Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

BiBO

[Arquivado] Sou no aqui e to com problemas com TR/Spy.Banker.2652

Recommended Posts

Entrou um virus em meu computador e toda hora o avira detecta o mesmo virus no mesmo local (TR/Spy.Banker.265216) em C:\Program Files\GbPlugin\gbieh.dll e eu queria saber como fasso para retirar esse virus do meu computador

Obrigado pela atenção!

 

segue abaixo meu log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:34:14, on 14/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox 3.5 Preview\firefox.exe

C:\Windows\system32\prevhost.exe

C:\program files\avira\antivir desktop\avcenter.exe

C:\Users\Anibal Dias\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun

O4 - HKCU\..\Run: [uniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{C1C73D4D-4054-41F1-82B6-FFD035C0719D}: NameServer = 200.165.132.155 200.149.55.140

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

 

--

End of file - 6777 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! BiBO

 

Entrou um virus em meu computador e toda hora o avira detecta o mesmo virus no mesmo local (TR/Spy.Banker.265216) em C:\Program Files\GbPlugin\gbieh.dll e eu queria saber como fasso para retirar esse virus do meu computador

<!> Esse aviso,de seu antivírus,é um FALSO POSITIVO.

<!> Configure o Avira,portanto,para que ignore esse ficheiro,ao ser detectado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

:blink: Desculpe , mas a minha preucupação é por causa q meu pai usa o PC para acessar contas de banco e esse arquivo onde sempre é encontrado o virus C:\Program Files\GbPlugin\gbieh.dll é um arquivo pertencente ao Banco do Brasil e esse virus ,TR/Spy.Banker.265216, é um Trojan

 

segue abaixo outro log feito e o report file do avira

 

(LOG)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:49:27, on 14/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox 3.5 Preview\firefox.exe

C:\Windows\System32\notepad.exe

C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE

C:\Program Files\Avira\AntiVir Desktop\avnotify.exe

C:\Users\Anibal Dias\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{C1C73D4D-4054-41F1-82B6-FFD035C0719D}: NameServer = 200.165.132.155 200.149.55.140

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

 

--

End of file - 6869 bytes

 

(AVIRA REPORT)

 

Avira AntiVir Personal

Report file date: terça-feira, 14 de julho de 2009 18:44

 

Scanning for 1520675 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (Service Pack 1) [6.0.6001]

Boot mode : Normally booted

Username : Anibal Dias

Computer name : PEREIRADIAS-PC

 

Version information:

BUILD.DAT : 9.0.0.403 Bytes 03/06/2009 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 10/06/2009 01:09:07

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 13:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 14:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 22:54:05

ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 12/07/2009 01:23:46

ANTIVIR3.VDF : 7.1.4.228 64512 Bytes 14/07/2009 03:27:59

Engineversion : 8.2.0.204

AEVDF.DLL : 8.1.1.1 106868 Bytes 15/05/2009 19:38:02

AESCRIPT.DLL : 8.1.2.13 426362 Bytes 02/07/2009 22:54:48

AESCN.DLL : 8.1.2.3 127347 Bytes 15/05/2009 19:38:02

AERDL.DLL : 8.1.2.2 438642 Bytes 02/07/2009 22:54:43

AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 21:43:31

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 16:45:41

AEHEUR.DLL : 8.1.0.137 1823095 Bytes 26/06/2009 22:51:26

AEHELP.DLL : 8.1.3.6 205174 Bytes 11/06/2009 13:29:24

AEGEN.DLL : 8.1.1.48 348532 Bytes 02/07/2009 22:54:36

AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 17:32:40

AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 21:43:24

AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 17:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 13:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 17:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 13:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 15/05/2009 19:38:02

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 13:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 18:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 11:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 13:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 10/06/2009 01:09:07

RCTEXT.DLL : 9.0.37.0 86785 Bytes 15/05/2009 19:38:02

 

Configuration settings for the scan:

Jobname.............................: ShlExt

Configuration file..................: C:\Users\ANIBAL~1\AppData\Local\Temp\8acbb832.avp

Logging.............................: high

Primary action......................: quarantine

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: off

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Expanded search settings............: 0x08300432

 

Start of the scan: terça-feira, 14 de julho de 2009 18:44

 

Starting the file scan:

 

Begin scan in 'C:\Program Files\GbPlugin\gbieh.dll'

C:\Program Files\GbPlugin\

gbieh.dll

[DETECTION] Is the TR/Spy.Banker.265216 Trojan

[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003

[WARNING] The file could not be deleted!

