[virus] Il annule mes setup et ralenti mon pc - Page 2

Précédent
  • 1
  • 2
  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    En fait il redemarre pas?
    Redemarre manuellement alors.

    A+
    0
  2. Franckyll
     
    t'es sur qu'en le rédemarrant Manuellement, pocket killbox va quand meme exécuter sa suppression ? Et faut il que je redémarre avec le message d'erreur afficher ou je clique sur ok , puis je ferme pocket killbox ?
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Oui oui t inquietes pas lol
    Tu clik sur ok, tu fermes kill box et toutes les applications et tu redemarres.

    A+
    0
  4. Franckyll
     
    "Silent Runners.vbs", revision 46, https://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
    "WinUpdate.exe" = "H:\Program Files\Windows\WinUpdate.exe" [file not found]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "TkBellExe" = ""H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
    -> {HKLM...CLSID} = "AlcoholShellEx"
    \InProcServer32\(Default) = "H:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e OODBS" [file not found], [MS], [file not found], [file not found], [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
    INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
    -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
    \InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\photos\logo\logo noir & vert plastik.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "H:\WINDOWS\System32\sstext3d.scr" [MS]

    Autostart via AUTORUN.INF on local fixed drives:
    ------------------------------------------------

    E:\
    INFECTION WARNING! E:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]

    Startup items in "Fr@nckyll" & "All Users" startup folders:
    -----------------------------------------------------------

    H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "Adobe Gamma Loader" -> shortcut to: "H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
    "{052B12F7-86FA-4921-8482-26C42316B522}"
    -> {HKLM...CLSID} = "Safety Bar"
    \InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
    "{F053C368-5458-45B2-9B4D-D8914BDDDBFF}" = (no title provided)
    -> {HKLM...CLSID} = "TextAloud"
    \InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]

    Explorer Bars

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\(Default) = "Safety Bar"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]

    HKLM\Software\Classes\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF}\(Default) = "TextAloud"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
    "MenuText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
    "Exec" = "H:\Program Files\Messenger\msmsgs.exe" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    H:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

    Missing lines (compared with English-language version):
    [Strings]: 2 lines

    HOSTS file
    ----------

    H:\WINDOWS\System32\drivers\etc\HOSTS

    maps: 3 domain names to IP addresses,
    2 of the IP addresses are *not* localhost!

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Ati HotKey Poller, Ati HotKey Poller, "H:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
    ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "H:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 156 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 25 seconds.
    ---------- (total run time: 278 seconds)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Ahh le bougre, il resiste lol mais on l aura :-)

    Regarde s il apparait maintenant:
    H:\Program Files\Windows\WinUpdate.exe

    (il est dans le H)

    Et aussi fais ceci stp:

    demarer < poste de travail < c < windows < systeme32< drivers < etc < host, ouvre le avec le bloc note, copie/colle ici ce qu il contient.

    A+
    0
  7. Franckyll
     
    Le fichier H:\Program Files\Windows\WinUpdate.exe est toujours introuvable ( même en affichant les fichier cachés et systèmes)

    Voici le rapport :

    # Copyright (c) 1993-2004 Microsoft Corp.
    #
    # AutoGenerated by Microsoft (R) Windows (R) Malicious Software Removal Tool.
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost

    0.0.0.0 www.zango.com
    0.0.0.0 zango.com
    # Start of entries inserted by Spybot - Search & Destroy
    # End of entries inserted by Spybot - Search & Destroy
    0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Ce qui est la:

    0.0.0.0 www.zango.com
    0.0.0.0 zango.com

    Se trouve dans le fichier host?

    a+
    0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Tu les supprimes, pour qu il ne reste plus que ceci:

    # Copyright (c) 1993-2004 Microsoft Corp. 
    # 
    # AutoGenerated by Microsoft (R) Windows (R) Malicious Software Removal Tool. 
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
    # 
    # This file contains the mappings of IP addresses to host names. Each 
    # entry should be kept on an individual line. The IP address should 
    # be placed in the first column followed by the corresponding host name. 
    # The IP address and the host name should be separated by at least one 
    # space. 
    # 
    # Additionally, comments (such as these) may be inserted on individual 
    # lines or following the machine name denoted by a '#' symbol. 
    # 
    # For example: 
    # 
    # 102.54.94.97 rhino.acme.com # source server 
    # 38.25.63.10 x.acme.com # x client host 
    
    127.0.0.1 localhost 
    


    Puis clik fichier < enregistrer.

