Virus fenetre This computer is Being Attacked
Fermé
quentin
-
2 mars 2010 à 21:50
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 3 mars 2010 à 21:27
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 3 mars 2010 à 21:27
A voir également:
- Virus fenetre This computer is Being Attacked
- This is foot avis - Forum Consommation et internet
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- This is the mail system at host ✓ - Forum Messagerie
5 réponses
jlpjlp
Messages postés
51574
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 042
2 mars 2010 à 21:54
2 mars 2010 à 21:54
slt
le rapport malwarebyte dont tu parle il est où?
_______________
tu as windows 98 ou xp???
_____________
si xp:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
rq: firefox n'est pas à jour
le rapport malwarebyte dont tu parle il est où?
_______________
tu as windows 98 ou xp???
_____________
si xp:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
rq: firefox n'est pas à jour
je n'ai pas transmis le résultat de MalwareByte donc le voici
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshop.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmanager.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Worm.AutoRun) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\exefile\nevershowext (Trojan.Autorun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sys (Worm.Archive) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Delete on reboot.
Fichier(s) infecté(s):
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\autorun.inf (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\MS-DOS.com (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\rndll32.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\tskmgr.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Drivers.cab.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\Boom.vbs (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Fonts.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\tskmgr.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Media\rndll32.pif (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshop.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmanager.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Worm.AutoRun) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\exefile\nevershowext (Trojan.Autorun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sys (Worm.Archive) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Delete on reboot.
Fichier(s) infecté(s):
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\autorun.inf (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\MS-DOS.com (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\rndll32.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\tskmgr.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Drivers.cab.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\Boom.vbs (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Fonts.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\tskmgr.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Media\rndll32.pif (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com (Worm.AutoRun) -> Quarantined and deleted successfully.
jlpjlp
Messages postés
51574
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 042
2 mars 2010 à 22:00
2 mars 2010 à 22:00
message 1
Merci, sa c'est de l'éfficacité, honnetement, j'essaye depuis 10 jours de dégager cette merde et la en 10 minute c'est réglé. Vraiment merci beaucoup pour le coup de main.
Bonne soirée.
Bonne soirée.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51574
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 042
3 mars 2010 à 21:27
3 mars 2010 à 21:27
tu as le rapport combofix pour vérifier???