[NOTE] Attempting to perform action using the ARK library.

[NOTE] An ARK library instance is already running.

[WARNING] The file was ignored!

 

 

End of the scan: terça-feira, 14 de julho de 2009 18:44

Used time: 00:00 Minute(s)

 

The scan has been done completely.

 

0 Scanned directories

1 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

0 Files not concerned

0 Archives were scanned

1 Warnings

1 Notes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! BiBO

 

Desculpe , mas a minha preucupação é por causa q meu pai usa o PC para acessar contas de banco e esse arquivo onde sempre é encontrado o virus C:\Program Files\GbPlugin\gbieh.dll é um arquivo pertencente ao Banco do Brasil e esse virus ,TR/Spy.Banker.265216, é um Trojan

<!> Esse ficheiro,detectado pelo Avira,como TR/Spy.Banker.265216 é uma falsa detecção.

<!> Para sanar dúvidas,vamos submeter o arquivo ( gbieh.dll ) à uma bateria de testes.

<><><><><><><><><>

<@> Submeta este ficheiro,abaixo,a uma análise em: < VirSCAN.org >

 

<!> C:\Program Files\GbPlugin\gbieh.dll <-- Indique o caminho à este arquivo!

 

<@> Terminando,clique em "Copiar para a 'Area'" ou salve-o como texto.

<@> A tabela,que aparece,pode ser selecionada e copiada para o Bloco de Notas. <-- Poste!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pronto ,Obrigado

mas ele detectou varios tipo

segue a baixo as informaçoes do escaneamento:

 

 

Informações do Arquivo

Nome do Arquivo : gbieh.dll

Tamanho do Arquivo : 271152 byte

Tipo do Arquivo : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi

MD5 : 1d5fa9fd81d9e4bbd075dc83fd57bbe9

SHA1 : 8ced2a34654b408bf9825e8f35b7b4f4f32ebef3

 

Resultado da Verificação

Resultado da Verificação : 13% Software(5/38) encontrou código malicioso!

Tempo : 2009/07/16 09:10:04 (ACT)

Software ↓ Versão Versão Ass. Data Ass. Resultado da verificação Tempo

a-squared 4.5.0.3 20090716213250 2009-07-16

-

0.325

AhnLab V3 2009.07.16.00 2009.07.16 2009-07-16

-

0.950

AntiVir 8.2.0.215 7.1.4.244 2009-07-16

-

0.268

Antiy 2.0.18 20090716.2619098 2009-07-16

-

0.122

Arcavir 2009 200907160755 2009-07-16

-

0.036

Authentium 5.1.1 200907152202 2009-07-15

W32/Heuristic-210!Eldorado (Heuristic)

4.707

AVAST! 4.7.4 090716-0 2009-07-16

-

0.102

AVG 8.5.288 270.13.16/2241 2009-07-16

-

1.966

BitDefender 7.81008.3731964 7.26626 2009-07-16

Trojan.Banker.Delf.YXU

3.354

CA (VET) 9.0.0.143 31.6.6616 2009-07-15

-

7.322

ClamAV 0.95.2 9572 2009-07-16

-

0.045

Comodo 3.10 1671 2009-07-16

-

5.685

CP Secure 1.1.0.715 2009.07.16 2009-07-16

-

11.183

Dr.Web 4.44.0.9170 2009.07.16 2009-07-16

-

5.431

F-Prot 4.4.4.56 20090715 2009-07-15

Possible W32/Heuristic-210!Eldorado (not disinfectable)

