Virus trojan
Alexis
-
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Hier, mon j'ai choppé un virus sur mon PC,
J'ai donc décidé d'installaer avast (oui je navais pas danti-virus car j'ai reformater mon pc et j'ai oublier de le remettre).
Malheureusement je ne peux pas l'utiliser, en effet, lorsque je lance un scan, le logiciel se désactive et je ne peux plus l'utiliser.
De même avec norton.
Du coup je me tourne vers vous afin d'avoir une solution à mon problème.
Hier, mon j'ai choppé un virus sur mon PC,
J'ai donc décidé d'installaer avast (oui je navais pas danti-virus car j'ai reformater mon pc et j'ai oublier de le remettre).
Malheureusement je ne peux pas l'utiliser, en effet, lorsque je lance un scan, le logiciel se désactive et je ne peux plus l'utiliser.
De même avec norton.
Du coup je me tourne vers vous afin d'avoir une solution à mon problème.
A voir également:
- Virus trojan
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Artemis virus - Forum Virus
- Trojan sms-par google ✓ - Forum Virus
- Virus informatique - Guide
4 réponses
Re,
C'est un rogue (faux logiciel de sécurité)
▶ Télécharge sur le bureau RogueKiller (par tigzy)
▶ ▶ Sous Windows XP, double clic gauche
▶ ▶ Sous Vista/Seven, clique droit, lancer en tant qu'administrateur
▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d''indiqué dans la fenêtre
♦ 1. Recherche (écrit en vert)
♦ 2. Suppression(écrit en rouge)
♦ 3. Hosts RAZ (écrit en rouge)
♦ 4. Proxy RAZ (écrit en rouge)
♦ 5. DNS RAZ (écrit en rouge)
♦ 6. Raccourcis RAZ (écrit en rouge)
♦ 0. Quitter (écrit en vert)
▶ A ce moment tape 2 et valide
▶ Ensuite, tape 6 et valide
▶ Enfin, 0 pour quitter.
▶ 3 rapports (RKreport1/2/3.txt) ont du se créer à côté de l'exécutable, colle le contenu des rapports dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
C'est un rogue (faux logiciel de sécurité)
▶ Télécharge sur le bureau RogueKiller (par tigzy)
▶ ▶ Sous Windows XP, double clic gauche
▶ ▶ Sous Vista/Seven, clique droit, lancer en tant qu'administrateur
▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d''indiqué dans la fenêtre
♦ 1. Recherche (écrit en vert)
♦ 2. Suppression(écrit en rouge)
♦ 3. Hosts RAZ (écrit en rouge)
♦ 4. Proxy RAZ (écrit en rouge)
♦ 5. DNS RAZ (écrit en rouge)
♦ 6. Raccourcis RAZ (écrit en rouge)
♦ 0. Quitter (écrit en vert)
▶ A ce moment tape 2 et valide
▶ Ensuite, tape 6 et valide
▶ Enfin, 0 pour quitter.
▶ 3 rapports (RKreport1/2/3.txt) ont du se créer à côté de l'exécutable, colle le contenu des rapports dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
bonjour
▶ Télécharge Reload_TDSSKiller
▶ Lance le
choisis : lancer le nettoyage
l'outil va automatiquement télécharger la derniere version puis
TDSSKiller va s'ouvrir , clique sur "Start Scan" Clique ici pour l'aide en image
Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer
sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau
▶ Copie/Colle son contenu dans ta prochaine réponse.
▶ Télécharge Reload_TDSSKiller
▶ Lance le
choisis : lancer le nettoyage
l'outil va automatiquement télécharger la derniere version puis
TDSSKiller va s'ouvrir , clique sur "Start Scan" Clique ici pour l'aide en image
Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer
sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau
▶ Copie/Colle son contenu dans ta prochaine réponse.
