Adware Malversing o Similar

David_Lemoine · 24 Marzo, 2021 17:18

Hola, en todos los exploradores web de mi pc, aparece publicidad no deseada, sobre todo en google y youtube. Agrego unas imagenes de la publicidad que aparece.

Por el momento use, Eset, Malwerebytes, adwcleaner_8.2, ninguno detecta nada, la única forma en que la publicidad desaparece es usando un VPN.

Imagenes:

David_Lemoine · 24 Marzo, 2021 18:16

[CODE][B]~~~~~~~~~~~| Inicio: [/B]

*IFS (InfoSpyware First Steps) v 1.3 *www.InfoSpyware.com | www.ForoSpyware.com *Iniciado: 24/03/2021 a las 15h.10m.11s

[B]~~~~~~~~~~~| Información del Sistema:[/B]

OS: Microsoft Windows 10 Pro x64 Idioma: Spanish (Spain, International Sort) (|es-ES) Permisos de Administrador / ON Windows se Inició en Modo Normal Drive: C:\Windows (Install: \Device\HarddiskVolume8)

[B]~~~~~~~~~~~| Arquitectura Fisica:[/B]

CPU: MSI CPU Modelo: MS-7A15 Procesador: Intel(R) Core™ i7-7700K CPU @ 4.20GHz (x64-BasedPC) Memoria RAM: 16 Gb. En Uso: 23 % Video: NVIDIA GeForce GTX 1060 6GB Chip: GeForce GTX 1060 6GB Capacidad video:-1 MB (Integrated RAMDAC)

[B]~~~~~~~~~~~| Unidades[/B]

C: [FIXED|NTFS|Windows] - [223.6 Gb][99.0 Gb][124.5 Gb] D: [FIXED|NTFS|Juegos] - [930.0 Gb][325.9 Gb][604.6 Gb] E: [FIXED|NTFS|Pelis] - [2794.4 Gb][120.3 Gb][2674.1 Gb] C:\ Fragmentación total 59.57% - Desfragmentar unidad D:\ Fragmentación total 72.40% - Desfragmentar unidad E:\ Fragmentación total 3.51% - Correcto

[B]~~~~~~~~~~~| Seguridad del SO[/B]

SafeBoot: Inicio en Modo seguro Correcto Security Center: Correcto (Servicio Activo) Windows Update: El servicio no está activo AV: ESET Security Protección Residente [OFF] / Actualizado AV: Windows Defender Protección Residente [ON] / Actualizado AV: Malwarebytes Protección Residente [OFF] / Actualizado FW: Windows Firewall Habilitado

[B]~~~~~~~~~~~| Update Check[/B]

Internet Explorer Versión Instalada 11 Google Chrome Versión Instalada 89.0.4389.90

[B]~~~~~~~~~~~| Process List[/B]

MsMpEng.exe (Windows Defender)

[B]~~~~~~~~~~~| Install Check[/B]

CCleaner [5.77]

[B]~~~~~~~~~~~| Registry Check[/B]

HKLM\Run(x64): [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe HKLM\Run(x64): [WindowsDefender] “%ProgramFiles%\Windows Defender\MSASCuiL.exe” HKLM\Run: [USB_Speed_Up] “C:\MSI\MSI USB Speed Up\USB_Speed_Up.exe”/mini HKLM\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN HKLM\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun HKLM\Run: [Unified Remote V3] “C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe” HKLM\Run: [EpicGamesLauncher] “C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe” -silent HKLM\Run: [Opera Browser Assistant] C:\Users\David\AppData\Local\Programs\Opera\assistant\browser_assistant.exe HKLM\Run: [OneDrive] “C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe” /background HKLM\Run: [CCleaner Smart Cleaning] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR Winlogon(x64): Shell = explorer.exe Winlogon: Shell = explorer.exe Userinit(x64): Userinit = C:\Windows\system32\userinit.exe Userinit: Userinit = C:\Windows\system32\userinit.exe

[HKCR…open\command] → Navegador Preferido es Internet Explorer StarPage:hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 StarPage:hxxp://go.microsoft.com/fwlink/?LinkId=54896

[B]~~~~~~~~~~~| PUPs Check[/B]

HKLM64\SOFTWARE\Partner

[B]~~~~~~~~~~~| Listado 7 Días (Predeterminado)[/B]

[24/03/2021 13:34] - C:\Windows\pss [24/03/2021 01:16] - C:$SysReset [21/03/2021 01:52] - C:\AdwCleaner [24/03/2021 15:09] - C:\FSTool [24/03/2021 15:10] - C:\IFS.log [24/03/2021 00:26] - C:\OneDriveTemp

[B]~~~~~~~~~~~| C:\Windows\Tasks:[/B]

[24/03/2021 13:35] - C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job

[B]~~~~~~~~~~~| End Report[/B] *Finalizado 15:13:59 *Se limpiaron los archivos temporales *[1599815] C:\Users\David\Desktop\IFS.exe *Herramienta de Análisis e investigación [/CODE]

David_Lemoine · 24 Marzo, 2021 18:16

Farbar Service Scanner Version: 23-12-2020 Ran by David (administrator) on 24-03-2021 at 15:06:32 Running from “C:\Users\David\Desktop” Microsoft Windows 10 Pro (X64) Boot Mode: Normal

Internet Services:

Connection Status:

Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Policy:

Windows Security:

Windows Update:

wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv: “%systemroot%\system32\svchost.exe -k netsvcs -p”. The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

Windows Defender:

WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend: ““C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe””.

Windows Defender Disabled Policy:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] “DisableAntiSpyware”=DWORD:1

Other Services:

File Check:

C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\Drivers\afd.sys => File is digitally signed C:\Windows\System32\Drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\SecurityHealthService.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

David_Lemoine · 24 Marzo, 2021 18:18

-------------------------------

Malwarebytes AdwCleaner 8.2.0.0

-------------------------------

Build: 03-22-2021

Database: 2021-03-22.1 (Cloud)

Support: https://www.malwarebytes.com/support

-------------------------------

Mode: Scan

-------------------------------

Start: 03-24-2021

Duration: 00:00:09

OS: Windows 10 Pro

Scanned: 31976

Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner[S00].txt - [2709 octets] - [21/03/2021 01:52:37] AdwCleaner[C00].txt - [2660 octets] - [21/03/2021 01:52:53] AdwCleaner[S01].txt - [1526 octets] - [21/03/2021 15:11:10] AdwCleaner[C01].txt - [1717 octets] - [21/03/2021 15:12:07] AdwCleaner[S02].txt - [1649 octets] - [23/03/2021 19:27:51] AdwCleaner[C02].txt - [1839 octets] - [23/03/2021 19:28:07] AdwCleaner[S03].txt - [1771 octets] - [24/03/2021 00:46:34] AdwCleaner[S04].txt - [1832 octets] - [24/03/2021 13:37:55] AdwCleaner[C04].txt - [2022 octets] - [24/03/2021 13:38:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ##########

Marr0n · 26 Marzo, 2021 03:01

Hola, buenas @David_Lemoine

¿Desde cuándo empezaste a notar esos simpatomas?

¿Los relacionas con algún hecho/acción que realizaste últimamente en tu máquina por ejemplo: descargar ‘X’ archivo, instalar ‘Y’ programa…?

Traes los logs de Malwerebytes y Eset ay que no los has puesto.

Salu2.