WINDOWS\SoftwareDistribution\EventCache\{690ECB 75-EE3D-48F6-A37A-C7B6E2A72F6A}.bin Object is locked saltado
E:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
E:\WINDOWS\Sti_Trace.log Object is locked saltado
E:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
E:\WINDOWS\system32\config\default Object is locked saltado
E:\WINDOWS\system32\config\default.LOG Object is locked saltado
E:\WINDOWS\system32\config\SAM Object is locked saltado
E:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
E:\WINDOWS\system32\config\SECURITY Object is locked saltado
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
E:\WINDOWS\system32\config\software Object is locked saltado
E:\WINDOWS\system32\config\software.LOG Object is locked saltado
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
E:\WINDOWS\system32\config\system Object is locked saltado
E:\WINDOWS\system32\config\system.LOG Object is locked saltado
E:\WINDOWS\system32\h323log.txt Object is locked saltado
E:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked saltado
E:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked saltado
E:\WINDOWS\system32\msmq\storage\QMLog Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
E:\WINDOWS\Temp\Perflib_Perfdata_168.dat Object is locked saltado
E:\WINDOWS\wiadebug.log Object is locked saltado
E:\WINDOWS\wiaservc.log Object is locked saltado
E:\WINDOWS\WindowsUpdate.log Object is locked saltado
Análisis completado.
Bien sigo con los otros dos.

Bien el ewido solo me ha encontrado cookies , lo que no entiendo es que cada vez que cierro el navegador ya sea firefox o I.E siempre elimino las cookies y los archivos , como ago para eliminar estas? aqui os dejo el informe del ewido:
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Msn
Path: E:\Documents and Settings\Administrador\Cookies\administrador@auto. search.msn[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: E:\Documents and Settings\Administrador\Cookies\administrador@doubl eclick[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: E:\Documents and Settings\Administrador\Cookies\administrador@media plex[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: E:\Documents and Settings\Administrador\Cookies\administrador@ssl-hints.netflame[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: E:\Documents and Settings\Administrador\Cookies\administrador@trade doubler[1].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: E:\Documents and Settings\Administrador\Cookies\administrador@auto. search.msn[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.6:E:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\jlh2w2xw.default \cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.20:E:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\jlh2w2xw.default \cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.21:E:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\jlh2w2xw.default \cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: E:\Documents and Settings\SIRE\Cookies\sire@advertising[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: E:\Documents and Settings\SIRE\Cookies\sire@as1.falkag[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: E:\Documents and Settings\SIRE\Cookies\sire@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: E:\Documents and Settings\SIRE\Cookies\sire@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Connextra
Path: E:\Documents and Settings\SIRE\Cookies\sire@connextra[1].txt
Risk: Medium

Name: TrackingCookie.Coremetrics
Path: E:\Documents and Settings\SIRE\Cookies\sire@data.coremetrics[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: E:\Documents and Settings\SIRE\Cookies\sire@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: E:\Documents and Settings\SIRE\Cookies\sire@m.webtrends[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: E:\Documents and Settings\SIRE\Cookies\sire@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: E:\Documents and Settings\SIRE\Cookies\sire@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: E:\Documents and Settings\SIRE\Cookies\sire@serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: E:\Documents and Settings\SIRE\Cookies\sire@ssl-hints.netflame[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: E:\Documents and Settings\SIRE\Cookies\sire@tradedoubler[2].txt
Risk: Medium

Ahora os posteo el ultimo , gracias por la paciencia.

pues bien el ultimo ya lo he pasado y no me ha encontrado nada :
Scan Results: Scan Completed. 26880 files scanned. No viruses found.

File Infection Status Path
- No Infections

Asi que no que es lo que tengo , quiza sea lo que dice quetedigo y sea spiware , bien si es solo eso cosa que dudo pk el pc no va ni la mitad de bien que antes , que programa utilizo para eliminarlo tanto gratuito como de pago , aunque la experiencia que tengo con norton me dice que no siempre pagar te evita problemas.
Luego pk el norton arrancando con su cd me pone eso de archivos infectados en el sector de arranque y mal funcionamiento de nadvx (osea los archivos del Norton).
Y por ultimo que antivirus me pongo + firewall o lo que haga falta , igual que antes ya sean gratuitos o de pago.
Bien , muchas gracias por vuestra paciencia y atencion.Esperando una respuesta muchas gracias.
Saludos

Ok , el lunes lo pillo , antes de montarlo volvere a formatear , perdonad eh pero me he fijado que despues de pasar todos los antivirus online al reniciar entro en la bios y en Advanced , concretamente en Advanced PCI/PNP setting , me pone esto:
Warning Setting wrong values in below section many cause sistem to mal function.
Esto antes de ayer no salia , haver si voy a tener el virus en la bios , la bios es la ultima actualizacion disponible en asus.
Gracias y Saludos.

Gracias quetedigo pero lo acabo de hacer ahora y nada he ido a la bios y he hecho el load setup pero nada sigue saliendo igual lo mismo de warning.
Empiezo ha estar acongojado , ya he borrado las cookies que salian y jamas utilizare el I.E , pero volviendo a la bios no se si sera algo del plug and play o algo asi , si no se te ocurre nada no me quedara mas que cojer el manual asus y empezar a traducir supongo que al actualizar la bios ( pase 6 actualizaciones de golpe , que no se si es correcto) y el buckup de la que llevaba al comprarla ya no lo tengo , lo perdi al formatear , pero bueno si no me ha entrado nada en la bios supongo que sera cuestion de leer y traducir .
Haber si lo soluciono , gracias por la atencion , saludos.

