Nero32b.exe creative32b.exe
guillaumix
Messages postés
6
Date d'inscription
Statut
Membre
Dernière intervention
-
guillaumix Messages postés 6 Date d'inscription Statut Membre Dernière intervention -
guillaumix Messages postés 6 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
quelqu'un saurait-il me dire ce que font ces 2 processus: nero32b.exe et creative32b.exe ... je suis un peu suspicieux!
Question bonus: comment savoir quel programme tente de se connecter à Internet ? (affichage répété et lassant du message: "vous (ou un programme) avez requis des informations à partir de ...")
Merci et bonne nuit!
Guillaume
quelqu'un saurait-il me dire ce que font ces 2 processus: nero32b.exe et creative32b.exe ... je suis un peu suspicieux!
Question bonus: comment savoir quel programme tente de se connecter à Internet ? (affichage répété et lassant du message: "vous (ou un programme) avez requis des informations à partir de ...")
Merci et bonne nuit!
Guillaume
2 réponses
Merci darkcrystal33 pour cet excellent tuyau, je ne connaissais pas ce site.
Il m'a bien détecté 2 virus pour les 2 fichiers suspects (creative32b.exe et nero32b.exe) qui n'étaient détectés ni par mon antivirus AVG, ni par Spybot. Nero32.exe est également un virus.
Les 2 se trouvaient dans le fichier Windows/system32, et avaient la particularité d'être des fichiers cachés.
Question: comment se fait-il qu'ils aient une date de modification datant de 2002, alors qu'ils ont à priori été créés il y a quelques jours sur ma machine? Ces dates là sont donc "trafiquables" ?
Je pense du coup installer Antivir, est-ce un bon choix? Y en-a-t-il des meilleurs en gratuit?
Et maintenant, plus d'infos sur ces 3 virus (malwares, en fait):
-------------------
creative32b.exe
-------------------
ce qu'il est/qui le détecte:
File: creative32b.exe
Status: INFECTED/MALWARE
Packers detected: UPX // ça veut dire quoi svp ?
AntiVir: No viruses found (1.87 seconds taken)
Avast: Win32:Rbot-DB (4.55 seconds taken)
BitDefender: Backdoor.SDBot.Gen (11.17 seconds taken)
ClamAV: Exploit.DCOM.Gen (6.87 seconds taken)
Dr.Web: Win32.HLLW.MyBot.based (6.07 seconds taken)
F-Prot Antivirus: No viruses found (0.44 seconds taken)
Kaspersky Anti-Virus: Backdoor.Win32.Rbot.gen (5.09 seconds taken)
mks_vir: No viruses found (2.78 seconds taken)
NOD32: probably unknown NewHeur_PE (probable variant) (4.13 seconds taken)
Norman Virus Control: Sandbox: W32/Backdoor; [ General information ]
ce qu'il fait:
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\creative32b.exe.
[ Changes to registry ]
* Creates value "Makes Your Windows Creative and Fast Downloader"="creative32b.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Makes Your Windows Creative and Fast Downloader"="creative32b.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
* Creates key "HKCU\Software\Microsoft\OLE".
* Sets value "Makes Your Windows Creative and Fast Downloader"="creative32b.exe" in key "HKCU\Software\Microsoft\OLE".
[ Network services ]
* Looks for an Internet connection.
* Connects to "mkk.no-ip.biz" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname [MKK]5913853.
* IRC: Uses username nfhkppya.
* IRC: Joins channel ##h4x0r## with password MKKz.
* IRC: Sets the usermode for user [MKK]5913853 to +x.
[ Process/window information ]
* Creates a mutex MKK3.
* Will automatically restart after boot (I'll be back...).
-----------------------------------
nero32b.exe
-----------------------------------
File: nero32b.exe
Status: INFECTED/MALWARE
Packers detected:EXESTEALTH, ASPACK
AntiVir: No viruses found (3.63 seconds taken)
Avast: No viruses found (10.61 seconds taken)
BitDefender: Backdoor.SDBot.Gen (23.67 seconds taken)
ClamAV: No viruses found (7.17 seconds taken)
Dr.Web: Win32.HLLW.MyBot.based (10.94 seconds taken)
F-Prot Antivirus: No viruses found (1.01 seconds taken)
Kaspersky Anti-Virus: Backdoor.Win32.Rbot.gen (9.55 seconds taken)
mks_vir: Win32.4 (probable variant) (4.17 seconds taken)
NOD32: probably unknown NewHeur_PE (probable variant) (38.50 seconds taken)
Norman Virus Control: Sandbox: W32/Malware; [ General information ]
* File might be compressed.
