Solucionado sguiendo este post de
http://forums.spywareinfo.com/index....owtopic=63261:
This will need another step after this, as you also have a Wareout infection (your ISP is not in the Ukraine, correct?)
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
SpyAxe
Then using Windows Explorer, delete the following folder if still there"
C:\Program Files\SpyAxe
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Next, Download, install, and update the free version of Ewido trojan scanner:
* When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Run Ewido --- When you run it for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
* From the main ewido screen, click on update in the left menu, then click the Start update button.
* After the update finishes (the status bar at the bottom will display "Update successful")
* Exit Ewido. DO NOT scan yet.
If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):
O2 - BHO: HomepageBHO - {724510c3-f3c8-4fb7-879a-d99f29008a2f} - C:\WINDOWS\system32\hpA529.tmp (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
You can optionally check the following entry. This entry checks with Sun's Java updates site to see if newer Java versions are available. Simply visit
http://java.sun.com or just run the Java Plug-In Control Panel to see if there is an update available:
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
You can optionally check the following entry. This entry is used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Run Ewido
* Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
* If Ewido finds anything, it will pop up a notification. Please select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
* When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.
Restart your computer in normal mode.
Run the Panda online virus scan at
http://www.pandasoftware.com/products/activescan.htm
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Next, your version of Sun Java is outdated and should be updated. You should download the offline installer from
http://www.java.com/en/download/manual.jsp, uninstall your currently installed version from Add or Remove Programs (if you have older versions listed uninstall them also), reboot, and then install the new version. You should uninstall the old version first, as if you simply update to the new version, it leaves the older version still installed.
Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