Hola Gielo , gracias , podrias especificarme un poco mas como formatear la bios y con que programa? o como , o sacando la pila y esperando un rato ya vale? en el libro de asus no encuentro la solucion e ido traduciendo todo lo que he podido pero nada , despues de formatear la bios , como se la pongo ? nunca lo he hecho , tengo que haverme un cd con la bios ? por si acaso.
Despues que programa uso para hacer el formato plano o como se llame , en seagate hay dos en ingles y no se cual es de los dos , supongo que tendre que montarlo en un cd para meterlo antes de que arranque windows , o no?
Hoy por la mañana he vuelto a formatear y antes de montar windows y todo , he vuelto a pasar el Norton en modo arranque y me sigue detectando el sector infectado en el arranque y me dice que tiene archivos infectados en el propio NAVDX que son archivos norton del cd , no sera que todo venga por culpa del maldito norton.
Muchas gracias y saludos

Gracias , pues bueno , me bajo el seatools , lo monto y mañana me lo paso , y la bios nada ok , por cierto pongo un informe del norton que he encontrado buscando y buscando que me parece que hace referencia a cuando paso el cd de norton antes de arrancar , haber si veis algo raro.
Pues vaya no me deja cuando lo posteo me sale error 403 en vuestra pagina , bueno lo volvere a intentar algo mas tarde , pero el informe pone cosas mu raras.
Gracias y saludos


.

Hola , primero disculpas por el retraso , pero esque esto me esta llevando mucho tiempo , haber me baje el seatools lo queme en el pc de un colega porsi las moscas y una vez en mano formate con el al Zero , y antes de meter xp o cualquier cosa , es decir con el hd pelao , paso el norton y me sigue poniendo lo mismo , os lo apunto , recordar que esto es al realizar el ultimo comando del navdx , que es navdx/helperror ok , alla va pone:

Cargando navdx , porfavor espere......Los niveles de error del dos navdx
devuelven:

0 No se han producido errores ni se han encontrado virus.
10 Se ha encontrado un virus en memoria
11 Se ha producido un error interno de programa
13 Se ha encontrado uno o mas virus en el sector de arranque maestro o
archivos
15 Se ha producido un fallo en la autocomprobacion de navdx , puede que
este infectado o dañado
102 Se ha utilizado ctr-c o ctrl-breack para interrumpir el analisis.


Bueno pues no suena bien que digamos luego puse el xp , lo volvi a pasar , todo esto sin actualizar nada ni conectarme a internet. Asi pues vuelvo a arrancar desde el cd norton y me vuelve a salir lo mismo.
Pero buscando luego en la unidad c he encontrado un archivo de viruscan que tiene pinta de ser el informe echo por el navdx , ya que puse guardar un registro pero esto con el xp montado , sino no lo guarda. pues bien este archivo no lo entiendo viene ha decir que estoy lleno de virus y encima chungos , cuando acabe de quitarle todas las comillas lo pongo , ya que al colgarlo me sale error 403 , tardo nada.