4.444

F-Secure 5.51.6100 2009.07.16.05 2009-07-16

-

6.259

Fortinet 2.81-3.120 10.612 2009-07-15

-

1.009

GData 19.6493/19.398 20090716 2009-07-16

-

4.526

Ikarus T3.1.01.64 2009.07.16.73046 2009-07-16

-

3.211

JiangMin 11.0.800 2009.07.16 2009-07-16

-

3.581

Kaspersky 5.5.10 2009.07.16 2009-07-16

-

0.243

KingSoft 2009.2.5.15 2009.7.16.15 2009-07-16

-

0.638

McAfee 5.3.00 5677 2009-07-15

-

6.009

Microsoft 1.4803 2009.07.16 2009-07-16

-

5.537

mks_vir 2.01 2009.07.15 2009-07-15

-

3.223

Norman 6.01.09 6.01.00 2009-07-09

-

4.016

nProtect 20090716.01 4760023 2009-07-16

Trojan.Banker.Delf.YXU

8.183

Panda 9.05.01 2009.07.15 2009-07-15

-

4.877

Quick Heal 10.00 2009.07.16 2009-07-16

-

1.204

Rising 20.0 21.38.34.00 2009-07-16

-

1.225

Sophos 2.88.0 4.43 2009-07-16

-

3.082

Sunbelt 5258 5258 2009-07-16

-

3.771

Symantec 1.3.0.24 20090715.016 2009-07-15

-

0.319

The Hacker 6.3.4.3 v00368 2009-07-15

-

0.703

Trend Micro 8.700-1004 6.280.01 2009-07-15

-

2.385

VBA32 3.12.10.8 20090715.0746 2009-07-15

-

2.611

ViRobot 20090716 2009.07.16 2009-07-16

-

0.427

VirusBuster 4.5.11.10 10.108.8/1837978 2009-07-15

TrojanSpy.Banker.CERO

2.231

AVISO: Alguns softwares podem apresentar um falso positivo quando reportam um código malicioso, por isso você deve julgá-la por si mesmo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pronto ,Obrigado

mas ele detectou varios tipo

segue a baixo as informaçoes do escaneamento:

 

 

Informações do Arquivo

Nome do Arquivo : gbieh.dll

Tamanho do Arquivo : 271152 byte

Tipo do Arquivo : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi

MD5 : 1d5fa9fd81d9e4bbd075dc83fd57bbe9

SHA1 : 8ced2a34654b408bf9825e8f35b7b4f4f32ebef3

 

Resultado da Verificação

Resultado da Verificação : 13% Software(5/38) encontrou código malicioso!

Tempo : 2009/07/16 09:10:04 (ACT)

Software ↓ Versão Versão Ass. Data Ass. Resultado da verificação Tempo

a-squared 4.5.0.3 20090716213250 2009-07-16

-

0.325

AhnLab V3 2009.07.16.00 2009.07.16 2009-07-16

-

0.950

AntiVir 8.2.0.215 7.1.4.244 2009-07-16

-

0.268

Antiy 2.0.18 20090716.2619098 2009-07-16

-

0.122

Arcavir 2009 200907160755 2009-07-16

-

0.036

Authentium 5.1.1 200907152202 2009-07-15

W32/Heuristic-210!Eldorado (Heuristic)

4.707

AVAST! 4.7.4 090716-0 2009-07-16

-

0.102

AVG 8.5.288 270.13.16/2241 2009-07-16

-

1.966

BitDefender 7.81008.3731964 7.26626 2009-07-16

Trojan.Banker.Delf.YXU

3.354

CA (VET) 9.0.0.143 31.6.6616 2009-07-15

-

7.322

ClamAV 0.95.2 9572 2009-07-16

-

0.045

Comodo 3.10 1671 2009-07-16

-

5.685

CP Secure 1.1.0.715 2009.07.16 2009-07-16

-

11.183

Dr.Web 4.44.0.9170 2009.07.16 2009-07-16

-

5.431

F-Prot 4.4.4.56 20090715 2009-07-15

Possible W32/Heuristic-210!Eldorado (not disinfectable)

