Infection par Antimalware Doctor
Beaune
-
yuyu -
yuyu -
Bonjour,
Mon pc vient d'être infecté par le rogue Antimalware Doctor. Il a désactivé mon pare-feu windows et impossible de me connecter à internet à cause d'un autre rogue ''microsoft security essentials alert''.
Heureusement que j'ai mon portable, j'ai dl rkill et malwarebytes, que j'ai réussi à installer sur mon autre ordinateur.
Je viens de finir un scan rapide, mais malwarebytes n'arrive pas à supprimer tous les fichiers infectés.
J'ai aussi une petite peur, avant que je redémarre mon ordinateur, AVG n'avait pas réussi à mettre en quarantaine 2 infections, soit ''Trojan Horse rootkit.agent.EU - System32/drivers/cdrom.... et j'ai aussi relancé un scan avg, mais j'ai peur qu'il ne le détecte pas.
Ci-joint: Le rapport du scan malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4712
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
28.09.2010 20:40:38
mbam-log-2010-09-28 (20-40-38).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 136411
Temps écoulé: 5 minute(s), 36 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
C:\Documents and Settings\Administrateur\Application Data\hotfix.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wcnsrexaom.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Fichier(s) infecté(s):
c:\documents and settings\administrateur\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\wcnsrexaom.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\ppvijkl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Je viens de lancer un examen complet dont je posterai le scan dès qu'il est fini.
J'espère que vous pourrez m'aider à nettoyer mon ordinateur, car j'en ai énormément besoin pour mon travail.
Merci d'avance
Arnaud
Mon pc vient d'être infecté par le rogue Antimalware Doctor. Il a désactivé mon pare-feu windows et impossible de me connecter à internet à cause d'un autre rogue ''microsoft security essentials alert''.
Heureusement que j'ai mon portable, j'ai dl rkill et malwarebytes, que j'ai réussi à installer sur mon autre ordinateur.
Je viens de finir un scan rapide, mais malwarebytes n'arrive pas à supprimer tous les fichiers infectés.
J'ai aussi une petite peur, avant que je redémarre mon ordinateur, AVG n'avait pas réussi à mettre en quarantaine 2 infections, soit ''Trojan Horse rootkit.agent.EU - System32/drivers/cdrom.... et j'ai aussi relancé un scan avg, mais j'ai peur qu'il ne le détecte pas.
Ci-joint: Le rapport du scan malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4712
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
28.09.2010 20:40:38
mbam-log-2010-09-28 (20-40-38).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 136411
Temps écoulé: 5 minute(s), 36 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
C:\Documents and Settings\Administrateur\Application Data\hotfix.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wcnsrexaom.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Fichier(s) infecté(s):
c:\documents and settings\administrateur\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\wcnsrexaom.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\ppvijkl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Je viens de lancer un examen complet dont je posterai le scan dès qu'il est fini.
J'espère que vous pourrez m'aider à nettoyer mon ordinateur, car j'en ai énormément besoin pour mon travail.
Merci d'avance
Arnaud
A voir également:
- Infection par Antimalware Doctor
- Pc doctor - Télécharger - Optimisation
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Disk doctor - Télécharger - Récupération de données
- Car doctor - Télécharger - Vie quotidienne
- Kingsoft PC Doctor - Télécharger - Sécurité
1 réponse
avg chaine surement microsofs pour desinfecter si il a detecter normalement il devrai les supprimer desactive avg laisse microsofs fait un scan complète mormalement il devrai en supprimer si tu peut télécharge ccliener fait nettoyage de disque dure et du registre sa peut marcher en faisan la desinfecsion debranche ton pc a internet instant généralement microsofs les supprime il est assez éfficace surtout il supprime les trojan downloader