Gracias y Saludos

Bien este es el archivo , falta una parte de alogaritmos que no la puedo poner , sino no lo puedo colgar , pero lo importante se lee , a este documento , tambien esta dentro del cd del norton. alla va:The Symantec AntiVirus Information File
Copyright Symantec Corp. 1993-2003
All Rights Reserved
No additional information. This virus infects the master boot record and boot record of floppy disks. Bootup from infected floppies often causes system hangs Lenart This virus contains the text, I am Li Xibin. Bootup from infected floppies often causes system hangs This is dropped by the Backdoor.Poly or Backdoor.SubSeven. You must delete this file. This is a trojan horse program and not a virus. This program can be used to allow unauthorized access to your computer. You must delete this file. This is a backdoor type trojan program which can be used to allow unauthorized access to your computer. This backdoor trojan loads by adding to the line shell=explorer.exe in the SYSTEM.INI file. To clean, replace that line and delete the corresponding file from the C:\WINDOWS directory. This virus does little but replicate. Note that Boot-437 does not infect the MBR of the hard drive; it infects only the Boot Sector. This is a Internet worm that uses .bat files to search through a range of IP addresses of known ISPs to find an accessible computer. If an accessible computer shares its C drive, it copies its files onto the other computer. DIR.Byway Byway creates a file called CHKLIST.MS in the root directory. DO NOT delete this file, as you will lose original file data OZ, Die Hard.II, Die-Hard.4000.d Infected programs have the word OZ near the end of the file. Creeping Death Changes directory entries to point to itself. Using the CHKDSK /F command will destroy all program file linkage. To repair infected systems, you must use the DOS version of NAV. CMOS Killer This family of viruses attempts to modify CMOS information. EXE files are overwritten by virus code turning them into droppers. On the 18th of any month, the virus plays a clicking sound whenever a key is pressed. The virus contains the text: The FORM-Virus sends greetings to everyone who's reading this text. FORM doesn't destroy data Don't panic Worm.Newapt This worm uses MS Outlook Express or Netscape Mail to mail itself out. It uses several names for the attachment. B1 NYB is a fairly generic MBR and Floppy Boot Sector Infector. It goes resident, but does not destroy anything intentionally. However, some floppies have been reported as corrupted. Worm.ExploreZip(pack) This worm usually comes Explore.EXE in email. When executed, it gives out a fake error message that the ZIP file is invalid. See http://www.symantec.com/avcenter for detail info on this worm. Monkey This virus encrypts the partition table, moves it to a different locale on the hard drive and then takes the place of the real one. In order to read the real partition (and see the drive), the virus must be active in memory. Bloody After the 128th time a computer boots from an infected disk, the message Bloody June 4, 1989
appears. Michelangelo If an infected system is booted any time on March 6th, the virus will silently overwrite the first 17 Sectors of the first 256 Cylinders of the hard drive with random information from memory. Bloomington,Stoned.No_Int,New Zealand The virus overwrites the root directory on floppy disks. Any data located there is lost. Booting from an infected floppy disk displays the error message: Disk boot failure. Angelina Contains the text Greetings for ANGELINA /by Garfield/Zielona Gora. Natas, Satan A highly polymorphic multi-partite virus that infects everything. It is most prevalent in Mexico, though originally written in San Diego by the author of SatanBug. 69 On 30NOV, will show a message on the screen. Encrypted within the multi-sectored virus is S A M P O and proclaiming itself from the Phillipines. In the wild in Asia, Europe, and the US. This program drops a copy of Backdoor.Subseven on the user's computer. HLLP.Termite.5000/7800/9100 This is an improved prepending virus that encrypts part of the files. Those with Win32 NAV products should use NAVDX to repair this virus. For more information, look up Termite at http://www.symantec.com/avcenter/ FunYour NTTHNTA Wazzu Colors.AE Opening infected document for the 20th time, some variants of WM.Appder delete C:\DOC\*.EXE, C:\DOC\*.COM, C:\WINDOWS\*.EXE, C:\WINDOWS\SYSTEM\*.TTF and C:\WINDOWS\SYSTEM\*.FOT On February 3 and February 26 this virus will add password protection of Dariem. It also changes the Document Properties This is a Word 97 macro virus. It creates a text file in the current directory. The text files names start with CMC. This is a Word 97 macro virus. After June of year 2000, it creates .doc files in Windows directory 999999991 times. The file names start with Aa. This is a Word 97 macro virus does noting but replicate. It infects when the document is closed. This is a Word 97 macro virus that infects Word97 documents and templates. On certain days and month, it triggers a message and imports a file saved as bdoc2.txt. This polymorphic macro virus infects Normal.dot and modifies MS WORD virus protection settings. This virus infects when opened. Also on certain date 11/10 or 7/1 if opened, it changes the options of MS-Word. This virus infects when opened. It changes options of the MS-Word. Also, if the file is opened after a june of the each year following 2000, the file will replicate it-self 999999991 times. This virus infects when opened. It changes options of the MS-Word. Also, if the file is opened after a june of the each year following 2000, the file will replicate it-self 999999991 times. This virus infects Word97 documents when opened. Also, if an infected document is opened on July 1 the virus will attempt to open all documents on the C: drive, infect them, and set the password to xyz This virus infects Word97 documents when opened. Also, if an infected document is opened on July 7 or November 10 the virus will attempt to open all documents on the C: drive and infect them. This Word 97 macro is similar to all members of the W97M.Eight941 family of macro viruses in the way it replicates. Also it has similar payload. Macro Word97 CAPUT This macro virus creates a file system.drv in C:\ directory. Under properties->summary->comments displays JU$t bEEn CAPuted message. Hubad Ganda This polymorphic Word 97 macro inserts an ASCII-picture when printing an infect Word