4.444

F-Secure 5.51.6100 2009.07.16.05 2009-07-16

-

6.259

Fortinet 2.81-3.120 10.612 2009-07-15

-

1.009

GData 19.6493/19.398 20090716 2009-07-16

-

4.526

Ikarus T3.1.01.64 2009.07.16.73046 2009-07-16

-

3.211

JiangMin 11.0.800 2009.07.16 2009-07-16

-

3.581

Kaspersky 5.5.10 2009.07.16 2009-07-16

-

0.243

KingSoft 2009.2.5.15 2009.7.16.15 2009-07-16

-

0.638

McAfee 5.3.00 5677 2009-07-15

-

6.009

Microsoft 1.4803 2009.07.16 2009-07-16

-

5.537

mks_vir 2.01 2009.07.15 2009-07-15

-

3.223

Norman 6.01.09 6.01.00 2009-07-09

-

4.016

nProtect 20090716.01 4760023 2009-07-16

Trojan.Banker.Delf.YXU

8.183

Panda 9.05.01 2009.07.15 2009-07-15

-

4.877

Quick Heal 10.00 2009.07.16 2009-07-16

-

1.204

Rising 20.0 21.38.34.00 2009-07-16

-

1.225

Sophos 2.88.0 4.43 2009-07-16

-

3.082

Sunbelt 5258 5258 2009-07-16

-

3.771

Symantec 1.3.0.24 20090715.016 2009-07-15

-

0.319

The Hacker 6.3.4.3 v00368 2009-07-15

-

0.703

Trend Micro 8.700-1004 6.280.01 2009-07-15

-

2.385

VBA32 3.12.10.8 20090715.0746 2009-07-15

-

2.611

ViRobot 20090716 2009.07.16 2009-07-16

-

0.427

VirusBuster 4.5.11.10 10.108.8/1837978 2009-07-15

TrojanSpy.Banker.CERO

2.231

AVISO: Alguns softwares podem apresentar um falso positivo quando reportam um código malicioso, por isso você deve julgá-la por si mesmo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! BiBO

 

< file.net >

 

gbieh.dll file information

 

The process Gbieh Module belongs to the software Banco do Brasil Gbieh or gbieh.dll by Banco do Brasil (www.bb.com.br).

 

Description: File gbieh.dll is located in a subfolder of C:\Windows (typically C:\WINDOWS\Downloaded Program Files\). Known file sizes on Windows XP are 134,144 bytes (26% of all occurrence), 228,392 bytes, 213,032 bytes, 113,664 bytes, 209,448 bytes, 156,200 bytes, 226,344 bytes, 79,872 bytes, 121,344 bytes, 117,248 bytes.

This .dll file is a Browser Helper Object (BHO) that runs automatically every time you start your Internet browser. BHOs are not stopped by personal firewalls, because they are identified by the firewall as your browser itself. BHOs are often used by adware and spyware. The unique ID of this BHO is C41A1C0E-EA6C-11D4-B1B8-444553540000. The program is not visible. File gbieh.dll is not a Windows system file. File gbieh.dll is able to monitor Internet browser. gbieh.dll is able to record inputs, manipulate other programs. Therefore the technical security rating is 48% dangerous, however also read the users reviews.

<!> Essa CLSID,é a mesma que está em seu computador:

 

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

 

Resultado da Verificação : 13% Software(5/38) encontrou código malicioso!

<!> Nesta verificação,a porcentagem é baixa para que se confirme alguma infecção.

 

<!> Pesquisando no LD,temos: < CLSID - C41A1C0E-EA6C-11D4-B1B8-444553540000 >

<!> O que mostra,também,a legitimidade de gbieh.dll.

<><><><><><><><><><>

<!> Ps: Vá nas configurações do Avira,e coloque gbieh.dll em exclusões no "Guard". ( proteção em tempo real )

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.