A voir également:
- Aide pour le virus 2aaxaiy
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
2 réponses
waoooh, vous êtes vraiment infécté, mais est ce que votre antivirus est à jour? car si c'etait un simple virus, alors on pouvait l'enlever manuelement, mais apparament il infecte impeu partout.
alors il n' y a (à mon avis) que changer votre antivirus, essayez de telecharger aast home (gatuit) chez avast.com.
:-)
alors il n' y a (à mon avis) que changer votre antivirus, essayez de telecharger aast home (gatuit) chez avast.com.
:-)
# Filename(s) File Size File MD5 Alias
1 c:\2aaxaiy.exe 109 006 bytes 0xEB6E19B30046927756F404E6107179B1 (not available)
2 c:\autorun.inf 222 bytes 0x3E586CD8128BA5D03CCBC121909E7421 (not available)
3 %System%\nmdfgds0.dll
%System%\nmdfgds2.dll 95 744 bytes 0xB38446B3438B17476E96DB79580DECF9 PWS:Win32/Frethog.gen!B [Microsoft]
4 %System%\olhrwef.exe
[file and pathname of the sample #1] 109 006 bytes 0xAFB5C50BB0CEFC3966A4FD78B4EABC9D Worm:Win32/Taterf.B [Microsoft]
Note:
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Memory Modifications
There were new processes created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 266 240 bytes
iexplore.exe %ProgramFiles%\Internet Explorer\iexplore.exe 102 400 bytes
olhrwef.exe %System%\olhrwef.exe 266 240 bytes
Notes:
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
The following modules were loaded into the address space of other process(es):
Module Name Module Filename Address Space Details
nmdfgds2.dll %System%\nmdfgds2.dll Process name: explorer.exe
Process filename: %Windir%\explorer.exe
Address space: 0x2120000 - 0x2157000
nmdfgds0.dll %System%\nmdfgds0.dll Process name: IEXPLORE.EXE
Process filename: %ProgramFiles%\internet explorer\iexplore.exe
Address space: 0x1C00000 - 0x1C37000
Registry Modifications
The newly created Registry Value is:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
cdoosoft = "%System%\olhrwef.exe"
so that olhrwef.exe runs every time Windows starts
The following Registry Value was modified:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
CheckedValue = 0x00000000
so that hidden files and folders are not displayed in explorer when browsing the file system