documents. W97M.Junefill.A This Word 97 macro triggers July, 2000, and continually saves the currently infected document to c:\windows as random file names. It is also inserts the user name/address/initials into the code. W97M.Marker.CE W97M.Marker.CS This Word 97 macro is a June/July Variant. It infects the Normal.dot and any active documents and saves them as AA and AA.doc. This is polymorphic macro virus. This virus creates a EmailMe.html in the Windows directory. You should delete this file. This is polymorphic macro virus. This virus creates a EmailMe.html in the Windows directory. You should delete this file. When the document is opened or closed On 3/11, this macro virus will display Happy Birthday. It will try to delete *.sys files from C:\. It will also delete some words in the document. This Word 97 Macro virus adds a password of 8941 to all documents. One would need to first disable the password before attempting to repair with NAV. W97M.PSD At certain time of the day, it will add colorful AutoShape objects to the current document when opening or closing the document. Doing File Save and File Save As on August 30th will cause this macro virus to display message box. Also user would need to enter correct password to continue editing this document. The password is WM.MALAYSIA 1998. This is a macro virus that infects Word97 documents and templates only. This macro virus is stealth and uses anti-debugging techniques. This macro virus may prevent you from opening documents on Sunday. W32.Beast W32.Beast.56230/41472 This virus uses macro and EXE to spread. Infected document carries an embedded EXE object that gets activated by the AutoOpen macro in the document. The EXE goes resident and infects other opened documents in MS Word. This Word macro virus is dangerous. It tries to add few lines in your C:\Autoexec.bat file which is Deltree c:\*.* /y. You should delete that line if it is there. Beast.A.Trojan CDtray.Trojan Beast This is the EXE part of W97M/W32.Beast. See W97M.Beast for description. WM.Cap Family This macro virus removes Macro & Customize item from Tools menu. It deletes all existing macros before infection. Saving into RTF file actually creates an infected Word Document w/ RTF extension. This is a remnant of WM.Cap virus. If NORMAL.DOT is infected or an infected document is opened, MS Word fails to execute FileOpen, FileSave, FileSaveAs or FileClose and gives WordBasic Err message. This macro virus removes Macro from Tools menu. It displays a picture when Help|About is accessed or when exiting from Word97 on Friday. Class.Poppy, Woobie This is a polymorphic Word97 macro virus. Some variants display insulting messages like telling user is a jerk, etc. Some variants quietly do their infections on opening and closing documents. MV Version 1e This W97M.Class variant uses C:\SYSTEM.SYS as a temporary text file. It display the following message for Tools-Macro menu: This program has performed an illegal operation and will shut down. Polymorphic Word 97 macro virus. Infects the normal template. This macro does little but replicates This Word 97 virus infects normal template. This macro virus does little but replicate. This macro virus is polymorphic. It infects Normal.dot. It also uses Aplication.UserName to name a .tmp file created in the c:\windows\temp directory and containing the source code of the virus. W97M.Chack.Variant This is a generic Word97 macro virus. It infects documents by using the Normal Template on opening, closing, and as well as most of the other commands available through word menu. W97M.Zippy Class.Zippy This polymorphic macro virus remove the Macro and Options from Tools menu. It prints the active document on the 10, 15, 20, 25 everytime the infected document is opened or close. This polymorphic macro virus removes the Macro and Options items from the Tools menu. It also prints the active document on the 13th during the months of August through December. Class.TNT This polymorphic macro virus display messages on Dec 23 and 24. On Dec 25, it password protects the infected document with TNT This macro virus infects the global template Normal.dot to spread. The virus diplays a message and beeps 100 times if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This macro virus infects the global template Normal.dot to spread. It displays Input Box with a title AV MACRO, when selecting the Visual Basic Editor. This virus diplays a message and beeps 100 times if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This virus diplays a message and beeps 100 times if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This virus diplays a message and beeps 100 times if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This virus diplays a message and beeps 100 times if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This virus diplays a message and beeps 100 times if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This macro virus infects the global template Normal.dot to spread. The virus diplays a message and beeps 100 times if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This macro virus infects the global template Normal.dot to spread. The virus diplays a message and beeps 100 times if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This macro virus infects the global template Normal.dot to spread. The virus diplays a message if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This macro virus infects the global template Normal.dot to spread. The virus diplays a message if excuted anytime before 9:00 PM on Fridays and Sundays. It also modifies several menu commands and dialog boxes. This Word97 macro virus contains a module called Claudio that infects during the closing of the document. Another infectious module called Modulo1 is called during the opening of new documents. This is a macro virus that infects Word97 documents and templates. It contains a module called Modulo1 that infects when documents are opened. This is a macro virus that infects Word97 documents and templates. It contains a module called Claudio2. On 11/10 and 7/1, it will search your entire C drive for *.doc files and change some option settings. WM.Colors Family, Rainbow This macro virus maintains a counter in INI file. After a certain number of accesses, it modifies WIN.INI to change the Windows desktop color settings. It is known to snatch AutoOpen and various FILE macros. Prank, Concept.A, B:Fr, C, H, O, P, Q This macro virus is one of the first in the wild. It