trojan muldrop Fermé

Question

bonjour ,voici mon rapport.pouvez-vous l'analyser ,merciBitDefender Online Scanner     Scan report generated at: Wed, Nov 02, 2005 - 21:22:09       Scan path: A:\;C:\;D:\;           Statistics Time 00:15:44 Files 111774 Folders 2881 Boot Sectors 2 Archives 791 Packed Files 14040      Results Identified Viruses  3 Infected Files  7 Suspect Files  0 Warnings 0 Disinfected 0 Deleted Files 6      Engines Info Virus Definitions 232377 Engine build AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29) Scan plugins 13 Archive plugins 39 Unpack plugins 4 E-mail plugins 6 System plugins 1      Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas; Exclude Extensions   Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes        Scanned File  Status C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0020 Detected with: Application.Adware.NewDotNet.B.Dropper C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0020 Deleted C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe Update failed C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0023 Infected with: Trojan.Muldrop.1869.A C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0023 Disinfection failed C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe=>wise0023 Deleted C:\Documents and Settings\ELODIE\Local Settings\Temporary Internet Files\Content.IE5\OHWNU98P\puppy_cls[1].exe Update failed C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0020 Detected with: Application.Adware.NewDotNet.B.Dropper C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0020 Deleted C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe Update failed C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023 Infected with: Trojan.Muldrop.1869.A C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023 Disinfection failed C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe=>wise0023 Deleted C:\Documents and Settings\ESTELLE\Bureau\Mes images\himage msn\puppy_cls.exe Update failed C:\Program Files\NewDotNet
ewdotnet6_38.dll Detected with: Application.Adware.NewDotNet.B C:\Program Files\NewDotNet
ewdotnet6_38.dll Disinfection failed C:\Program Files\NewDotNet
ewdotnet6_38.dll Delete failed C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0020 Detected with: Application.Adware.NewDotNet.B.Dropper C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0020 Deleted C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe Update failed C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0023 Infected with: Trojan.Muldrop.1869.A C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0023 Disinfection failed C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe=>wise0023 Deleted C:\RECYCLER\S-1-5-21-329068152-823518204-839522115-1004\Dc6.exe Update failedmerci ; a++

bernie61 · Answer

salutet bien ils ont été détecté et effacé, c'est cool donca+

bernie61 · Answer

salut
tu vas là et effaces tout le répertoire
C:\Program Files\NewDotNet\

tu désactives la restauration, tu redémarres puis réactive la restauration
tu refais un scan, si pas de détection crée un point de restauration
sinon fais un HT
Tu charges HijackThis là et enregistre le dans un répertoire spécifique:
HijackThis direct download: http://209.133.47.12/~merijn/files/HijackThis.exe
http://www.spywareinfo.com/~merijn/downloads.html
Ou là
http://www.spychecker.com/download/download_hijackthis.html
tu le lances « Do a system scan and save log » et sauves le fichier hijackthis.log ou tu copie/colle avec cliq droit de la souris ici
a+

Utilisateur anonyme · Answer

salut robi
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+

Utilisateur anonyme · Answer

re,dans ajout/suppression de programme, desinstalle ceci:new dot netpuis redemarre ton pc et remet un loga+

Utilisateur anonyme · Answer

salutreverifieNEWDOTnew netnew not netet remet un loga+

Utilisateur anonyme · Answer

reremet un hijack this...a+

robi · Answer

bonjour ,voici mon dernier scan d'hier et mon log d'aujourd'huiBitDefender Online Scanner  Scan report generated at: Mon, Nov 07, 2005 - 22:40:57 Scan path: A:\;C:\;D:\;  Statistics Time 00:25:43 Files 152010 Folders 2971 Boot Sectors 2 Archives 1475 Packed Files 15635      Results Identified Viruses  3 Infected Files  5 Suspect Files  0 Warnings 0 Disinfected 0 Deleted Files 5      Engines Info Virus Definitions 232777 Engine build AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29) Scan plugins 13 Archive plugins 39 Unpack plugins 4 E-mail plugins 6 System plugins 1      Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions   Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes        Scanned File  Status C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020 Detected with: Application.Adware.NewDotNet.B.Dropper C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020 Deleted C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe Update failed C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023 Infected with: Trojan.Muldrop.1869.A C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023 Disinfection failed C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023 Deleted C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe Update failed C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0020 Detected with: Application.Adware.NewDotNet.B.Dropper C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0020 Deleted C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe Update failed C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023 Infected with: Trojan.Muldrop.1869.A C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023 Disinfection failed C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023 Deleted C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe Update failed C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006684.dll Detected with: Application.Adware.NewDotNet.B C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006684.dll Disinfection failed C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006684.dll Deleted   Logfile of HijackThis v1.99.1Scan saved at 23:01:56, on 08/11/2005Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXEC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\BJC\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis_199.zip\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.netR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXEO4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"O4 - HKLM\..\Run: [adiras] adiras.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocxO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{B1F2588A-2ED1-4D1A-8751-830A54C97B65}: NameServer = 217.19.192.132 217.19.192.131O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exemerci pour l'aide apporté a tous les novices de l'informatique que nous sommesa+

Utilisateur anonyme · Answer

salutou en sont tes soucisa+

robi · Answer

bonjour,
ma question est :
que pense tu du log du post 12 et pourquoi bitdefender me retrouve mes trojens a chaque fois si il les a éliminé au scan d'avant ?
voici le scan d'aujourd'hui

BitDefender Online Scanner

Scan report generated at: Wed, Nov 09, 2005 - 20:34:38

Scan path: A:\;C:\;D:\;

Statistics

Time
00:33:32

Files
210945

Folders
3104

Boot Sectors
2

Archives
7350

Packed Files
21119

Results

Identified Viruses
2

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4

Engines Info

Virus Definitions
232948

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0020
Deleted

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe
Update failed

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
Infected with: Trojan.Muldrop.1869.A

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
Disinfection failed

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe=>wise0023
Deleted

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0005550.exe
Update failed

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0020
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0020
Deleted

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe
Update failed

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
Infected with: Trojan.Muldrop.1869.A

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
Disinfection failed

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe=>wise0023
Deleted

C:\System Volume Information\_restore{C0C78C89-3FBE-4713-A88C-DD3DD49904A7}\RP59\A0006667.exe
Update failed

je n'ai pas retrouvé les programmes :
-NEWDOT
-new net
-new not net
aucun de ces programmes n'est dans" ajout/supression de programme"

alors ?

apparament je ne ressent pas de problème pour le moment mais j'essaye de comprendre le pourquoi du comment .
a+

Utilisateur anonyme · Answer

salut

Tes virus se trouvent dans un point de restauration système infecté.
Il faut que tu la désactive, ce qui a pour effet de supprimer les points de restau système, ensuite il faut que tu la réactive.

Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider

redemarre ton pc et reactive là :
Clic droit sur poste de travail > propriétés > onglet restauration système
puis décocher "désactiver la restauration système".

Puis refais un scan de controle avec ton av

a+

robi 37 · Answer

re,
ok tout a l'air clin après le scan en ligne bitdefender.

C:\System Volume Information\_restore: est le point de restauration, si j'ai bien compris

sans vos conseils et vos solutions nous serions dans la .... au bonheur des dépanneurs
merci à vous tous

a+ robi 37

Trojan muldrop

11 réponses