pues bien busque en el registro y encontre la entrada la elimine peor sigue ahi, les cuento que como el pc esta en red el virus sigue alli, lo subi a virus total y este fue el resultado
Motor antivirus Versión Última actualización Resultado
a-squared 4.5.0.50 2010.04.15 Gen.Trojan!IK
AhnLab-V3 5.0.0.2 2010.04.15 -
AntiVir 7.10.6.109 2010.04.15 TR/Spy.8192.133
Antiy-AVL 2.0.3.7 2010.04.15 -
Authentium 5.2.0.5 2010.04.15 -
Avast 4.8.1351.0 2010.04.14 Win32:VB-OOH
Avast5 5.0.332.0 2010.04.14 Win32:VB-OOH
AVG 9.0.0.787 2010.04.15 -
BitDefender 7.2 2010.04.15 Gen:Trojan.Heur.GZ.amGfbWYhn9c
CAT-QuickHeal 10.00 2010.04.15 -
ClamAV 0.96.0.3-git 2010.04.15 -
Comodo 4606 2010.04.15 Heur.Suspicious
DrWeb 5.0.2.03300 2010.04.15 -
eSafe 7.0.17.0 2010.04.14 Win32.HEURMalware
eTrust-Vet 35.2.7427 2010.04.15 -
F-Prot 4.5.1.85 2010.04.15 -
F-Secure 9.0.15370.0 2010.04.15 Gen:Trojan.Heur.GZ.amGfbWYhn9c
Fortinet 4.0.14.0 2010.04.15 W32/New
GData 19 2010.04.15 Gen:Trojan.Heur.GZ.amGfbWYhn9c
Ikarus T3.1.1.80.0 2010.04.15 Gen.Trojan
Jiangmin 13.0.900 2010.04.15 -
Kaspersky 7.0.0.125 2010.04.15 -
McAfee 5.400.0.1158 2010.04.15 New Malware.d
McAfee-GW-Edition 6.8.5 2010.04.15 Trojan.Spy.8192.133
Microsoft 1.5605 2010.04.15 -
NOD32 5031 2010.04.15 -
Norman 6.04.11 2010.04.15 -
nProtect 2010-04-15.02 2010.04.15 -
Panda 10.0.2.7 2010.04.15 Trj/CI.A
PCTools 7.0.3.5 2010.04.15 -
Prevx 3.0 2010.04.15 -
Rising 22.43.03.04 2010.04.15 Trojan.Win32.Generic.51FDD359
Sophos 4.52.0 2010.04.15 -
Sunbelt 6179 2010.04.15 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.04.15 -
TheHacker 6.5.2.0.262 2010.04.15 -
TrendMicro 9.120.0.1004 2010.04.15 Possible_Otorun8
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.15.2278 2010.04.15 -
VirusBuster 5.0.27.0 2010.04.15 -
Información adicional
File size: 8192 bytes
MD5 : 5b80ab11e472cd8e26ef1ade5855e17e
SHA1 : de419bef0506018388809d88656653ce268303f5
SHA256: c7fc695e08413581a624c6de5d580929547bee27be4e1802385eaadbdb09bd9e
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xAFA0
timedatestamp.....: 0x4B4E21C8 (Wed Jan 13 20:40:56 2010)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xA000 0x2000 0x1200 7.54 7efec95a807984a002c5dcb29df3cb48
.rsrc 0xC000 0x1000 0xC00 2.53 1dd1b0ef037ae21690481d99b2ab4ba7
( 2 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> msvbvm50.dll: -
( 0 exports )
TrID : File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Symantec reputation: Suspicious.Insight
http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 ssdeep: 96:MEN6kDcNm29nYW2KCkqSxgJa7gQ1UiHx/hlsop0n/etQRuL:MGbf22tTSKugkUahaopi/enL
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
RDS : NSRL Reference Data Set
-
espero sugerencias