Cheval de troie Win32.ZAccess.ob

Fermé
amystie - 28 oct. 2011 à 17:39
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 29 oct. 2011 à 10:42
Bonjour,
Je suis infecté par le virus ci-haut mentionné. J'ai le logiciel de Kaspersky Pure mais il n'arrive pas à le supprimer. Il me dit: Impossible de réparer. Que puis-je faire.

Merci


7 réponses

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
28 oct. 2011 à 17:42
Salut,

Tu as infection bien pénible.

Tu peux essayer ces deux programmes dans l'ordre voir ce que ça donne, redémarre après le premier s'il détecte qq chose :
https://forum.malekal.com/viewtopic.php?t=34542&start=

puis : https://www.malekal.com/zeroaccesssirefef-remover/

Poste les rapports, ensuite.
1
Voici un premier test

Webroot AntiZeroAccess 0.8 Log File
Execution time: 28/10/2011 - 12:05
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:05:26 - CheckSystem - Begin to check system...
12:05:26 - OpenRootDrive - Opening system root volume and physical drive....
12:05:26 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x098A40EC sectors.
12:05:27 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:05:28 - InstallAndStartDriver - Main driver was installed and now is running.
12:05:28 - CheckSystem - Warning! Disk class driver is INFECTED.
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:32 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:05:32 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
0
Maintenant voici un autre virus: Trojan-Clicker.Win32.Agent.vdt

c:\Documents and Settings\Johanne loiselle\Local Settings\Application Data\c5c2101b\U\80000000.@
0
Webroot AntiZeroAccess 0.8 Log File
Execution time: 28/10/2011 - 12:05
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:05:26 - CheckSystem - Begin to check system...
12:05:26 - OpenRootDrive - Opening system root volume and physical drive....
12:05:26 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x098A40EC sectors.
12:05:27 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:05:28 - InstallAndStartDriver - Main driver was installed and now is running.
12:05:28 - CheckSystem - Warning! Disk class driver is INFECTED.
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:32 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:05:32 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
12:05:32 - Execution Ended!
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
29 oct. 2011 à 00:36
manque celui de McAfee.
0
Allo Malekal_morte Que veux tu dire par manque celui de McAfee?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
29 oct. 2011 à 00:42
Passe cet outil : https://forum.malekal.com/viewtopic.php?t=34542&start=
et retente WebRoot AntiZeroAccess ensuite.
0
Je l'ai sur mon ordi mais kaspersky me demande a chaque fois l'autorisation mais ce n'est pas seulement rootkit qui le demande est-ce que je dit oui à tous
0
Ne serait-il pas mieux de tout formater et réinstaller win XP
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
29 oct. 2011 à 01:15
Dis à Kaspersky d'accepter.

Le formatage est une solution, à toi de voir, si ça ira plus vite :)
0
Ok l'a j le refait mais il reste sur initializing depuis 3 minutes. Est-ce normal?
0
Ok toujours sur écran noir et ça dit:
Rootkit Remover vo.1
McAfee Labs
-=* FOR LIMITED DISTRIBUTION ONLY*=-
iNITIALIZING _ _ _
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
29 oct. 2011 à 01:26
essaye en mode sans échec :

Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec avec prise en charge du réseau et appuye sur la touche entrée du clavier.
0
si ca ne marche pas, vais-je pouvoir revenir en mode normal
0
Il n veux même pas me donner le mode sans échec avec rise e charge du réseau. I y a un défilé de mon système et après reboot mon ordi
0
toujours là
0
Voici un autre test