infects using File|SaveAs. It displays 1 upon infection. Some variants may have destructive payload or corrupted/snatched macros. WM.Haha When doing File|SaveAs, this Concept Variant changes text color to white and inserts i said: say goodbye to all your stuff look at that hard drive spin to the document while saving the file 100 times. When doing File|SaveAs, this Concept Variant tries to save a copy of the document in T:\VIR\. It displays 1 upon infection. WM.Parasite This Concept variant has several payload: replace and w/ not . w/ a w/ e in the document; and displays Parasite virus 1.0 Variants are by corruption. WM.Concept.CJ This Concept variant has several payload: It ometimes replaces .with , and $ with S or password protect a document with FrazzleFuck_100 or destroy C:\COMMAND.COM, C:\AUTOEXEC.BAT, C:\CONFIG.SYS and C:\MSDOS.SYS. This Italian Concept variant infects while closing document or Tools|Spelling. It displays 1 upon infection. Variants are by corruption or snatched/lost macros. WM.Pheew:Nl This Dutch Concept Variant displays STOP ALL FRENCH NUCLEAR TESTING IN THE PACIFIC Final Warning Clicking NO button will delete files in C:\ & C:\DOS making the system unbootable. WM.BlastC This Concept Variant shows a welcome message when opening document & Uh Ohhh. NORMAL.DOT just got infected when infecting NORMAL.DOT. Variant L tries to delete C:\DELETEME on the 24th. This Concept Variant is an intended virus that spreads manually when user runs the macros XutoOpen. Concept When infecting a document, this variant of the WM.Concept macro virus family randomly password-protects it with random number s between 1-100. The password is three characters long and uses leading spaces to make up the three characters. WM.DiamondSutra This variant of WM.Concept redefines AutoCorrect of teh into Shoshi in 1983 is the Sun It displays message boxes referring to CTF. WM.MicroSloth This variant of WM.Concept at random displays Microsloth - Who do you want to own today?
message box; open 20 new documents; open or delete all all files in current directory; or format disk in drive A. This variant of WM.Concept creates a file C:\foodies.txt which contains useless data. This file should be deleted. This variant of WM.Concept add an advertisement to the end of C:\AUTOEXEC.BAT file. It also creates a C:\WINDOWS\FIREFOX.INI file. WM.Concept.BB This macro virus is a sub-family of WM.Concept. Its infection mechanism is similar to Concept's. Some variants display a message box when opening document. Others simply have corrupted/snatched macros. This Word97 macro virus has payloads that only work in Windows 98. One of the payload sends an email to the editor of Virus Bulletin. W97M.Ethan.B This Word97 macro virus uses ETHAN.___ temporary text file while infecting, removes the C:\Class.sys temporary text file that W97M.Class uses, and changes the File Summary Information. W97M.FootPrint It uses FOOTPRINT.$$$ and FOOTPRINT.$$1 as temporary file while infecting. It also adds FootPrint1 custom document property to mark its infection. Groovie, IPAttack It creates DATA.DOT in MS Word startup directory. It is recommended to delete this DATA.DOT file along with C:\groovie.sys, c:\script.sys and c:\ip.txt if they exist. This virus infects MS Word Documents using the Word Basic Macro language. It has two macros: HarkOne, and either AutoOpen or AutoClose. Variant of WM.Johnny that has some corrupted or empty macros. FileSave command may give an error, but the virus still spreads through the FileSaveAs command. This macro virus creats a file in your XLSTART folder called Manalo.xls. You should delete this file. W97M.Thus This is a macro virus. It infects the global template Normal.dot on opening or closing an infected document. This is a corrupted / modified variant of WM.MDMA. MS Word may displays error messages while closing a document because of the corruption / modification. Word Macrovirus that prints IMPORTAT NOTTICE on Dec 13 Npad macro virus variant whose AUTOOPEN macro is partially corrupted. As Npad maintains a counter in WIN.INI file, it may generate an error message after 23 execution when it tries to display a scrolling message. W97M.Opey.B, W97M.Opey.C Standard macrovirus. On certain holidays, it appends a greeting to C:\autoexec.bat. It changes various name setting to Opey This Word 97 macro virus spreads its infection on all file access commands within Word: open, close, save, saveas and exit. It changes the user information, and removes any macros (good or bad) when it infects documents. This virus spreads its infection when opened. It drops a file called FF.sys in C:\ directory. You can delete this file. This is a Word macro virus. This virus infects NORMAL.DOT. It infects documents when they are opened. There is no payload contained in this virus. W97M.System.A This virus is polymorphic. It will try to send it's self to everyone in the address book. It randomly picks string to place in the subject of email. Strings: (1)version finale or (2) Un peu d aide... or (3)suggestion... This is a Word macro virus. It infects when opened. Most variant of this macro virus has corrupted or others AutoExec as it's SHOW/AUTOEXEC macro. Despite this, the spread occurs since the corrupted macro is not the one which copies the virus to other documents. This is a Word97 macro virus. This virus spreads its infection when a document is open or closed or when a new document is created. This is a Word97 macro virus. This virus spreads its infection when a document is closed or saved or when a new document is created. This is a Word97 macro virus. This virus spreads its infection when a document is open or closed or when a new document is created. W97M.Thus.K This is a Word97 macro virus. This virus spreads its infection when a document is opened or closed and when a new document is created. W97M.Joy This Word97 macro virus is a polymorphic virus. It infects the global template with AutoOpen and generates random comment lines within macros. It also display MessageBox and set passwords once awhile. A Word97 macro virus. It infects when you open or close the document. W97M.VMPCK1.Gen Infects by exporting INJEKT module as c:\startup.log, and then importing into new documents. Changes volume label to testicle. It also display various message boxes.. These are modification of macro viruses generated from Swlabs generator. Some of the variants are improperly modified that MS Word will generate Word Basic Err message while opening