Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Spyder.RV

[Resolvido] Malware forcando falsa atualização dos navegadores

Recommended Posts

Boa tarde.

 

Ao acessar sites, todos os navegadores apresentam mensagem que o navegador precisa ser atualizado e redirecionam para um endereço com final /Update dentro do site que foi acessado. Exemplo: ao acessar www.uol.com.br ele coloca www.uol.com.br/Update

mesmo o endereço nem existindo nos sites eles aparecem na barra de endereço dos navegadores; e em alguns sites como google.com, bing.com ele nem faz isso e já nem conecta no site dando erro de acesso.

 

O problema aaconteceu no Chrome, Firefox e IE. Eu já passei varios antivirus e algumas ferramentas de remoção de malware mas o problema persiste.

 

Segue log do HijackThis abaixo:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:04:22, on 26/10/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Samsung\Easy Software Manager
\SWMAgent.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings
\MovieColorEnhancer.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings
\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution
5\WCScheduler.exe
C:\Program Files (x86)\Samsung\Easy Support Center
\SSCKbdHk.exe
C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer
\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
R1 - HKLM\Software\Microsoft\Internet Explorer
\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?
LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer
\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?
LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
R0 - HKLM\Software\Microsoft\Internet Explorer
\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer
\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer
\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-
12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files
(x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-
B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java
\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-
D17F00898D06} - C:\Program Files\AVAST Software\Avast
\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-
42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-
B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN
\gbieh.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-
45B7-42AE-A9AA-ABA463DBD3BF} - C:
\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-
435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java
\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox
\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST
Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files
(x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows
\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows
\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &Enviar para o OneNote -
res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft
Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-
4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft
Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files
(x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0
-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files
(x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync -
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files
(x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote -
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files
(x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote
- {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files
(x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated
graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1}
- C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520}
- C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-
00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft
Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files
(x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice)
- Adobe Systems Incorporated - C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service
(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -
C:\windows\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) -
Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 +
High Speed Service (AMPPALR3) - Intel Corporation - C:
\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST
Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast
Software - C:\Program Files\AVAST Software\Avast\ng\vbox
\AvastVBoxSVC.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation -
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation -
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation -
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0
+ High Speed Security Service (BTHSSecurityMgr) - Intel®
Corporation - C:\Program Files\Intel\BluetoothHS
\BTHSSecurityMgr.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdate)
(dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox
\Update\DropboxUpdate.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdatem)
(dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox
\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) -
Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) -
Intel® Corporation - C:\Program Files\Intel\WiFi\bin
\EvtEng.exe
O23 - Service: ExpressCache - Diskeeper Corporation - C:
\Program Files\Diskeeper Corporation\ExpressCache
\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax)
- Unknown owner - C:\windows\system32\fxssvc.exe (file
missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:
\Program Files (x86)\WildGames\Game Console - WildGames
\GameConsoleService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:
\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) -
Google Inc. - C:\Program Files (x86)\Google\Update
\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem)
- Google Inc. - C:\Program Files (x86)\Google\Update
\GoogleUpdate.exe
O23 - Service: @%SystemRoot%
\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService)
- Unknown owner - C:\windows\system32\IEEtwCollector.exe
(file missing)
O23 - Service: FF Install Filter Service
(InstallFilterService) - Unknown owner - C:\Program Files
(x86)\STMicroelectronics\Accelerometer
\InstallFilterService.exe
O23 - Service: Intel® Rapid Start Technology Service
(irstrtsv) - Intel Corporation - C:\windows
\SysWOW64\irstrtsv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application
Local Management Service (LMS) - Intel Corporation - C:
\Program Files (x86)\Intel\Intel® Management Engine
Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files
(x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service
(MozillaMaintenance) - Mozilla Foundation - C:\Program Files
(x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -
C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) -
Unknown owner - C:\Program Files\Intel\WiFi\bin
\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102
(Netlogon) - Unknown owner - C:\windows\system32\lsass.exe
(file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300
(ProtectedStorage) - Unknown owner - C:\windows
\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service
(RegSrvc) - Intel® Corporation - C:\Program Files\Common
Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2
(RpcLocator) - Unknown owner - C:\windows
\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) -
Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - Unknown owner - C:\Program
Files\KMSpico\Service_KMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype
Technologies - C:\Program Files (x86)\Skype\Updater
\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3
(SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe
(file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1
(Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe
(file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101
(sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe
(file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH -
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101
(UI0Detect) - Unknown owner - C:\windows
\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application
User Notification Service (UNS) - Intel Corporation - C:
\Program Files (x86)\Intel\Intel® Management Engine
Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003
(VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe
(file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) -
Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:
\Program Files\RealVNC\VNC Server\vncserver.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) -
Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:
\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601
(WatAdminSvc) - Unknown owner - C:\windows\system32\Wat
\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104
(wbengine) - Unknown owner - C:\windows\system32\wbengine.exe
(file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
(wmiApSrv) - Unknown owner - C:\windows\system32\wbem
\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player
\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:
\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file
missing)
--
End of file - 12657 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Spyder, eu vou estar analisando o seu caso.

  • Baixe: <ZHPDiag3 ><Nicolas_zpsd607e812.jpg> ( ...Nicolas Coolman)
  • Na página, clique Download_Icon_zps720da3eb.jpg
  • Salve-a no Desktop (Área de trabalho)
  • Dê um duplo clique para executar Icon_zhpdiag3_zpsaigd3wcv.jpg.
  • Para Windows 7, 8 clique direito e depois em run_as_adm1_zps9c608e64.png
  • Clique "Eu"
Zhpdiag_Scanner_zpshjnbdojm.jpg
  • Clique em Scanner
  • Após a Conclusão
Relatoacuterio_Zhpdiag_zps0pigbrby.jpg
  • Clique em Relatório
  • Obs: O relatório por ser extenso deve ser postado em um desses sites:
  • Acesse: <cjoint_zpse4622b2d.jpg>
  • Ou acesse:<logo_zps572d7597_1.gif>
  • Maiores informações:<Link> << Hospedagem !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Spyder,

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

  • Baixe:<ZHPCleaner_zpsad937aa4.jpg> (...by Nicolas Coolman)
  • Na página, clique Download_Icon_zps720da3eb.jpg
  • Salve-a na Desktop (Área de trabalho)
  • Execute ZHPCleaner.exe.
  • Clique "Eu"
d7ef32d891247a8f8eb82506abf57bd6_zpsrzb3
  • Clique Scanner.
9g2LW3p_zpseormtr4k.jpg
  • Ao concluir,clique Reparar.
  • Aguarde a Conclusão !
49038bb041103b5091e80efa77a00a0c_zps0qgi
  • Clique Relatório.
  • Poste o Relatório.
  • Baixe: <adwcleaner_zps702dd724.png> (...par Xplode)
  • Salve-a na sua Desktop (área de trabalho).
  • Feche todos os programas e navegadores de internet abertos.
  • Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
Administrador_zpsd2d1d317.jpg
AdwCleanerexaminar_zpsd5f3cfb4.jpg
  • Clique em Examinar, para iniciar o escaneamento!
AdwCleanerlimpar_zpsec0cb5a1.jpg
  • Ao término, clique em limpar
  • Copie o log ou clique "Relatório".
  • Poste o relatório.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde.

 

Agradeço a atenção excepcional prestada nesse tópico. Porém o equipamento precisará ser formatado por outras razões então não há motivo para continuar com os procedimentos.

 

Solicito o fechamento do tópico!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.