Sujet Précédent Sujet Suivant

Tr/dropper.gen

Résolu
barnes37 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je suis harcelé par ce virus TR/DROPPER.GEN

Antivir me signale sa présence et me demande de le mettre en quarantaine,ce que je fais;mais cela ne l'empêche pas de revenir sans cesse.

Comment m'en débarrasser?

Voici le rapport de l'analyse antivir :

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, H:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 30 mars 2009 13:10

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FTCOMModule.exe' - '1' Module(s) have been scanned
Scan process 'OraConfigRecover.exe' - '1' Module(s) have been scanned
Scan process 'CoreCom.exe' - '1' Module(s) have been scanned
Scan process 'ConnectivityManager.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lxbycoms.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'ceymgya.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxbymon.exE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'brs.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PDVD8Serv.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
56 processes with 56 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{60FA3411-1F92-4BFD-976F-961DE0290D2B}\RP172\A0044009.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a00abc7.qua'!
C:\System Volume Information\_restore{60FA3411-1F92-4BFD-976F-961DE0290D2B}\RP173\A0045128.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a00abd5.qua'!
Begin scan in 'H:\' <ACERDATA>

End of the scan: lundi 30 mars 2009 13:32
Used time: 21:49 Minute(s)

The scan has been done completely.

6083 Scanning directories
205579 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
205576 Files not concerned
2461 Archives were scanned
5 Warnings
2 Notes

Merci pour votre aide

2 réponses

Réponse 1 / 2
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
cela va etre rapide!

vire ce qui est en quarantaine dans antivir

puis

Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com

voilà tu peux mettre résolu !
0
barnes37
 
Merci pour ton aide;je ne sais pas comment feraient les internautes du dimanche comme moi sans ce forum ;)
0
Réponse 2 / 2
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

bonne suite

rq: toute infection debutant par C:\System Volume Information\_restore ...

est dans ta restauration alors il suffit de la désactiver pour la purger puis la remettre
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse