[Vírus - Arquivo Bolenjx]

Mas esse vírus virou o administrador do sistema, eu não tenho mais o acesso ao painel de controle...para você ter idéia eu não posso nem parar uma pendrive no USB.

Eu havia comentado isso no outro fórum....quando me falaram para utilizar o ComboFix que necessitava desativar o firewall...mas eu não tenho mais acesso ao Firewall.

O link do outro fórum http://linhadefensiva.uol.com.br/forum/ind...showtopic=61048

Obrigado

Ingo

[Vírus - Arquivo Bolenjx]

Simplesmente nem roda... Dei duplo clique sobre o ícone e absolutamente nada acontece; clicando com o botão direito do mouse sobre a fução "abrir" não acontece nada....

Valeu...

[Vírus - Arquivo Bolenjx]

Olá, acabei de me cadastrar e tentei instalar o HijackThis.exe mas ele não roda. Olhei no msconfig e vi o bolenjx.exe e o bolenja.exe e através de dica duduh_capixaba do forúm instalei e rodei 2 outros programas: o McAfee Rootkit Detective e o Trojan Remover 6.6.5.

Os 2 programas detectam um dos 2 arquivos, confirmam a interrupção dos processos mas ao reiniciar, eles voltam.

Obs: nenhum anti-virus abre, avg, HijackThis, (o Ad-Aware roda mas não encontra nada.)

Mando abaixo o Log do Trojan Remover que é o único que eu tenho, desculpe pelo tamanho do log mas é o único que eu consigo.

Espero uma ajuda e agradeço !!!!

Ingo

***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****

28/1/2008 22:32:27: Trojan Remover has been restarted

C:\WINDOWS\system32\bolenjx.exe has been renamed to C:\WINDOWS\system32\bolenjx.exe.vir

=======================================================

Deleting the following registry value(s):

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[bolenjx] - deleted

=======================================================

Trojan Remover forced a System Restart by terminating WINLOGON.EXE.

The Cleanup Utility was used to remove locked registry keys.

28/1/2008 22:32:27: Trojan Remover closed

************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****

Trojan Remover Ver 6.6.5.2510. For information, email support@simplysup1.com

[unregistered version]

Scan started at: 28/1/2008 22:29:04

Using Database v6919

Operating System: Windows XP Professional Service Pack 2 (Build 2600)

File System: NTFS

Data directory: C:\Documents and Settings\Leticia_Arq\Dados de aplicativos\Simply Super Software\Trojan Remover\

Logfile directory: C:\Documents and Settings\Leticia_Arq\Meus documentos\Simply Super Software\Trojan Remover Logfiles\

Program directory: C:\Arquivos de programas\Trojan Remover\

Running with Administrator privileges

**************************************************

**************************************************

22:29:04: Scanning ----------WIN.INI-----------

WIN.INI found in C:\WINDOWS

**************************************************

22:29:04: Scanning --------SYSTEM.INI---------

SYSTEM.INI found in C:\WINDOWS

**************************************************

22:29:04: ----- SCANNING FOR ROOTKIT SERVICES -----

No hidden Services were detected.

**************************************************

22:29:05: Scanning -----WINDOWS REGISTRY-----

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

This key's "Shell" value calls the following program(s):

File: Explorer.exe

C:\WINDOWS\Explorer.exe

1035264 bytes

Created: 9/9/2002

Modified: 13/6/2007

Company: Microsoft Corporation

----------

This key's "Userinit" value calls the following program(s):

File: C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\userinit.exe

24576 bytes

Created: 9/9/2002

Modified: 4/8/2004

Company: Microsoft Corporation

----------

This key's "System" value appears to be blank

----------

This key's "UIHost" value calls the following program:

File: logonui.exe

C:\WINDOWS\system32\logonui.exe

515072 bytes

Created: 9/9/2002

Modified: 4/8/2004

Company: Microsoft Corporation

----------

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Value Name: load

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value Name: SoundMan

Value Data: SOUNDMAN.EXE

C:\WINDOWS\SOUNDMAN.EXE

-R- 55296 bytes

Created: 13/2/2005

Modified: 16/7/2003

Company: Realtek Semiconductor Corp.

--------------------

Value Name: AVG7_CC

Value Data: C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

579072 bytes

Created: 26/4/2007

Modified: 20/12/2007

Company: GRISOFT, s.r.o.

--------------------

Value Name: !AVG Anti-Spyware

Value Data: "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

6731312 bytes

Created: 11/6/2007

Modified: 11/6/2007

Company: GRISOFT s.r.o.