* **Locates window "NULL [class mIRC]" on desktop.
* File length: 108891 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\nero32b.exe.
[ Changes to registry ]
* Creates value "Nero Updater"="nero32b.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Nero Updater"="nero32b.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
* Creates key "HKCU\Software\Microsoft\OLE".
* Sets value "Nero Updater"="nero32b.exe" in key "HKCU\Software\Microsoft\OLE".
[ Network services ]
* Looks for an Internet connection.
* Connects to "musiczz.hopto.org" on port 3000 (TCP).
* Sends data stream (19 bytes) to remote address "musiczz.hopto.org", port 3000.
* Connects to IRC Server.
[ Security issues ]
* Possible backdoor functionality [Authenticate] port 113.
[ Process/window information ]
* Creates a mutex MKK5.
* Will automatically restart after boot (I'll be back...). (98.78 seconds taken)
-------------------------------------------------
nero32.exe
-------------------------------------------------
File: nero32.exe
Status: INFECTED/MALWARE
Packers detected: EXESTEALTH, ASPACK
AntiVir:No viruses found (1.33 seconds taken)
Avast: No viruses found (4.60 seconds taken)
BitDefender: Backdoor.SDBot.Gen (10.00 seconds taken)
ClamAV: No viruses found (3.19 seconds taken)
Dr.Web: Win32.HLLW.MyBot.based (5.44 seconds taken)
F-Prot Antivirus: No viruses found (0.54 seconds taken)
Kaspersky Anti-Virus: Backdoor.Win32.Rbot.gen (4.82 seconds taken)
mks_vir: Win32.4 (probable variant) (1.68 seconds taken)
NOD32: probably unknown NewHeur_PE (probable variant) (12.57 seconds taken)
Norman Virus Control: Sandbox: W32/Backdoor; [ General information ]
* File might be compressed.
* **Locates window "NULL [class mIRC]" on desktop.
* File length: 101723 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\nero32.exe.
[ Changes to registry ]
* Creates value "Nero Updater"="nero32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Nero Updater"="nero32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
* Creates key "HKCU\Software\Microsoft\OLE".
* Sets value "Nero Updater"="nero32.exe" in key "HKCU\Software\Microsoft\OLE".
[ Network services ]
* Looks for an Internet connection.
* Connects to "mkk.no-ip.biz" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname nfhkppya.
* IRC: Uses username nfhkppya.
* IRC: Joins channel #%h4x0r%# with password MkKOWnZ.
* IRC: Sets the usermode for user nfhkppya to +x.
[ Process/window information ]
* Creates a mutex MKK4.
* Will automatically restart after boot (I'll be back...).
* Enumerates running processes.
* Enumerates running processes several parses.... (87.35 seconds taken)
Enfin, tout ça me conforte aussi dans ma volonté de passer à Linux...
A+ et encore merci,
Guillaume
Il m'a bien détecté 2 virus pour les 2 fichiers suspects (creative32b.exe et nero32b.exe) qui n'étaient détectés ni par mon antivirus AVG, ni par Spybot. Nero32.exe est également un virus.
Les 2 se trouvaient dans le fichier Windows/system32, et avaient la particularité d'être des fichiers cachés.
Question: comment se fait-il qu'ils aient une date de modification datant de 2002, alors qu'ils ont à priori été créés il y a quelques jours sur ma machine? Ces dates là sont donc "trafiquables" ?
Je pense du coup installer Antivir, est-ce un bon choix? Y en-a-t-il des meilleurs en gratuit?
Et maintenant, plus d'infos sur ces 3 virus (malwares, en fait):
-------------------
creative32b.exe
-------------------
ce qu'il est/qui le détecte:
File: creative32b.exe
Status: INFECTED/MALWARE
Packers detected: UPX // ça veut dire quoi svp ?
AntiVir: No viruses found (1.87 seconds taken)
Avast: Win32:Rbot-DB (4.55 seconds taken)
BitDefender: Backdoor.SDBot.Gen (11.17 seconds taken)
ClamAV: Exploit.DCOM.Gen (6.87 seconds taken)
Dr.Web: Win32.HLLW.MyBot.based (6.07 seconds taken)
F-Prot Antivirus: No viruses found (0.44 seconds taken)
Kaspersky Anti-Virus: Backdoor.Win32.Rbot.gen (5.09 seconds taken)
mks_vir: No viruses found (2.78 seconds taken)
NOD32: probably unknown NewHeur_PE (probable variant) (4.13 seconds taken)
Norman Virus Control: Sandbox: W32/Backdoor; [ General information ]
ce qu'il fait:
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\creative32b.exe.