    Redemarre, verifie que c est toujours comme au dessu et regarde si tu vois le fichier maintenant

    a+
    0
  10. Franckyll
     
    Le fichier Hosts a bien été modifié , mais le fichier WinUpdate.exe reste toujours introuvable ... :/
    0
  11. Franckyll
     
    Je joint aussi un rapport bitdefender au cas où :
    --------------------------------------------------------------------------
    BitDefender Online Scanner

    Rapport d'analyse généré à: Wed, Jul 19, 2006 - 04:48:03

    Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;

    Statistiques

    Temps
    01:54:30

    Fichiers
    319109

    Directoires
    5762

    Secteurs de boot
    5

    Archives
    10112

    Paquets programmes
    22767

    Résultats

    Virus identifiés
    2

    Fichiers infectés
    43

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    39

    Fichiers effacés
    0

    Info sur les moteurs

    Définition virus
    411865

    Version des moteurs
    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Analyse des plugins
    13

    Archive des plugins
    39

    Unpack des plugins
    5

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dc3\wwpClean.exe
    Infecté par: Win32.Virtob.C

    C:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dc3\wwpClean.exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Process.exe
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Process.exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\restart.exe
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\restart.exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5B.tmp
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5B.tmp
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5C.tmp
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5C.tmp
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Local Settings\Temporary Internet Files\Content.IE5\RK5VBL56\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Local Settings\Temporary Internet Files\Content.IE5\RK5VBL56\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk=>H:\Program Files\IntelliTamper\intellitamper.exe
    Infecté par: Win32.Virtob.C

    H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk=>H:\Program Files\IntelliTamper\intellitamper.exe
    Désinfecté

    H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk
    Mis à jour

    H:\Program Files\ewido anti-malware\ewidoguard.exe
    Infecté par: Win32.Virtob.C

    H:\Program Files\ewido anti-malware\ewidoguard.exe
    Désinfecté

    H:\Program Files\ewido anti-malware\SecuritySuite.exe
    Infecté par: Win32.Virtob.C

    H:\Program Files\ewido anti-malware\SecuritySuite.exe
    Désinfecté

    H:\Program Files\ewido anti-spyware 4.0\ewido.exe
    Infecté par: Win32.Virtob.C

    H:\Program Files\ewido anti-spyware 4.0\ewido.exe
    Désinfecté

    H:\Program Files\ewido anti-spyware 4.0\guard.exe
    Infecté par: Win32.Virtob.C

    H:\Program Files\ewido anti-spyware 4.0\guard.exe
    Echec de la désinfection

    H:\Program Files\ewido anti-spyware 4.0\guard.exe
    Echec de la suppression

    H:\Program Files\MSN Messenger\msnmsgr.exe
    Infecté par: Win32.Virtob.C

    H:\Program Files\MSN Messenger\msnmsgr.exe
    Echec de la désinfection

    H:\Program Files\MSN Messenger\msnmsgr.exe
    Echec de la suppression

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh53\WoW.exe
    Infecté par: Win32.Virtob.C

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh53\WoW.exe
    Désinfecté

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh56.exe
    Infecté par: Win32.Virtob.C

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh56.exe
    Désinfecté

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh57.exe
    Infecté par: Win32.Virtob.C

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh57.exe
    Désinfecté

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh62.exe
    Infecté par: Win32.Virtob.C

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh62.exe
    Désinfecté

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh66.exe
    Infecté par: Win32.Virtob.C

    H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh66.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046500.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046500.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046573.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046573.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046574.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046574.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046575.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046575.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046576.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046576.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046578.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046578.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046579.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046579.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046592.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046592.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046607.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046607.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046608.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046608.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046728.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046728.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046730.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046730.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046731.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046731.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046732.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046732.exe
    Désinfecté

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046733.exe
    Infecté par: Win32.Virtob.C

    H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046733.exe
    Désinfecté

    H:\WINDOWS\system32\ati2evxx.exe
    Infecté par: Win32.Virtob.C

    H:\WINDOWS\system32\ati2evxx.exe
    Echec de la désinfection

    H:\WINDOWS\system32\ati2evxx.exe
    Echec de la suppression

    H:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
    Infecté par: Win32.Virtob.C

    H:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
    Désinfecté

    H:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
    Infecté par: Win32.Virtob.C

    H:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
    Désinfecté

    H:\WINDOWS\system32\Process.exe
    Infecté par: Win32.Virtob.C

    H:\WINDOWS\system32\Process.exe
    Désinfecté

    H:\WINDOWS\system32\spoolsv.exe
    Infecté par: Win32.Virtob.C

    H:\WINDOWS\system32\spoolsv.exe
    Echec de la désinfection

    H:\WINDOWS\system32\spoolsv.exe
    Echec de la suppression

    H:\WINDOWS\system32\swreg.exe
    Infecté par: Win32.Virtob.C

    H:\WINDOWS\system32\swreg.exe
    Désinfecté

    H:\WINDOWS\system32\swsc.exe
    Infecté par: Win32.Virtob.C

    H:\WINDOWS\system32\swsc.exe
    Désinfecté
    0
  12. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Il infecte tous les executables ce c** !

    Lance un scan avec bitdefender.

    Puis;

    Double clic sur killbox.exe (Pocket Killbox)

    - coche: delete on reboot
    - Dans "Full Path of File to Delete"
    - -Sélectionne "single File"
    copie et colle:

    H:\Program Files\Windows\WinUpdate.exe

    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer clique sur YES

    Si ce message s’affiche ignore le :
    http://tinypic.com/images/goodbye.jpg
    Laisse le pc redémarrer.

    Au redemarrage lance ewido et donne le rapport!

