BiBO 0 Denunciar post Postado Julho 14, 2009 Entrou um virus em meu computador e toda hora o avira detecta o mesmo virus no mesmo local (TR/Spy.Banker.265216) em C:\Program Files\GbPlugin\gbieh.dll e eu queria saber como fasso para retirar esse virus do meu computador Obrigado pela atenção! segue abaixo meu log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:34:14, on 14/07/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox 3.5 Preview\firefox.exe C:\Windows\system32\prevhost.exe C:\program files\avira\antivir desktop\avcenter.exe C:\Users\Anibal Dias\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun O4 - HKCU\..\Run: [uniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{C1C73D4D-4054-41F1-82B6-FFD035C0719D}: NameServer = 200.165.132.155 200.149.55.140 O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe -- End of file - 6777 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 14, 2009 Boa Tarde! BiBO Entrou um virus em meu computador e toda hora o avira detecta o mesmo virus no mesmo local (TR/Spy.Banker.265216) em C:\Program Files\GbPlugin\gbieh.dll e eu queria saber como fasso para retirar esse virus do meu computador <!> Esse aviso,de seu antivírus,é um FALSO POSITIVO. <!> Configure o Avira,portanto,para que ignore esse ficheiro,ao ser detectado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
BiBO 0 Denunciar post Postado Julho 14, 2009 :blink: Desculpe , mas a minha preucupação é por causa q meu pai usa o PC para acessar contas de banco e esse arquivo onde sempre é encontrado o virus C:\Program Files\GbPlugin\gbieh.dll é um arquivo pertencente ao Banco do Brasil e esse virus ,TR/Spy.Banker.265216, é um Trojan segue abaixo outro log feito e o report file do avira (LOG) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:49:27, on 14/07/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox 3.5 Preview\firefox.exe C:\Windows\System32\notepad.exe C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE C:\Program Files\Avira\AntiVir Desktop\avnotify.exe C:\Users\Anibal Dias\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{C1C73D4D-4054-41F1-82B6-FFD035C0719D}: NameServer = 200.165.132.155 200.149.55.140 O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe -- End of file - 6869 bytes (AVIRA REPORT) Avira AntiVir Personal Report file date: terça-feira, 14 de julho de 2009 18:44 Scanning for 1520675 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Windows version : (Service Pack 1) [6.0.6001] Boot mode : Normally booted Username : Anibal Dias Computer name : PEREIRADIAS-PC Version information: BUILD.DAT : 9.0.0.403 Bytes 03/06/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 10/06/2009 01:09:07 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 13:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 14:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 13:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 22:54:05 ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 12/07/2009 01:23:46 ANTIVIR3.VDF : 7.1.4.228 64512 Bytes 14/07/2009 03:27:59 Engineversion : 8.2.0.204 AEVDF.DLL : 8.1.1.1 106868 Bytes 15/05/2009 19:38:02 AESCRIPT.DLL : 8.1.2.13 426362 Bytes 02/07/2009 22:54:48 AESCN.DLL : 8.1.2.3 127347 Bytes 15/05/2009 19:38:02 AERDL.DLL : 8.1.2.2 438642 Bytes 02/07/2009 22:54:43 AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 21:43:31 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 