--------------------

Value Name: MSConfig

Value Data: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

159744 bytes

Created: 13/2/2005

Modified: 4/8/2004

Company: Microsoft Corporation

--------------------

Value Name: TrojanScanner

Value Data: C:\Arquivos de programas\Trojan Remover\Trjscan.exe

C:\Arquivos de programas\Trojan Remover\Trjscan.exe

737872 bytes

Created: 28/1/2008

Modified: 3/1/2008

Company: Simply Super Software

--------------------

Value Name: bolenjx

Value Data: bolenjx.exe

C:\WINDOWS\system32\bolenjx.exe

14336 bytes

Created: 28/1/2008

Modified: 28/1/2008

Company:

C:\WINDOWS\system32\bolenjx.exe appears to be in-use/locked

bolenjx.exe - this registry value has been removed

C:\WINDOWS\system32\bolenjx.exe - process is either not running or could not be terminated

C:\WINDOWS\system32\bolenjx.exe - file ownership assigned to: LETICIA\Leticia_Arq

C:\WINDOWS\system32\bolenjx.exe - process is either not running or could not be terminated

C:\WINDOWS\system32\bolenjx.exe - file has been neutralised

C:\WINDOWS\system32\bolenjx.exe has been marked for renaming when the PC is restarted

--------------------

--------------------

LOG MUITO LONGO....TRECHO CORTADO

**************************************************

=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===

Scan completed at: 28/1/2008 22:29:53

-------------------------------------------------------------------------

One or more files could not be moved or renamed as requested.

They may be in use by Windows, so Trojan Remover needs

to restart the system in order to deal with these files.

28/1/2008 22:29:57: restart commenced

************************************************************

***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****

28/1/2008 22:20:35: Trojan Remover has been restarted

C:\WINDOWS\system32\bolenjx.exe has been renamed to C:\WINDOWS\system32\bolenjx.exe.vir

=======================================================

Deleting the following registry value(s):

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[bolenjx] - deleted

=======================================================

Trojan Remover forced a System Restart by terminating WINLOGON.EXE.

The Cleanup Utility was used to remove locked registry keys.

28/1/2008 22:20:35: Trojan Remover closed

************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****

Trojan Remover Ver 6.6.5.2510. For information, email support@simplysup1.com

[unregistered version]

Scan started at: 28/1/2008 22:16:15

Using Database v6919

Operating System: Windows XP Professional Service Pack 2 (Build 2600)

File System: NTFS

Data directory: C:\Documents and Settings\Leticia_Arq\Dados de aplicativos\Simply Super Software\Trojan Remover\

Logfile directory: C:\Documents and Settings\Leticia_Arq\Meus documentos\Simply Super Software\Trojan Remover Logfiles\

Program directory: C:\Arquivos de programas\Trojan Remover\

Running with Administrator privileges

**************************************************

**************************************************

22:16:16: Scanning ----------WIN.INI-----------

WIN.INI found in C:\WINDOWS

**************************************************

22:16:16: Scanning --------SYSTEM.INI---------

SYSTEM.INI found in C:\WINDOWS

**************************************************

22:16:16: ----- SCANNING FOR ROOTKIT SERVICES -----

No hidden Services were detected.

**************************************************

22:16:16: Scanning -----WINDOWS REGISTRY-----

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

This key's "Shell" value calls the following program(s):

File: Explorer.exe

C:\WINDOWS\Explorer.exe

1035264 bytes

Created: 9/9/2002

Modified: 13/6/2007

Company: Microsoft Corporation

----------

This key's "Userinit" value calls the following program(s):

File: C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\userinit.exe

24576 bytes

Created: 9/9/2002

Modified: 4/8/2004

Company: Microsoft Corporation

----------

This key's "System" value appears to be blank

----------

This key's "UIHost" value calls the following program:

File: logonui.exe

C:\WINDOWS\system32\logonui.exe

515072 bytes

Created: 9/9/2002

Modified: 4/8/2004

Company: Microsoft Corporation

----------

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Value Name: load

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value Name: SoundMan

Value Data: SOUNDMAN.EXE

C:\WINDOWS\SOUNDMAN.EXE

-R- 55296 bytes

Created: 13/2/2005

Modified: 16/7/2003

Company: Realtek Semiconductor Corp.

--------------------

Value Name: AVG7_CC

Value Data: C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

579072 bytes

Created: 26/4/2007

Modified: 20/12/2007

Company: GRISOFT, s.r.o.

--------------------

Value Name: !AVG Anti-Spyware

Value Data: "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

6731312 bytes

Created: 11/6/2007

Modified: 11/6/2007

Company: GRISOFT s.r.o.

--------------------

Value Name: MSConfig

Value Data: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

159744 bytes

Created: 13/2/2005

Modified: 4/8/2004

Company: Microsoft Corporation

--------------------

Value Name: TrojanScanner

Value Data: C:\Arquivos de programas\Trojan Remover\Trjscan.exe

C:\Arquivos de programas\Trojan Remover\Trjscan.exe

737872 bytes

Created: 28/1/2008

Modified: 3/1/2008

Company: Simply Super Software

--------------------

Value Name: bolenjx

Value Data: bolenjx.exe

C:\WINDOWS\system32\bolenjx.exe

14336 bytes

Created: 28/1/2008

Modified: 28/1/2008

O LOG É MUITO GRANDE....APAGUEI O RESTANTE....CASO SEJA NECESSÁRIO POSSO ENVIAR POR EMAIL.

Ingo