Jump to content

No se puede eliminar un objeto sospechoso


Recommended Posts

Buenas noches, luego de la instalación y análisis de emsisoft Emergency Kit, se detectó en mi computador unos cuantos documentos malignos, los cuales dejo enviar a cuarentena y eliminarlos, sin embargo, uno de ellos me dice que no es posible eliminarlo por mi propia seguridad ya que es indispensable para windows. El nombre de este virus es "Trojan.GenericKDZ.87274 (B)". Instale y ejecute el programa FRST y obtenga los dos bloques de notas (FRST y Adittion). Posterior a este paso no se como continuar para eliminar el virus. Agradecería la ayuda, ¡muchas gracias!

Good evening, after the installation and analysis of emsisoft Emergency Kit, a few malignant documents were detected on my computer, which I allow to be quarantined and deleted, however, one of them tells me that it is not possible to delete it for my own safety since it is essential for windows. The name of this virus is "Trojan.GenericKDZ.87274 (B)". Install and run the FRST program and get the two note blocks (FRST and Addition). After this step I don't know how to continue to eliminate the virus. I would appreciate the help, thank you very much!

FRST.txt Adición.txt

Link to comment
Share on other sites

Hello @Karla,

Welcome to the Emsisoft Support Forums.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\Run: [Steam] => C:\Users\karla\AppData\Roaming\NVIDIA\dllhost.exe (Ningún archivo) <==== ATENCIÓN
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\Run: [Chrome Helper] => C:\Users\karla\AppData\Roaming\cipnfudlehwh\sdpqqxqyllaq.exe tqwisgvdzog (Ningún archivo)
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\Run: [Tiokkl] => "C:\Users\karla\AppData\Roaming\Ohccyle\Tiokkl.exe" (Ningún archivo)
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\Run: [Pxhfvxcds] => "C:\Users\karla\AppData\Roaming\Ywtpxlhit\Pxhfvxcds.exe" (Ningún archivo)
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN
Task: {31158A32-F9CE-4375-BFDA-E7746E58FC48} - System32\Tasks\A650 => C:\Users\karla\AppData\Local\Temp\A650.exe (Ningún archivo) <==== ATENCIÓN
Task: {364DE673-7BC8-4D48-8B1F-3B9367B1DB75} - System32\Tasks\xhcjncddiUJKcIU2 => rundll32 "C:\Program Files (x86)\ZOBvtrfsU\HVitJi.dll",#1
Task: {3B6A84BF-2724-4977-BBDE-350BCC236472} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 111 -t 8080 (Ningún archivo) <==== ATENCIÓN
Task: {40A79844-C661-4650-90C9-34BB1ACD8B09} - System32\Tasks\rcDIjQnUgwwbXHdrHfL2 => rundll32 "C:\Program Files (x86)\QuILNQXkoOJxC\kPgQBAY.dll",#1
Task: {4150169F-16E9-4110-9C5E-CF6401F33296} - System32\Tasks\Firefox Default Browser Agent 6D6AB84D058BCB17 => C:\Users\karla\AppData\Roaming\ceeifsh.exe (Ningún archivo) <==== ATENCIÓN
Task: {7C24F120-50F3-4D86-8F84-0148AE08866B} - System32\Tasks\qoqfggWacZlVNkXCm2 => rundll32 "C:\Program Files (x86)\VQwJOmwlmqkUQMyiyBR\esEZRGh.dll",#1
Task: {929B3E29-B2FE-4FE5-B469-D38BA9E6280D} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 110 -t 8080 (Ningún archivo) <==== ATENCIÓN
Task: {9AC6916A-51C3-4EF1-9349-D78027475B5C} - System32\Tasks\Firefox Default Browser Agent F520DCC7228D002C => C:\Users\karla\AppData\Roaming\hjeifsh.exe (Ningún archivo) <==== ATENCIÓN
Task: {B8E7354A-A5CF-4692-9BCA-B67A1EA4F374} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22890448 2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" fue desbloqueado. <==== ATENCIÓN