any document. This encrypted macro virus can infect both Excel 97 and Word 97 files. This polymorphic macro virus infects both Excel 97 and Word 97 files. Variant A displays a message on the 14th after May I think USER is a a big stupid jerk. Variant B displays encrypted message. This macro virus can infect Excel 97, Word 97, and PowerPoint 97 files. W97M.DB This is a Word 97 macro virus. On 11/6/2000 or after, it opens 21 documents if you open the infected document. Also closing the infected document, it open another 21. W97M.VMPCK1.BH/BI/BJ W97M.AKRNL This VMPCK1 generated macro virus infects Word97 files. It adds AKRNL macro module to infected Word document. This VMPCK1 generated macro virus infects Word97 files. It adds AKRNL macro module to infected Word document. It also exports the akrnl module to the file c:\Étudiant.cfg. This VMPCK1 generated macro virus infects Word97 files. It adds AKRNL macro module to infected Word document. It also exports the akrnl module to the file c:\Étudiant.cfg. Wazzu This virus is one of the most prevalent macro viruses in the wild. It has two payloads: 1) It can move up to 3 words to a random document location and 2) It can insert Wazzu or into the document. Wazzu This virus is one of the most prevalent macro viruses in the wild. It has two payloads: 1) It can move up to 3 words to a random document location and 2) It can insert Wazzu or into the document. This version will not replicate. Wazzu Unlike other Wazzu variants, this one does not have payload. Wazzu When opening a document, this variant of the WM.Wazzu macro virus family randomly password-protects it with random numbers or inserts Only Lucky ONE gets Mad Cow. into the document. Wazzu When opening a document, this WM.Wazzu variant moves words around or password-protects the document using the filename as the password if the document has more than 2000 words or it is the 15th of the month. This appears to be an unknown variant of a macro virus. Please submit this sample to the Symantec AntiVirus Research Center for analysis, as described in your manual. This file possibly contains viral macros from one or more sets of known macro viruses. Repairing will remove all of these viral macros. This virus infects MS Word Documents using the Macro language. It is most often transmitted via .DOC and .DOT files. This virus infects MS Excel Spreadsheets using the VBA language. It drops EXTRAS.XLS, Windows Extras.XLS, or Macintosh Extras in XLSTART directory. The module name is a random 25 characters, changing with each infection. This virus infect Excel spreadsheets and enables password protection in infected files. The password is GTHOMSON197168 or a number between 197 and 365 inclusive. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden LAROUX sheet into the Spreadsheet and drops PERSONAL.XLS in XLSTART directory. Scanning XLSTART directory is recommended. XM.Laroux This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden LAROUX sheet into the Spreadsheet and drops a file in XLSTART directory. Scanning XLSTART directory is recommended. XM.Laroux This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden sheet into the Spreadsheet and drops PERSONAL.XLS in XLSTART directory. Scanning XLSTART directory is recommended. This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden sheet into the Spreadsheet and drops KKKKK.XLS in XLSTART directory. Scanning XLSTART directory is recommended. Base5874 This virus infects MS Excel 97 Spreadsheets using the VBA language. It adds a BASE5874.XLS In XLSTART directory. Removal of BASE5874.XLS is recommended. Paix This virus infects MS Excel Spreadsheets using Excel formulas (instead of macros). It drops a file XLSHEET.XLA into the XLSTART or WINDOWS directory. Scanning for XLSHEET.XLA is recommended. Paix Damaged This is a variant of the XF.Paix.A macro virus but it is corrupted and does not replicate. Laroux.C This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a BINV.XLS in XLSTART directory. Removal of BINV.XLS is recommended. XM.PLDT This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden PLDT sheet into the Spreadsheet and drops PLDT.XLS in XLSTART directory. Removal of PLDT.XLS is recommended. XM.PLDT XM.Laroux.E This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden PLDT sheet into the Spreadsheet and drops a file in XLSTART directory. Scanning XLSTART directory is recommended. XM.Laroux This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden sheet into the Spreadsheet and drops PLDT.XLS in XLSTART directory. Removal of PLDT.XLS is recommended. XM.PLDT This is a MAC version of XM.Laroux.E. See XM.Laroux.E for more details. You also need to scan the XLSTART folder. Laroux.AA Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a PERSON2.XLS in XLSTART directory. Removal of PERSON2.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a A-A.XLS in XLSTART directory and creates hidden VIRUS-EDY sheet. Removal of A-A.XLS is recommended. Laroux Laroux.AB This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a PERSONAL2.XLS in XLSTART directory. Removal of PERSONAL2.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a VACATION.XLS in XLSTART directory. Removal of VACATION.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops MERALCO.XLS in XLSTART directory. Removal of MERALCO.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a BOOK1.XLS in XLSTART directory. Removal of BOOKn.XLS is recommended (where n = number). Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops CECILIA.XLS in XLSTART directory. Removal of CECILIA.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a TAYASHIN.XLS in XLSTART directory. Removal of TAYASHIN.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a HOMGRID.XLS in XLSTART directory. Removal of HOMGRID.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops GAY.XLS in XLSTART directory. Removal of GAY.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops a CAR.XLS in XLSTART directory. Removal of CAR.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops 1.XLS in XLSTART directory. Removal of 1.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops SGV.XLS in XLSTART directory. Removal of SGV.