Webroot ZeroAccess Remover
Copyright(c) 2011 Webroot
www.webroot.com
This program will scan and remove any form of ZeroAccess Rootkit.
Would you like to perform a System Scan? [Y/N] y
Check rootkit device: Found!
System Disk class driver state: Infected!!!
Current analysis path: C:\WINDOWS\system32\Drivers\
Check file "acpi.sys"... Clean!
Check file "acpiec.sys"... Clean!
Check file "aec.sys"... Clean!
Check file "afd.sys"... Clean!
Check file "alcxwdm.sys"... Clean!
Check file "amdk6.sys"... Clean!
Check file "amdk7.sys"... Clean!
Check file "arp1394.sys"... Clean!
Check file "asyncmac.sys"... Clean!
Check file "atapi.sys"... Clean!
Check file "atmarpc.sys"... Clean!
Check file "atmepvc.sys"... Clean!
Check file "atmlane.sys"... Clean!
Check file "atmuni.sys"... Clean!
Check file "audstub.sys"... Clean!
Check file "beep.sys"... Clean!
Check file "bridge.sys"... Clean!
Check file "bthport.sys"... Clean!
Check file "cbidf2k.sys"... Clean!
Check file "cdaudio.sys"... Clean!
Check file "cdfs.sys"... Clean!
Check file "cdr4_xp.sys"... Clean!
Check file "cdralw2k.sys"... Clean!
Check file "cdrom.sys"... Clean!
Check file "cinemst2.sys"... Clean!
Check file "classpnp.sys"... Clean!
Check file "cmuda.sys"... Clean!
Check file "cpqdap01.sys"... Clean!
Check file "crusoe.sys"... Clean!
Check file "CSCrySec.sys"... Clean!
Check file "CSVirtualDiskDrv.sys"... Clean!
Check file "disk.sys"... Clean!
Check file "diskdump.sys"... Clean!
Check file "dmboot.sys"... Clean!
Check file "dmio.sys"... Clean!
Check file "dmload.sys"... Clean!
Check file "DMusic.sys"... Clean!
Check file "drmk.sys"... Clean!
Check file "drmkaud.sys"... Clean!
Check file "dxapi.sys"... Clean!
Check file "dxg.sys"... Clean!
Check file "dxgthk.sys"... Clean!
Check file "fastfat.sys"... Clean!
Check file "fdc.sys"... Clean!
Check file "fetnd5bv.sys"... Clean!
Check file "fips.sys"... Clean!
Check file "flpydisk.sys"... Clean!
Check file "fltMgr.sys"... Clean!
Check file "fsvga.sys"... Clean!
Check file "fs_rec.sys"... Clean!
Check file "ftdisk.sys"... Clean!
Check file "GEARAspiWDM.sys"... Clean!
Check file "grmngen.sys"... Clean!
Check file "grmnusb.sys"... Clean!
Check file "hdaudbus.sys"... Clean!
Check file "hidclass.sys"... Clean!
Check file "hidparse.sys"... Clean!
Check file "hidusb.sys"... Clean!
Check file "http.sys"... Clean!
Check file "i8042prt.sys"... Clean!
Check file "imapi.sys"... Clean!
Check file "intelppm.sys"... Clean!
Check file "ip6fw.sys"... Clean!
Check file "ipfltdrv.sys"... Clean!
Check file "ipinip.sys"... Clean!
Check file "ipnat.sys"... Clean!
Check file "ipsec.sys"... Clean!
Check file "irenum.sys"... Clean!
Check file "isapnp.sys"... Clean!
Check file "kbdclass.sys"... Clean!
Check file "kbdhid.sys"... Error!
Check file "kl1.sys"... Error!
Check file "klbg.sys"... Error!
Check file "klif.sys"... Error!
Check file "klim5.sys"... Error!
Check file "klmouflt.sys"... Error!
Check file "kmixer.sys"... Clean!
Check file "ks.sys"... Clean!
Check file "ksecdd.sys"... Clean!
Check file "mcd.sys"... Clean!
Check file "mf.sys"... Clean!
Check file "mhndrv.sys"... Clean!
Check file "mnmdd.sys"... Clean!
Check file "modem.sys"... Clean!
Check file "mouclass.sys"... Clean!
Check file "mouhid.sys"... Clean!
Check file "mountmgr.sys"... Clean!
Check file "mqac.sys"... Clean!
Check file "mrxdav.sys"... Clean!
Check file "mrxsmb.sys"... Clean!
Check file "msfs.sys"... Clean!
Check file "msgpc.sys"... Clean!
Check file "MSKSSRV.sys"... Clean!
Check file "MSPCLOCK.sys"... Clean!
Check file "MSPQM.sys"... Clean!
Check file "mssmbios.sys"... Clean!
Check file "mup.sys"... Clean!
Check file "ndis.sys"... Clean!
Check file "ndistapi.sys"... Clean!
Check file "ndisuio.sys"... Clean!
Check file "ndiswan.sys"... Clean!
Check file "ndproxy.sys"... Clean!
Check file "netbios.sys"... Clean!
Check file "netbt.sys"... Clean!
Check file "nic1394.sys"... Clean!
Check file "nikedrv.sys"... Clean!
Check file "nmnt.sys"... Clean!
Check file "npfs.sys"... Clean!
Check file "ntfs.sys"... Clean!
Check file "nuidfltr.sys"... Clean!
Check file "null.sys"... Clean!