16:45:41 AEHEUR.DLL : 8.1.0.137 1823095 Bytes 26/06/2009 22:51:26 AEHELP.DLL : 8.1.3.6 205174 Bytes 11/06/2009 13:29:24 AEGEN.DLL : 8.1.1.48 348532 Bytes 02/07/2009 22:54:36 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 17:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 21:43:24 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 17:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 13:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 17:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 13:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 15/05/2009 19:38:02 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 13:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 18:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 11:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 13:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 10/06/2009 01:09:07 RCTEXT.DLL : 9.0.37.0 86785 Bytes 15/05/2009 19:38:02 Configuration settings for the scan: Jobname.............................: ShlExt Configuration file..................: C:\Users\ANIBAL~1\AppData\Local\Temp\8acbb832.avp Logging.............................: high Primary action......................: quarantine Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: off Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Expanded search settings............: 0x08300432 Start of the scan: terça-feira, 14 de julho de 2009 18:44 Starting the file scan: Begin scan in 'C:\Program Files\GbPlugin\gbieh.dll' C:\Program Files\GbPlugin\ gbieh.dll [DETECTION] Is the TR/Spy.Banker.265216 Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] The file could not be deleted! [NOTE] Attempting to perform action using the ARK library. [NOTE] An ARK library instance is already running. [WARNING] The file was ignored! End of the scan: terça-feira, 14 de julho de 2009 18:44 Used time: 00:00 Minute(s) The scan has been done completely. 0 Scanned directories 1 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 0 Files not concerned 0 Archives were scanned 1 Warnings 1 Notes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 15, 2009 Boa Noite! BiBO Desculpe , mas a minha preucupação é por causa q meu pai usa o PC para acessar contas de banco e esse arquivo onde sempre é encontrado o virus C:\Program Files\GbPlugin\gbieh.dll é um arquivo pertencente ao Banco do Brasil e esse virus ,TR/Spy.Banker.265216, é um Trojan <!> Esse ficheiro,detectado pelo Avira,como TR/Spy.Banker.265216 é uma falsa detecção. <!> Para sanar dúvidas,vamos submeter o arquivo ( gbieh.dll ) à uma bateria de testes. <><><><><><><><><> <@> Submeta este ficheiro,abaixo,a uma análise em: < VirSCAN.org > <!> C:\Program Files\GbPlugin\gbieh.dll <-- Indique o caminho à este arquivo! <@> Terminando,clique em "Copiar para a 'Area'" ou salve-o como texto. <@> A tabela,que aparece,pode ser selecionada e copiada para o Bloco de Notas. <-- Poste! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