Merci mais je m'explique un peu mieux
En faite, j'ai ouvert une 2éme session sur mon PC, car sur celle qui est infecté je ne peux pas lancer de programme, du coup je n'arrive pas à avoir un diagnostique avec le logiciel que tu viens de me fournir. Mais un logiciel du nom de "security sphere 2012" me fournir un rapport de diagnostic. Or je n'est jamais eu ce logiciel donc je ne comprend pas comment il peut intervenir sur mon pc
Du coup je te fourni le rapport (qui est pas très explicite je trouve ^^)
En faite, j'ai ouvert une 2éme session sur mon PC, car sur celle qui est infecté je ne peux pas lancer de programme, du coup je n'arrive pas à avoir un diagnostique avec le logiciel que tu viens de me fournir. Mais un logiciel du nom de "security sphere 2012" me fournir un rapport de diagnostic. Or je n'est jamais eu ce logiciel donc je ne comprend pas comment il peut intervenir sur mon pc
Du coup je te fourni le rapport (qui est pas très explicite je trouve ^^)
Spyware C:/windows/system32/iesetup.dll Spyware.IEMonster.d Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
grams.
Spyware autorun Spyware.IMMonitor Program that can be used to monitor and record conversations in popular instant messaging applications.
rams.
Backdoor C:/windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions).
Dialer C:/windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
raphic pages.
Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
o access a valid site.
raphic pages.
Trojan C:/windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
lid site.
raphic pages.
Trojan C:/windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.
lid site.
raphic pages.
Rogue C:/Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Rogue C:/Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
ns and other malware
Trojan C:/windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
installation and purpose.
ns and other malware
Spyware C:/windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
nstallation and purpose.
ns and other malware
Trojan C:/windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Dialer C:/windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
sequent removal.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
matically invokes paid access to various porn-related Web sites.
sequent removal.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Worm C:/windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC.
ts.
Worm C:/windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
PC.
ts.
Trojan C:/windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user.
Worm C:/windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
he user.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user's knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
wledge.
Trojan C:/windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
ads additional security threats.
wledge.
Trojan C:/windows/system/drivers/etc/ Trojan.IRCBot.d A worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability.
Trojan C:/windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
oiting the Windows Remote Buffer Overflow Vulnerability.
Trojan C:/windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Vulnerability.
Worm C:/windows/system/ Worm.Bagle.CP This is a \"Bagle\" mass-mailer which demonstrates typical \"Bagle\" behavior.
settings. It is spreading as an email attachment.
Vulnerability.
Worm C:/windows/ Win32.BlackMail.xx This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008.
ing as an email attachment.
Vulnerability.
Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
l attachment.
Vulnerability.
Trojan autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file.
Win32.PerFiler is configured to download from either a designated web or FTP site.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user's knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
wledge.
Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
grams.
Spyware autorun Spyware.IMMonitor Program that can be used to monitor and record conversations in popular instant messaging applications.
rams.
Backdoor C:/windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions).
Dialer C:/windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
raphic pages.
Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
o access a valid site.
raphic pages.
Trojan C:/windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
lid site.
raphic pages.
Trojan C:/windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.
lid site.
raphic pages.
Rogue C:/Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Rogue C:/Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
ns and other malware
Trojan C:/windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
installation and purpose.
ns and other malware
Spyware C:/windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
nstallation and purpose.
ns and other malware
Trojan C:/windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Dialer C:/windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
sequent removal.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
matically invokes paid access to various porn-related Web sites.
sequent removal.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Worm C:/windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC.
ts.
Worm C:/windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
PC.
ts.
Trojan C:/windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user.
Worm C:/windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
he user.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user's knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
wledge.
Trojan C:/windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
ads additional security threats.
wledge.
Trojan C:/windows/system/drivers/etc/ Trojan.IRCBot.d A worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability.
Trojan C:/windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
oiting the Windows Remote Buffer Overflow Vulnerability.
Trojan C:/windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Vulnerability.
Worm C:/windows/system/ Worm.Bagle.CP This is a \"Bagle\" mass-mailer which demonstrates typical \"Bagle\" behavior.
settings. It is spreading as an email attachment.
Vulnerability.
Worm C:/windows/ Win32.BlackMail.xx This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008.
ing as an email attachment.
Vulnerability.
Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
l attachment.
Vulnerability.
Trojan autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file.
Win32.PerFiler is configured to download from either a designated web or FTP site.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user's knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
wledge.