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops WINDOS.XLS in C:\WINDOS directory. Scanning C:\WINDOS directory is recommended. Laroux FOXZ This LAROUX variant uses FOXZ module sheet and drops NEGS.XLS in XLSTART directory. Removal of NEGS.XLS is recommended. Laroux This LAROUX variant uses VIRUS module sheet and drops CREATIVE.XLS in XLSTART directory. Removal of CREATIVE.XLS is recommended. Laroux This virus infects MS Excel Spreadsheets using the VBA language. It is transmitted via .XLS files. It drops SING.XLS in XLSTART directory. Removal of SING.XLS is recommended. Laroux This Laroux variant uses PLDT module sheet. It drops PLDT.XLS in XLSTART directory. Removal of PLDT.XLS is recommended. Laroux This Laroux variant uses ME module sheet. It drops INFECTED.XLS in XLSTART directory. Removal of INFECTED.XLS is recommended. Laroux, XM.Locas This Laroux variant uses LOCAS module sheet. It drops VERA.XLS in XLSTART directory. Removal of VERA.XLS is recommended. Laroux.EO Laroux.GE Guyan This XM.Laroux variant uses GUYAN module sheet. It drops PERSONAL.XLS in XLSTART directory. Scan and repair of PERSONAL.XLS is recommended. Laroux.DR This Laroux variant uses RESULTS module sheet. It drops RESULTS.XLS in XLSTART directory. Removal of RESULTS.XLS is recommended. This Laroux variant uses the MONCI module sheet and drops DIMON.XLS in XLSTART directory. Removal of DIMON.XLS is recommended. This Laroux variant uses the SGV module sheet. It drops SGV.XLS in XLSTART directory. Removal of SGV.XLS is recommended. This Laroux variant uses SIEMENS module sheet & drops SIEMENS.XLS in XLSTART directory. Removal of SIEMENS.XLS is recommended. At 10am, 12pm, 2pm 3pm and 8pm, it moves cell around and changes cell format. This Laroux variant uses the LAWSON module sheet. It drops D-CVS.XLS in XLSTART directory. Removal of D-CVS.XLS is recommended. XM.Bayantel This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden BAYANTEL sheet into the Spreadsheet and drops BAYANTEL.XLS in XLSTART directory. Removal of BAYANTEL.XLS is recommended. This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden MARS sheet into the Spreadsheet and drops PERSONAL.XLS in XLSTART directory. Scanning of PERSONAL.XLS is recommended. This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden AOLA sheet into the Spreadsheet and drops PERSON.XLS in XLSTART directory. Removal of PERSON.XLS is recommended. This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden VIRUS sheet into the Spreadsheet and drops VIRUS.XLS in XLSTART directory. Removal of VIRUS.XLS is recommended. X97M.PTH This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden PTH sheet into the Spreadsheet and drops PERSONAL.XLS in XLSTART directory. Scanning and repairing PERSONAL.XLS is recommended. This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden MARS sheet into the Spreadsheet and drops TRIAL.XLS in XLSTART directory. Scanning of TRIAL.XLS is recommended. This Laroux variant uses VODAFONE module sheet & drops PERSONAL.XLS in XLSTART directory. Scanning PERSONAL.XLS is recommended. It adds a footer and change the uname to free Kevin referring to Kevin Mitnick This Laroux variant uses BLEQQQ module. It drops Auto2000.xls in XLSTART directory. Scanning Auto2000.xls is recommended. Majoduck This Laroux variant uses MAJODUCK_SK_1 module sheet & drops OFFICE_.XLS in XLSTART directory. Deleting OFFICE_.XLS is recommended. At random, it deletes *.B*, *.C*, *.DLL, *.HLP from current directory. This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden sheet into the Spreadsheet and drops TMN.XLS in XLSTART directory. Scanning XLSTART directory is recommended. This Laroux variant uses MARS module. It drops Personal.xls in XLSTART directory. Scanning Personal.xls is recommended. This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden sheet into the Spreadsheet and drops PERSONAL.XLS in XLSTART directory. Scanning XLSTART directory is recommended. This virus infects MS Excel Spreadsheets using the VBA language. It adds a hidden sheet into the Spreadsheet and drops PERSONAL.XLS in XLSTART directory. Scanning XLSTART directory is recommended. This virus infects Excel Spreadsheets using the VBA language. This virus has a polymorphic module name and will infect the personal.xls in the startup directory. X97M.XLScan X97M.OverKill VCX.Variant This variant of X97M.VCX drops a XLSCAN.XLS in XLSTART directory and XLSCAN.386 in \WINDOWS\SYSTEM directory. It also generates many files with VCX or INF extensions in \WINDOWS\SYSTEM directory. AMSES, NOPS, STB, Stelboo The virus is based on published code from a virus tutorial. It does not contain any intentionally damaging code. Starting Windows with the virus resident will dump you to a DOS prompt and leave the system unstable. Jack the Ripper When active in memory, Ripper will randomly corrupt disk writes. Approximately 1 in every 1,000 disk writes will be affected. The virus contains the encrypted message: (C) 1992 Jack Ripper Generic-1 The virus checks to see if it has infected a diskette every hour. If it has not infected a diskette in that time, it prints the message PARITY CHECK to the screen and hangs the computer. This virus can survive a warm boot. Contains the encrypted messages Sweden 1994 and The Junkie Virus - Written in Malmo. The virus contains no intentionally damaging code, but will corrupt .COM files over 64k. It disables the antivirus included with MS-DOS 6. JIMI In the wild in Europe. 2kb, French Boot, Neuville, Touche This virus goes resident, but does not destroy anything intentionally. It is highly prolific in Europe. THIS IS NOT A VIRUS. The EICAR Test File is an internationally recognized, non-virus code string included for analysis purposes only. Again, THIS IS NOT A VIRUS. If the Symantec AntiVirus reports this infection in a file, this means the Bloodhound (TM) system has analyzed and determined the file exhibits virus- like behavior (i.e. it may contain a new/unknown virus). If the Symantec AntiVirus reports this infection on a disk, this means the Bloodhound (TM) system has analyzed and determined the disk exhibits virus- like behavior (i.e. it may contain a new/unknown boot virus). Win32.Champ.5447.b This virus is a direct infector of Win 95 EXE files. During some infections the virus corrupts the file. W95.Marburg infects Windows 95 EXE files. It infects files in the \Windows and \Windows\System directories. The virus is polymorphic. Infected files are padded so that the filesize will be divisible by 101. W31.NEHeader is a direct infector of NE EXE files. It only replicates when run under DOS. This virus infects Windows PE EXE files. It is a memory resident virus. Infected files grow by 2048 bytes. W95.Tentacle.2048 is a memory resident virus. It infects