Task: {C6B9C3B8-9904-4E12-AA47-FFE70D4AE9C0} - \Zoocceup -> Ningún archivo <==== ATENCIÓN
Task: {CCD167A3-0D58-4C0F-909E-6C98DBB01E56} - System32\Tasks\dtGjTZsjULAjQc => rundll32 "C:\Program Files (x86)\XRudDFeqqBIU2\MHlVSictOJmiH.dll",#1
Task: {E1C4D8E7-3DED-4BE7-AC70-8CB571E57DE7} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 112 -t 8080 (Ningún archivo) <==== ATENCIÓN
Task: {E24F9509-E2A1-4D8A-9EC6-342F5945E8DE} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 114 -t 8080 (Ningún archivo) <==== ATENCIÓN
Task: {E956A64F-5BC8-4A96-ADE7-9F3E863E482D} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 113 -t 8080 (Ningún archivo) <==== ATENCIÓN
Task: {FC91ED86-BDE8-46F6-A200-BD4C9C07FAF4} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe -v 115 -t 8080 (Ningún archivo) <==== ATENCIÓN
S2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [0 2022-04-28] () <==== ATENCIÓN [cero bytes Archivo/Carpeta]
2022-05-01 20:25 - 2022-05-01 21:16 - 000238414 _____ C:\Users\karla\OneDrive\Documentos\z8ApkFfkoSP4UqgrRw171EwF.exe.jhgn
2022-05-01 19:53 - 2022-05-01 19:53 - 000003928 _____ C:\WINDOWS\system32\Tasks\AdvancedWindowsManager #6
2022-05-01 19:53 - 2022-05-01 19:53 - 000003928 _____ C:\WINDOWS\system32\Tasks\AdvancedWindowsManager #5
2022-05-01 19:53 - 2022-05-01 19:53 - 000003928 _____ C:\WINDOWS\system32\Tasks\AdvancedWindowsManager #4
2022-05-01 19:53 - 2022-05-01 19:53 - 000003928 _____ C:\WINDOWS\system32\Tasks\AdvancedWindowsManager #3
2022-05-01 19:53 - 2022-05-01 19:53 - 000003928 _____ C:\WINDOWS\system32\Tasks\AdvancedWindowsManager #2
2022-05-01 19:53 - 2022-05-01 19:53 - 000003928 _____ C:\WINDOWS\system32\Tasks\AdvancedWindowsManager #1
2022-05-01 19:51 - 2022-05-01 23:44 - 000000000 ____D C:\Program Files (x86)\YTHVujGyFyUn
2022-05-01 19:51 - 2022-05-01 22:59 - 000000000 ____D C:\Program Files (x86)\ZOBvtrfsU
2022-05-01 19:51 - 2022-05-01 22:59 - 000000000 ____D C:\Program Files (x86)\VQwJOmwlmqkUQMyiyBR
2022-05-01 19:51 - 2022-05-01 22:58 - 000000000 ____D C:\Program Files (x86)\QuILNQXkoOJxC
2022-05-01 19:51 - 2022-05-01 22:50 - 000000000 ____D C:\Program Files (x86)\XRudDFeqqBIU2
2022-05-01 19:51 - 2022-05-01 19:51 - 000003356 _____ C:\WINDOWS\system32\Tasks\dtGjTZsjULAjQc
2022-05-01 19:51 - 2022-05-01 19:51 - 000003034 _____ C:\WINDOWS\system32\Tasks\qoqfggWacZlVNkXCm2
2022-05-01 19:51 - 2022-05-01 19:51 - 000003026 _____ C:\WINDOWS\system32\Tasks\rcDIjQnUgwwbXHdrHfL2
2022-05-01 19:51 - 2022-05-01 19:51 - 000003008 _____ C:\WINDOWS\system32\Tasks\xhcjncddiUJKcIU2
2022-05-01 19:45 - 2022-05-01 20:08 - 000238414 _____ C:\Users\karla\OneDrive\Documentos\sHAzy3ysjpYHsOe3uUwDFp3d.exe.jhgn
2022-05-01 19:45 - 2022-05-01 20:08 - 000238414 _____ C:\Users\karla\OneDrive\Documentos\dBmBCwMVzJO4bwgS2lWCeYsf.exe.jhgn
2022-04-30 14:45 - 2022-04-30 14:45 - 000003830 _____ C:\WINDOWS\system32\Tasks\A650
2022-04-28 23:06 - 2022-04-28 23:06 - 000000000 ____D C:\Users\karla\AppData\Local\Yandex
2022-02-20 19:46 - 2022-02-20 19:46 - 000248375 ___SH () C:\Users\karla\AppData\Roaming\gugrsie
C:\Users\karla\AppData\Roaming\ceeifsh.exe
C:\Users\karla\AppData\Roaming\hjeifsh.exe
C:\Users\karla\AppData\Roaming\NVIDIA\dllhost.exe
C:\Users\karla\AppData\Roaming\cipnfudlehwh
C:\Users\karla\AppData\Roaming\Ohccyle
C:\Users\karla\AppData\Roaming\Ywtpxlhit
C:\Program Files (x86)\QuILNQXkoOJxC
C:\Program Files (x86)\VQwJOmwlmqkUQMyiyBR
C:\Program Files (x86)\XRudDFeqqBIU2
C:\Program Files (x86)\ZOBvtrfsU

Close Notepad.

NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

IMPORTANT: Save all of your work, as the next step may reboot your computer.

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

NOTE: If the tool warns you about an outdated version please download and run the updated version.

Also, let me know how the machine is running now, and what remaining issues you've noticed.

Link to comment
Share on other sites

Quote

 

Hola, le adjunto el bloc de notas "Fixlog", el cual se generó luego de seguir sus pasos. Estaré atenta de que pasos seguir para completar la eliminación del documento maligno. Gracias!

Hello, I am attaching the "Fixlog" notepad, which was generated after following your steps. I will be aware of what steps to follow to complete the removal of the malicious document. Thank you !

Fixlog.txt

Link to comment
Share on other sites

Ok, adjunto el análisis realizado en el kit de emergencia emsisoft y el informe FRST

PD: This was the result shown

05-05-2022 18:50:32
Durante el análisis se ha detectado un Programa malicioso "Trojan.GenericKDZ.87274 (B)" en "C:\ProgramData\Microsoft\Zsxg\jgsiaps.js:$" (SHA1: 74417aefc21ebe2bb18f4814306b6715d2794c72 )

05-05-2022 18:51:42
Durante el análisis se ha detectado un Programa malicioso "Trojan.Uztuby.4 (B)" en "C:\Users\karla\AppData\Local\Microsoft\Windows\INetCache\IE \5U2L1X1Q\search_hyperfs_310[1].exe -> (RAR Sfx o) -> [Comentario]"

FRST.txt Adición.txt escaneo_220506-154612.txt

Link to comment
Share on other sites

I would appreciate your help to know how to continue and be able to eliminate the malignant file, which does not allow quarantine because it is "indispensable for windows". I will be pending to your answer

Link to comment
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

CHR Extension: (YoutubeDownloader) - C:\Users\karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2022-05-01] [UpdateUrl:hxxps://clients54.google.com/service/update2/crx] <==== ATENCIÓN
CHR Extension: (YoutubeDownloader) - C:\Users\karla\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2022-05-01] [UpdateUrl:hxxps://clients32.google.com/service/update2/crx] <==== ATENCIÓN
CHR Extension: (YoutubeDownloader) - C:\Users\karla\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2022-05-01] [UpdateUrl:hxxps://clients65.google.com/service/update2/crx] <==== ATENCIÓN
CHR Extension: (YoutubeDownloader) - C:\Users\karla\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2022-05-01] [UpdateUrl:hxxps://clients48.google.com/service/update2/crx] <==== ATENCIÓN
CHR Extension: (YoutubeDownloader) - C:\Users\karla\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2022-05-01] [UpdateUrl:hxxps://clients52.google.com/service/update2/crx] <==== ATENCIÓN
2022-05-01 20:37 - 2022-05-01 20:37 - 000000000 ____H C:\Users\karla\BITF25C.tmp.jhgn
2022-05-01 19:47 - 2022-05-01 19:47 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2022-04-27 20:37 - 2022-04-27 20:37 - 000000000 ____H C:\Users\karla\BITF490.tmp.jhgn
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\StartupApproved\Run: => "Chrome Helper"
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\StartupApproved\Run: => "SysHelper"
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\StartupApproved\Run: => "Pxhfvxcds"
HKU\S-1-5-21-2320857334-1221082015-1052767810-1001\...\StartupApproved\Run: => "Tiokkl"
C:\$Recycle.Bin\S-1-5-21-2320857334-1221082015-1052767810-1001\$RTJCUO5.exe
C:\ProgramData\Microsoft\Zsxg\jgsiaps.js:$
C:\Users\karla\AppData\Local\Microsoft\Windows\INetCache\IE \5U2L1X1Q\search_hyperfs_310[1].exe

Close Notepad.

NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

IMPORTANT: Save all of your work, as the next step may reboot your computer.

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

NOTE: If the tool warns you about an outdated version please download and run the updated version.

Also, let me know how the machine is running now, and what remaining issues you've noticed.

Link to comment
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

C:\ProgramData\Microsoft\Zsxg

Close Notepad.

NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

IMPORTANT: Save all of your work, as the next step may reboot your computer.

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

NOTE: If the tool warns you about an outdated version please download and run the updated version.

Also, let me know how the machine is running now, and what remaining issues you've noticed.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...