Check file "nwlnkflt.sys"... Clean!
Check file "nwlnkfwd.sys"... Clean!
Check file "nwlnkipx.sys"... Clean!
Check file "nwlnknb.sys"... Clean!
Check file "nwlnkspx.sys"... Clean!
Check file "nwrdr.sys"... Clean!
Check file "oprghdlr.sys"... Clean!
Check file "p3.sys"... Clean!
Check file "parport.sys"... Clean!
Check file "partmgr.sys"... Clean!
Check file "parvdm.sys"... Clean!
Check file "pci.sys"... Clean!
Check file "pciidex.sys"... Clean!
Check file "pcmcia.sys"... Clean!
Check file "point32.sys"... Clean!
Check file "portcls.sys"... Clean!
Check file "processr.sys"... Clean!
Check file "psched.sys"... Clean!
Check file "ptilink.sys"... Clean!
Check file "pxhelp20.sys"... Clean!
Check file "rasacd.sys"... Clean!
Check file "rasl2tp.sys"... Clean!
Check file "raspppoe.sys"... Clean!
Check file "raspptp.sys"... Clean!
Check file "raspti.sys"... Clean!
Check file "rawwan.sys"... Clean!
Check file "rdbss.sys"... Clean!
Check file "rdpcdd.sys"... Clean!
Check file "rdpdr.sys"... Clean!
Check file "rdpwd.sys"... Clean!
Check file "redbook.sys"... Clean!
Check file "RimSerial.sys"... Clean!
Check file "rio8drv.sys"... Clean!
Check file "riodrv.sys"... Clean!
Check file "RMCast.sys"... Clean!
Check file "rndismp.sys"... Clean!
Check file "rootmdm.sys"... Clean!
Check file "rspndr.sys"... Clean!
Check file "RTL8192u.sys"... Clean!
Check file "s3gnbm.sys"... Clean!
Check file "scsiport.sys"... Clean!
Check file "sdbus.sys"... Clean!
Check file "secdrv.sys"... Clean!
Check file "serenum.sys"... Clean!
Check file "serial.sys"... Clean!
Check file "sffdisk.sys"... Clean!
Check file "sffp_mmc.sys"... Clean!
Check file "sffp_sd.sys"... Clean!
Check file "sfloppy.sys"... Clean!
Check file "smclib.sys"... Clean!
Check file "sonydcam.sys"... Clean!
Check file "splitter.sys"... Clean!
Check file "sr.sys"... Clean!
Check file "srv.sys"... Clean!
Check file "stream.sys"... Clean!
Check file "swenum.sys"... Clean!
Check file "swmidi.sys"... Clean!
Check file "sysaudio.sys"... Clean!
Check file "tape.sys"... Clean!
Check file "tcpip.sys"... Clean!
Check file "tcpip6.sys"... Clean!
Check file "tdi.sys"... Clean!
Check file "tdpipe.sys"... Clean!
Check file "tdtcp.sys"... Clean!
Check file "termdd.sys"... Clean!
Check file "tosdvd.sys"... Clean!
Check file "tsbvcap.sys"... Clean!
Check file "tunmp.sys"... Clean!
Check file "udfs.sys"... Clean!
Check file "update.sys"... Clean!
Check file "usb8023.sys"... Clean!
Check file "usbaapl.sys"... Clean!
Check file "usbcamd.sys"... Clean!
Check file "usbcamd2.sys"... Clean!
Check file "usbccgp.sys"... Clean!
Check file "usbd.sys"... Clean!
Check file "usbehci.sys"... Clean!
Check file "usbhub.sys"... Clean!
Check file "usbintel.sys"... Clean!
Check file "usbport.sys"... Clean!
Check file "usbprint.sys"... Clean!
Check file "usbscan.sys"... Clean!
Check file "USBSTOR.SYS"... Clean!
Check file "usbuhci.sys"... Clean!
Check file "vdmindvd.sys"... Clean!
Check file "vga.sys"... Clean!
Check file "VIAAGP1.SYS"... Clean!
Check file "viaide.sys"... Clean!
Check file "videoprt.sys"... Clean!
Check file "videX32.sys"... Clean!
Check file "volsnap.sys"... Clean!
Check file "wanarp.sys"... Clean!
Check file "wdf01000.sys"... Clean!
Check file "wdfldr.sys"... Clean!
Check file "wdmaud.sys"... Clean!
Check file "wmilib.sys"... Clean!
Check file "wpdusb.sys"... Clean!
Check file "ws2ifsl.sys"... Clean!
Check file "wudfpf.sys"... Clean!
Check file "wudfrd.sys"... Clean!
Warning! One or more errors occurred!
Your system is not infected by ZeroAccess/Max++ Rootkit!
Execution ended.
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
29 oct. 2011 à 10:42
hummm okay.

Bon sauvegarde bien tes documents comme c'est indiqué.

Sauvegarde tes documents importants.


Désactive les logiciels de protection (Antivirus, Antispywares) ensuite :

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

Eventuellement, installe la console de récupération comme cela est conseillé

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://pjjoint.malekal.com/
et donne le lien ici :)

Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

0