Windows PE EXE files. This checks the system date, and if the current year is 1999 or later, the main menu bar gets rearranged. This is a Excel 97 macro virus. It creates a file in the Office\XLSTART folder called Base5874.xls. It then uses that file to replicate. This is a Excel 97 macro virus. It creates a file in the Office\XLSTART folder called 874.xls. It then uses that file to replicate. The AutoClose macro in this virus is corrupted, but replicates this virus. This is very similar to other MDMA strains. This virus will delete the entire contents of the document if the Tools/Macro menu item is selected, and replace it with a link to a web page about a popular cartoon series. W97M.DWMVCK1/ZMK.Gen This virus is a Word97 macro virus that infects Word97 documents. This virus was created by macro virus generator. This Word97 macro virus which writes its source to a file c:\Melli.dll and copies this to new host documents. In the .A variant, on September 11, this virus will replace the word and with the word Melli on infected systems. W97M.Mailissa.A This Word97 macro virus tries to email a copy of the infected document using MS Outlook. It tries to send to everyone in MS Outlook address book. In MS Word 2000, it turns security level to low. W97M.MelissaSister W97M.Melissa.C This is a modified variant of W97M.Melissa.A. The macro module is named MELISSASLITTLESISTER. It also tries to use MS Outlook the way W97M.Melissa.A does. MelissaFX This modified variant of W97M.Melissa uses a random subject line in the email address. It mails between 30% and 60% of the number of entry in MS Outlook email address book. It also sets the shared property of C drive. MYNAMEISVIRUS This non-destructive macro virus infects THISDOCUMENT module. W97M.Replicator This virus only replicates using the AutoClose macro. It is harmless. W97M.Nottice.K This macro virus only replicates, unlike other members of the WM.Nottice family. This virus is similar to WM.Cap. It disables the Tools\Macro and Tools\Customize menu items. It removes all existing macros before infecting. Information on this Windows virus will be available soon. SubSeven Server 2.1, Backdoor.SubSeven This is a backdoor trojan that creates a security hole unto your system. W32.Mypics.Worm.36352 This is a dangerous worm program that spams itself to many people. On year 2000, it will zero out the high byte of your CMOS checksum, and it will try to reformat drive c and drive d. This is a Windows NT Worm. Please refer to our write-up for more information about this virus. This is a virus that infects Windows PE files and Windows Help files. Please refer to our write-up for more information about this virus. This WORM creates c:\windows\links.vbs and c:\windows\system\rundll.vbs. It is written in VB script and user must delete these files. This WORM uses OutLook to send it self to all the addresses in the address entry book. It drops C:\windows\system\rundll.vbs and C:\windows\system\links.vbs files. BubbleBoy This WORM uses ActiveX to drop UPDATE.HTA into the windows program startup menu. This HTA Script sends out the worm email message using MS Outlook. You should delete the above file. This Worm uses Outlook to send itself to everyone in the Address Book. This Worm uses Outlook to send itself to everyone in the Address Book. It comes as an attachment called resume.txt.vbs. This worm also attempts to download a password stealer. Please visit this website for a more detailed description. http://www.sarc.com/avcenter/venc/data/ ... kworm.html Please visit this website for a more detailed description. http://www.sarc.com/avcenter/venc/data/ ... orm.b.html Chernobyl CIH_SpaceFiller PE_CIH This virus infects Win 95 EXE files. The virus may cause damage to the user's computer on the 26th of the month. The virus hides itself in unused portions of the host, so the host file size does not change. As part of its infection routine, W32.Weird drops a randomly named file with a size of 10,240 bytes. This file may be safely deleted. Win32.Kriz.3740 This virus infects Windows PE EXE files. It has a payload that gets triggered on Dec 25. It will erase the CMOS, attempt to kill the Flash BIOS and overwrite all files on all drives. W95.Kenston infects Windows 95 EXE files. Running an infected program will cause the virus to go memory resident. The virus will then infect any program that is run subsequently. This is a Windows virus. It also has a worm component infected with the same virus that spreads via e-mail. It also patches WSOCK32.DLL. A VBScript script in this file/stream appears to exhibit suspicious behavior. A JavaScript script in this file/stream appears to exhibit suspicious behavior. FLCSS.EXE needs to be deleted. Please refer to this website for a more detailed description of this virus. http://www.symantec.com/avcenter/venc/d ... .4099.html W32.FunLove.4099 is a new virus that replicates under Windows 95 and Windows NT systems and infects applications with EXE, SCR or OCX extensions. This .VBS worm replicates by mapping to shared network drives and copying itself. It keeps a logfile in the root of C:\ named NETWORK.LOG. This .VBS worm replicates by mapping to shared network drives and copying itself. This worm also drops a Dial-up networking password stealer. The worm keeps a logfile in the root of C:\ named NETWORK.LOG. This .VBS worm replicates by mapping to shared network drives and copying itself. This worm also drops a hacked version of the distributed.net client. The worm keeps a logfile in the root of C:\ named NETWORK.LOG. W32.PrettyPark This worm comes as Pretty Park.EXE in email. You need to restore a registry entry as shown in: http://www.symantec.com/avcenter/venc/d ... .worm.html This is a Win32 companion virus with ability to spread over the network and also create a backdoor. I-Worm.Happy This worm modifies WSOCK32.DLL to send itself as attachment when a posting is made to USENET or MAIL. Delete .EXE and SKA.DLL in WINDOWS\SYSTEM folder and replace WSOCK32.DLL with WSOCK32.SKA in WINDOWS\SYSTEM folder. AOL Password Stealer BuddyList.Trojan In WIN.INI, remove c:\...\RegistryReminder.exe from RUN= ; c:\...\BuddyList.exe from LOAD=. In SYSTEM.INI, remove SCRNSAVE.EXE=c:\...\WinSaver.exe Use REGEDIT to search & remove WinProfile=C:\Command.exe from Registry.

Perdon por la parrafada , y gracias por aguantarme.
Saludos.

Ese log te habla de virus y sectores, un poco creo que la historia que tampoco lo he leido mucho.. con eso no hacemos nada xD