[ Changes to registry ]
* Creates value "Makes Your Windows Creative and Fast Downloader"="creative32b.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Makes Your Windows Creative and Fast Downloader"="creative32b.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
* Creates key "HKCU\Software\Microsoft\OLE".
* Sets value "Makes Your Windows Creative and Fast Downloader"="creative32b.exe" in key "HKCU\Software\Microsoft\OLE".
[ Network services ]
* Looks for an Internet connection.
* Connects to "mkk.no-ip.biz" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname [MKK]5913853.
* IRC: Uses username nfhkppya.
* IRC: Joins channel ##h4x0r## with password MKKz.
* IRC: Sets the usermode for user [MKK]5913853 to +x.
[ Process/window information ]
* Creates a mutex MKK3.
* Will automatically restart after boot (I'll be back...).
-----------------------------------
nero32b.exe
-----------------------------------
File: nero32b.exe
Status: INFECTED/MALWARE
Packers detected:EXESTEALTH, ASPACK
AntiVir: No viruses found (3.63 seconds taken)
Avast: No viruses found (10.61 seconds taken)
BitDefender: Backdoor.SDBot.Gen (23.67 seconds taken)
ClamAV: No viruses found (7.17 seconds taken)
Dr.Web: Win32.HLLW.MyBot.based (10.94 seconds taken)
F-Prot Antivirus: No viruses found (1.01 seconds taken)
Kaspersky Anti-Virus: Backdoor.Win32.Rbot.gen (9.55 seconds taken)
mks_vir: Win32.4 (probable variant) (4.17 seconds taken)
NOD32: probably unknown NewHeur_PE (probable variant) (38.50 seconds taken)
Norman Virus Control: Sandbox: W32/Malware; [ General information ]
* File might be compressed.
* **Locates window "NULL [class mIRC]" on desktop.
* File length: 108891 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\nero32b.exe.
[ Changes to registry ]
* Creates value "Nero Updater"="nero32b.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Nero Updater"="nero32b.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
* Creates key "HKCU\Software\Microsoft\OLE".
* Sets value "Nero Updater"="nero32b.exe" in key "HKCU\Software\Microsoft\OLE".
[ Network services ]
* Looks for an Internet connection.
* Connects to "musiczz.hopto.org" on port 3000 (TCP).
* Sends data stream (19 bytes) to remote address "musiczz.hopto.org", port 3000.
* Connects to IRC Server.
[ Security issues ]
* Possible backdoor functionality [Authenticate] port 113.
[ Process/window information ]
* Creates a mutex MKK5.
* Will automatically restart after boot (I'll be back...). (98.78 seconds taken)
-------------------------------------------------
nero32.exe
-------------------------------------------------
File: nero32.exe
Status: INFECTED/MALWARE
Packers detected: EXESTEALTH, ASPACK
AntiVir:No viruses found (1.33 seconds taken)
Avast: No viruses found (4.60 seconds taken)
BitDefender: Backdoor.SDBot.Gen (10.00 seconds taken)
ClamAV: No viruses found (3.19 seconds taken)
Dr.Web: Win32.HLLW.MyBot.based (5.44 seconds taken)
F-Prot Antivirus: No viruses found (0.54 seconds taken)
Kaspersky Anti-Virus: Backdoor.Win32.Rbot.gen (4.82 seconds taken)
mks_vir: Win32.4 (probable variant) (1.68 seconds taken)
NOD32: probably unknown NewHeur_PE (probable variant) (12.57 seconds taken)
Norman Virus Control: Sandbox: W32/Backdoor; [ General information ]
* File might be compressed.
* **Locates window "NULL [class mIRC]" on desktop.
* File length: 101723 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\nero32.exe.
[ Changes to registry ]
* Creates value "Nero Updater"="nero32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Nero Updater"="nero32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
* Creates key "HKCU\Software\Microsoft\OLE".
* Sets value "Nero Updater"="nero32.exe" in key "HKCU\Software\Microsoft\OLE".
[ Network services ]
* Looks for an Internet connection.
* Connects to "mkk.no-ip.biz" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname nfhkppya.
* IRC: Uses username nfhkppya.
* IRC: Joins channel #%h4x0r%# with password MkKOWnZ.
* IRC: Sets the usermode for user nfhkppya to +x.
[ Process/window information ]
* Creates a mutex MKK4.
* Will automatically restart after boot (I'll be back...).
* Enumerates running processes.
* Enumerates running processes several parses.... (87.35 seconds taken)
Enfin, tout ça me conforte aussi dans ma volonté de passer à Linux...
A+ et encore merci,
Guillaume