    Puis remet un silent runner
    0
  13. Franckyll
     
    Salut,
    J'ai un problème, quand je lance silent runner et que je lui demande de scanner, j'ai ce message d 'erreur : Http://dj.franckyll.free.fr/erreur silent runner.jpg
    Qu'est ce que c'est ? Que faut uk que je fasse ?
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 23:57:10 21/07/2006

    + Scan result:

    Nothing found.

    ::Report end

    ----------------------------------------------------------------------------
    0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    tu peux essayer de le retelecharger?
    0
  15. Franckyll
     
    "Silent Runners.vbs", revision 46, https://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
    "WinUpdate.exe" = "H:\Program Files\Windows\WinUpdate.exe" [file not found]

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Win32 Security Protocol" = "secure32.exe" [file not found]
    "LogitechSoftwareUpdate" = ""H:\Program Files\Logitech\ManifestEngine.exe" boot" ["Logitech Inc."]
    "BitTorrent" = ""H:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "TkBellExe" = ""H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
    "LVCOMSX" = "H:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
    "LogitechVideoRepair" = "H:\Program Files\Logitech\ISStart.exe " ["Logitech Inc."]
    "LogitechVideoTray" = "H:\Program Files\Logitech\LogiTray.exe" ["Logitech Inc."]
    "Win32 Security Protocol" = "secure32.exe" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
    -> {HKLM...CLSID} = "AlcoholShellEx"
    \InProcServer32\(Default) = "H:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
    -> {HKLM...CLSID} = "My Logitech Pictures"
    \InProcServer32\(Default) = "H:\Program Files\Logitech\Namespc2.dll" ["Logitech Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e OODBS" [file not found], [MS], [file not found], [file not found], [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
    -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
    \InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\photos\logo\logo noir & vert plastik.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "H:\WINDOWS\System32\sstext3d.scr" [MS]

    Autostart via AUTORUN.INF on local fixed drives:
    ------------------------------------------------

    E:\
    INFECTION WARNING! E:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]

    Startup items in "Fr@nckyll" & "All Users" startup folders:
    -----------------------------------------------------------

    H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "Adobe Gamma Loader" -> shortcut to: "H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
    "{052B12F7-86FA-4921-8482-26C42316B522}"
    -> {HKLM...CLSID} = "Safety Bar"
    \InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
    "{F053C368-5458-45B2-9B4D-D8914BDDDBFF}" = (no title provided)
    -> {HKLM...CLSID} = "TextAloud"
    \InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]

    Explorer Bars

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\(Default) = "Safety Bar"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]

    HKLM\Software\Classes\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF}\(Default) = "TextAloud"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
    "MenuText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
    "Exec" = "H:\Program Files\Messenger\msmsgs.exe" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    H:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

    Missing lines (compared with English-language version):
    [Strings]: 2 lines

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Ati HotKey Poller, Ati HotKey Poller, "H:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
    ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "H:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 206 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 44 seconds.
    ---------- (total run time: 407 seconds)
    0
  16. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salute,

    Ou en sont tes soucis actuels?

    a+
    0
  17. don vincenzoo
     
    salut j'ai le meme probleme !!!

    j'ai trouvé un removal pour ce virus sur le site de grisoft !

    le nom du virus c'est win32/virut !!!!
    il infecte tout les .exe par injection de code dans les fichiers exe !
    il n'utilise pas de rootkit pour se cacher mais l'injection!
    pour l'instant aucun antivirus n'est capable de proteger et reparer ce virus(a ma connaissance!)

    une grosse ***** qui infecte tout les .exe de tout tes disques !

    ca craint vraiment !

    il faut desactiver tout les options recuperations du systeme !

    puis utiliser le removal en mode sans echec en l'ayant telecharger a partir d'un pc non infecté !
    voici le lien :

    http://www.grisoft.com/doc/34/us/crp/0/ndi/67762

    moi mon probleme c'est que j'arrive pas a redemarrer en mode sans echec car il reboot des que je tente le mode sans echec !

    donc logiquement j'ai formaté 250 gigas de donnés et je me suis dis ok ca va allé bien maintenant !

    et bien non !!!!
    il est toujours la ce -****** de virus de *******!!!!!!

    donc moi ma solution va etre radicale : je sauvegarde tout mes fichiers importants (tout sauf des .exe car le virus n'infecte que ceux la)

    et pour info j'avais avg antispyware a jour installé et avg antivirus 7.5 a jour installé lors de ma contamination !
    le virus a contaminé l'antivirus qui detecté des fichiers infecté dans le \sys32 et qui les a donc supprimés ou mis en quarantaine puis au redemarrage plus acces a windows !!!
    suite a un bidouillage je recupere la possibilité d'avoir acces a windows et meme en essayant avec avast je recevais un message comme quoi le prograùme est modifié illegalement et qu'il est risqué de continuer a utiliser le programme !

    meilleur solution actuelle : sauvegardé tout vos fichiers importants (aucun .exe!!!!) et formater a fond tout vos disques durs !!

    rrrrrrrrrrrrrrrrrrrrrrr

    ca enerve !
    0
Précédent
  • 1
  • 2