Virus fenetre This computer is Being Attacked
quentin
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Voila j'ai un virus qui me pourri bien la vie, toutes les 20 secondes un fenetre s'ouvre et se ballade pendant quelques secondes avec écrit "this computer is being attacked" il y a aussi un bip qui sonne toutes les 5 secondes,
j'y connais pas grand choses, je suis étudiant et j'ai vraiment besoin de mon ordinateur en ce moment, même si je peux toujours l'utliser sa me stress vraiment pour bosser. Donc votre aide sera vraiment apprécié
Merci d'avance
J'ai windows 98, j'utilise Firefox . J'ai déja éssayé plusieurs anti malware spyware mais sa ne donne rien.
Voila le resultat du programme GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-03 07:31:29
Windows 5.1.2600 Service Pack 2
Running: bv4lk0tm.exe; Driver: C:\DOCUME~1\QUENTI~1\LOCALS~1\Temp\awrcipob.sys
---- System - GMER 1.0.15 ----
SSDT F7B9586C ZwCreateThread
SSDT F7B95858 ZwOpenProcess
SSDT F7B9585D ZwOpenThread
SSDT F7B95867 ZwTerminateProcess
SSDT F7B95862 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? wfdtge.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\drivers\pgkppo.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe[5268] C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe section is writeable [0x00401000, 0x2EC84, 0xE0000060]
.rsrc C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe[5268] C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe section is executable [0x00432000, 0x3A000, 0xE0000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
et Celui de MalwareByte Anti Malware
Voila j'ai un virus qui me pourri bien la vie, toutes les 20 secondes un fenetre s'ouvre et se ballade pendant quelques secondes avec écrit "this computer is being attacked" il y a aussi un bip qui sonne toutes les 5 secondes,
j'y connais pas grand choses, je suis étudiant et j'ai vraiment besoin de mon ordinateur en ce moment, même si je peux toujours l'utliser sa me stress vraiment pour bosser. Donc votre aide sera vraiment apprécié
Merci d'avance
J'ai windows 98, j'utilise Firefox . J'ai déja éssayé plusieurs anti malware spyware mais sa ne donne rien.
Voila le resultat du programme GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-03 07:31:29
Windows 5.1.2600 Service Pack 2
Running: bv4lk0tm.exe; Driver: C:\DOCUME~1\QUENTI~1\LOCALS~1\Temp\awrcipob.sys
---- System - GMER 1.0.15 ----
SSDT F7B9586C ZwCreateThread
SSDT F7B95858 ZwOpenProcess
SSDT F7B9585D ZwOpenThread
SSDT F7B95867 ZwTerminateProcess
SSDT F7B95862 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? wfdtge.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\drivers\pgkppo.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe[5268] C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe section is writeable [0x00401000, 0x2EC84, 0xE0000060]
.rsrc C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe[5268] C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe section is executable [0x00432000, 0x3A000, 0xE0000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
et Celui de MalwareByte Anti Malware
A voir également:
- Virus fenetre This computer is Being Attacked
- What is my movie français - Télécharger - Divers TV & Vidéo
- Virus mcafee - Accueil - Piratage
- Fenetre windows - Guide
- Fenêtre hors écran windows 11 - Guide
- Fenetre de navigation privée - Guide
5 réponses
slt
le rapport malwarebyte dont tu parle il est où?
_______________
tu as windows 98 ou xp???
_____________
si xp:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
rq: firefox n'est pas à jour
le rapport malwarebyte dont tu parle il est où?
_______________
tu as windows 98 ou xp???
_____________
si xp:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
rq: firefox n'est pas à jour
je n'ai pas transmis le résultat de MalwareByte donc le voici
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshop.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmanager.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Worm.AutoRun) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\exefile\nevershowext (Trojan.Autorun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sys (Worm.Archive) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Delete on reboot.
Fichier(s) infecté(s):
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\autorun.inf (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\MS-DOS.com (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\rndll32.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\tskmgr.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Drivers.cab.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\Boom.vbs (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Fonts.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\tskmgr.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Media\rndll32.pif (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshop.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe (Worm.Archive) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmanager.exe (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Worm.AutoRun) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\exefile\nevershowext (Trojan.Autorun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sys (Worm.Archive) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Delete on reboot.
Fichier(s) infecté(s):
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\autorun.inf (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\MS-DOS.com (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\rndll32.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\tskmgr.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Drivers.cab.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\Boom.vbs (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Fonts.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\tskmgr.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Media\rndll32.pif (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\Global.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com (Worm.AutoRun) -> Quarantined and deleted successfully.
Merci, sa c'est de l'éfficacité, honnetement, j'essaye depuis 10 jours de dégager cette merde et la en 10 minute c'est réglé. Vraiment merci beaucoup pour le coup de main.
Bonne soirée.
Bonne soirée.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