BiBO 0 Denunciar post Postado Julho 16, 2009 Pronto ,Obrigado mas ele detectou varios tipo segue a baixo as informaçoes do escaneamento: Informações do Arquivo Nome do Arquivo : gbieh.dll Tamanho do Arquivo : 271152 byte Tipo do Arquivo : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi MD5 : 1d5fa9fd81d9e4bbd075dc83fd57bbe9 SHA1 : 8ced2a34654b408bf9825e8f35b7b4f4f32ebef3 Resultado da Verificação Resultado da Verificação : 13% Software(5/38) encontrou código malicioso! Tempo : 2009/07/16 09:10:04 (ACT) Software ↓ Versão Versão Ass. Data Ass. Resultado da verificação Tempo a-squared 4.5.0.3 20090716213250 2009-07-16 - 0.325 AhnLab V3 2009.07.16.00 2009.07.16 2009-07-16 - 0.950 AntiVir 8.2.0.215 7.1.4.244 2009-07-16 - 0.268 Antiy 2.0.18 20090716.2619098 2009-07-16 - 0.122 Arcavir 2009 200907160755 2009-07-16 - 0.036 Authentium 5.1.1 200907152202 2009-07-15 W32/Heuristic-210!Eldorado (Heuristic) 4.707 AVAST! 4.7.4 090716-0 2009-07-16 - 0.102 AVG 8.5.288 270.13.16/2241 2009-07-16 - 1.966 BitDefender 7.81008.3731964 7.26626 2009-07-16 Trojan.Banker.Delf.YXU 3.354 CA (VET) 9.0.0.143 31.6.6616 2009-07-15 - 7.322 ClamAV 0.95.2 9572 2009-07-16 - 0.045 Comodo 3.10 1671 2009-07-16 - 5.685 CP Secure 1.1.0.715 2009.07.16 2009-07-16 - 11.183 Dr.Web 4.44.0.9170 2009.07.16 2009-07-16 - 5.431 F-Prot 4.4.4.56 20090715 2009-07-15 Possible W32/Heuristic-210!Eldorado (not disinfectable) 4.444 F-Secure 5.51.6100 2009.07.16.05 2009-07-16 - 6.259 Fortinet 2.81-3.120 10.612 2009-07-15 - 1.009 GData 19.6493/19.398 20090716 2009-07-16 - 4.526 Ikarus T3.1.01.64 2009.07.16.73046 2009-07-16 - 3.211 JiangMin 11.0.800 2009.07.16 2009-07-16 - 3.581 Kaspersky 5.5.10 2009.07.16 2009-07-16 - 0.243 KingSoft 2009.2.5.15 2009.7.16.15 2009-07-16 - 0.638 McAfee 5.3.00 5677 2009-07-15 - 6.009 Microsoft 1.4803 2009.07.16 2009-07-16 - 5.537 mks_vir 2.01 2009.07.15 2009-07-15 - 3.223 Norman 6.01.09 6.01.00 2009-07-09 - 4.016 nProtect 20090716.01 4760023 2009-07-16 Trojan.Banker.Delf.YXU 8.183 Panda 9.05.01 2009.07.15 2009-07-15 - 4.877 Quick Heal 10.00 2009.07.16 2009-07-16 - 1.204 Rising 20.0 21.38.34.00 2009-07-16 - 1.225 Sophos 2.88.0 4.43 2009-07-16 - 3.082 Sunbelt 5258 5258 2009-07-16 - 3.771 Symantec 1.3.0.24 20090715.016 2009-07-15 - 0.319 The Hacker 6.3.4.3 v00368 2009-07-15 - 0.703 Trend Micro 8.700-1004 6.280.01 2009-07-15 - 2.385 VBA32 3.12.10.8 20090715.0746 2009-07-15 - 2.611 ViRobot 20090716 2009.07.16 2009-07-16 - 0.427 VirusBuster 4.5.11.10 10.108.8/1837978 2009-07-15 TrojanSpy.Banker.CERO 2.231 AVISO: Alguns softwares podem apresentar um falso positivo quando reportam um código malicioso, por isso você deve julgá-la por si mesmo. Compartilhar este post Link para o post Compartilhar em outros sites
BiBO 0 Denunciar post Postado Julho 16, 2009 Pronto ,Obrigado mas ele detectou varios tipo segue a baixo as informaçoes do escaneamento: Informações do Arquivo Nome do Arquivo : gbieh.dll Tamanho do Arquivo : 271152 byte Tipo do Arquivo : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi MD5 : 1d5fa9fd81d9e4bbd075dc83fd57bbe9 SHA1 : 8ced2a34654b408bf9825e8f35b7b4f4f32ebef3 Resultado da Verificação Resultado da Verificação : 13% Software(5/38) encontrou código malicioso! Tempo : 2009/07/16 09:10:04 (ACT) Software ↓ Versão Versão Ass. Data Ass. Resultado da verificação Tempo a-squared 4.5.0.3 20090716213250 2009-07-16 - 0.325 AhnLab V3 2009.07.16.00 2009.07.16 2009-07-16 - 0.950 AntiVir 8.2.0.215 7.1.4.244 2009-07-16 - 0.268 Antiy 2.0.18 20090716.2619098 2009-07-16 - 0.122 Arcavir 2009 200907160755 2009-07-16 - 0.036 Authentium 5.1.1 200907152202 2009-07-15 W32/Heuristic-210!Eldorado (Heuristic) 4.707 AVAST! 4.7.4 090716-0 2009-07-16 - 0.102 AVG 8.5.288 270.13.16/2241 2009-07-16 - 1.966 BitDefender 7.81008.3731964 7.26626 2009-07-16 Trojan.Banker.Delf.YXU 3.354 CA (VET) 9.0.0.143 31.6.6616 2009-07-15 - 7.322 ClamAV 0.95.2 9572 2009-07-16 - 0.045 Comodo 3.10 1671 2009-07-16 - 5.685 CP Secure 1.1.0.715 2009.07.16 2009-07-16 - 11.183 Dr.Web 4.44.0.9170 2009.07.16 2009-07-16 - 5.431 F-Prot 4.4.4.56 20090715 2009-07-15 Possible W32/Heuristic-210!Eldorado (not disinfectable) 4.444 F-Secure 5.51.6100 2009.07.16.05 2009-07-16 - 6.259 Fortinet 2.81-3.120 10.612 2009-07-15 - 1.009 GData 19.6493/19.398 20090716 2009-07-16 - 4.526 Ikarus T3.1.01.64 2009.07.16.73046 2009-07-16 - 3.211 JiangMin 11.0.800 2009.07.16 2009-07-16 - 3.581 Kaspersky 5.5.10 2009.07.16 2009-07-16 - 0.243 KingSoft 2009.2.5.15 2009.7.16.15 2009-07-16 - 0.638 McAfee 5.3.00 5677 2009-07-15 - 6.009 Microsoft 1.4803 2009.07.16 2009-07-16 - 5.537 mks_vir 2.01 2009.07.15 2009-07-15 - 3.223 Norman 6.01.09 6.01.00 2009-07-09 - 4.016 nProtect 20090716.01 4760023 2009-07-16 Trojan.Banker.Delf.YXU 8.183 Panda 9.05.01 2009.07.15 2009-07-15 - 4.877 Quick Heal 10.00 2009.07.16 2009-07-16 - 1.204 Rising 20.0 21.38.34.00 2009-07-16 - 1.225 Sophos 2.88.0 4.43 2009-07-16 - 3.082 Sunbelt 5258 5258 2009-07-16 - 3.771 Symantec 1.3.0.24 20090715.016 2009-07-15 - 0.319 The Hacker 6.3.4.3 v00368 2009-07-15 - 0.703 Trend Micro 8.700-1004 6.280.01 2009-07-15 - 2.385 VBA32 3.12.10.8 20090715.0746 2009-07-15 - 2.611 ViRobot 20090716 2009.07.16 2009-07-16 - 0.427 VirusBuster 4.5.11.10 10.108.8/1837978 2009-07-15 TrojanSpy.Banker.CERO 2.231 AVISO: Alguns softwares podem apresentar um falso positivo quando reportam um código malicioso, por isso você deve julgá-la por si mesmo. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 17, 2009 Bom Dia! BiBO < file.net > gbieh.dll file information The process Gbieh Module belongs to the software Banco do Brasil Gbieh or gbieh.dll by Banco do Brasil (www.bb.com.br). Description: File gbieh.dll is located in a subfolder of C:\Windows (typically C:\WINDOWS\Downloaded Program Files\). Known file sizes on Windows XP are 134,144 bytes (26% of all occurrence), 228,392 bytes, 213,032 bytes, 113,664 bytes, 209,448 bytes, 156,200 bytes, 226,344 bytes, 79,872 bytes, 121,344 bytes, 117,248 bytes. This .dll file is a Browser Helper Object (BHO) that runs automatically every time you start your Internet browser. BHOs are not stopped by personal firewalls, because they are identified by the firewall as your browser itself. BHOs are often used by adware and spyware. The unique ID of this BHO is C41A1C0E-EA6C-11D4-B1B8-444553540000. The program is not visible. File gbieh.dll is not a Windows system file. File gbieh.dll is able to monitor Internet browser. gbieh.dll is able to record inputs, manipulate other programs. Therefore the technical security rating is 48% dangerous, however also read the users reviews. <!> Essa CLSID,é a mesma que está em seu computador: O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll Resultado da Verificação : 13% Software(5/38) encontrou código malicioso! <!> Nesta verificação,a porcentagem é baixa para que se confirme alguma infecção. <!> Pesquisando no LD,temos: < CLSID - C41A1C0E-EA6C-11D4-B1B8-444553540000 > <!> O que mostra,também,a legitimidade de gbieh.dll. <><><><><><><><><><> <!> Ps: Vá nas configurações do Avira,e coloque gbieh.dll em exclusões no "Guard". ( proteção em tempo real ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Agosto 18, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
