Sujet Précédent Sujet Suivant

Trojan horse TR/Dldr.Conhook.Gen

Résolu
lea07 -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,
Je suis infectée par le trojan horse TR/Dldr.ConHook.Gen
AD AWare Se Personnal et Avira AntiVir personal Edition Classic me le detecte mais je ne peux pas le supprimer.
Il engendre plein de problème, mon PC se deconnecte d'internet des que je l'eteins, il faut que je retourne dans les propriétés d'internet explorer pour cocher "toujours etablir la connexion par defaut" et j'ai des plantagesrégulièrement.
Quelqu'un a-t-il déjà eu ce problème et peut -il m'aider?
J'ai Windows XP et internet explorer 6.0
Merci d'avance
A voir également:

47 réponses

Précédent
Réponse 21 / 47
lea07
 
je dois me planter il me demande un code d'activation valide pr l'installer
sur le lien je suis allée sur "Telecharger new CCleaner"
c la que je dois faire l'erreur
0
Réponse 22 / 47
lea07
 
CCleaner v2.01.507 - Standard Build
2,567KB
Download now

est ce ce truc la que je dois telecharger?
0
Réponse 23 / 47
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Oui.

FillPCA
0
Réponse 24 / 47
lea07
 
c fait pr c cleaner il m'a supp plein de choses
je fais la suite mtn
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 47
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
OK. J'attends le rapport AVG antispyware. Cela peut prendre un peu de temps.

FillPCA
0
Réponse 26 / 47
lea07
 
en effet il mouline
l'ordi vient de couiner
Antivir m'a retrouvé le trojan pdt le scan
pr l'instant ds les menaces il m'a mis "Adware.HotBar"
risque moyen
a suivre
0
Réponse 27 / 47
lea07
 
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:50:00 09/10/2007

+ Résultat de l'analyse:

C:\WINDOWS\system32\ypakacpg.exe -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\A0041968.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\Documents and Settings\Moi\Application Data\installer_fr[1].exe.vir -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Moi\Cookies\moi@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Moi\Cookies\moi@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.

Fin du rapport

qu'en penses tu?
0
Réponse 28 / 47
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

C'est pas mal.

* Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

Je regarderai cela demain, car le scan est long.

FillPCA
0
Réponse 29 / 47
lea07
 
ça marche
a demain et milles mercis pour ton aide
0
Réponse 30 / 47
lea07
 
bonjour FILLPCA
voici le rapport :

antivir m'a encore detecté le trojan.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 10, 2007 10:47:20 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/10/2007
Kaspersky Anti-Virus database records: 430262
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 50363
Number of viruses found: 3
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 00:39:06

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Moi\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Moi\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Moi\Local Settings\Historique\History.IE5\MSHist012007101020071011\index.dat Object is locked skipped
C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Moi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Moi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Moi\Local Settings\Temp\Perflib_Perfdata_378.dat Object is locked skipped
C:\Documents and Settings\Moi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Moi\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\A0041979.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\A0041979.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\A0041979.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\A0042040.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.wv skipped
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\change.log Object is locked skipped
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\A0042727.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\A0042728.dll Object is locked skipped
C:\VundoFix Backups\xxyxwvv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.wv skipped
C:\qoobox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\qoobox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\qoobox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir NSIS: infected - 2 skipped
D:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP347\change.log Object is locked skipped

Scan process completed.
0
Réponse 31 / 47
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,
A priori, l'infection est dans les quarantaines.

1/ * Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

* Une liste apparaît dans la partie gauche d'OTmoveIT.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

2/ Tu dois désactiver la restauration système. Pour cela, fais un clic droit sur « poste de travail ». Dans l’onglet « restauration du système », coche la case « désactiver la restauration système ». Clique sur appliquer>OK.
Décoche cette case, clique sur appliquer>OK et redémarre le PC.

As-tu toujours des soucis ?

FillPCA
0
Réponse 32 / 47
lea07
 
Fill,
j'ai fait ce que tu m'as demandé
je viens de refaire un scan antivir, il ne me signale pas le trojan mais un autre truc : PCK/Dumped
veux tu que je t'envoie le rapport?
de plus, je n'ai plus de parefeu actif sur l'ordi!!
je ne sais pas si je vais m'en sortir!!
0
Réponse 33 / 47
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Edite le rapport Avast. Pour le pare-feu, j'allais t'en parler.

FillPCA
0
Réponse 34 / 47
lea07
 
AVAST est celui de AVG antispyware?
0
Réponse 35 / 47
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,
Je me trompe. Je voulais dire Antivir.

FillPCA
0
Réponse 36 / 47
lea07
 
AntiVir PersonalEdition Classic
Report file date: mercredi 10 octobre 2007 11:36

Scanning for 870223 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Moi
Computer name: AQ00VC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 11:34:00
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 11:34:00
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 11:34:02
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 11:34:02
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 06:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:52:52
ANTIVIR2.VDF : 7.0.0.57 446464 Bytes 07/10/2007 09:19:58
ANTIVIR3.VDF : 7.0.0.66 35840 Bytes 09/10/2007 11:27:02
AVEWIN32.DLL : 7.6.0.20 2753024 Bytes 04/10/2007 18:13:30
AVWINLL.DLL : 1.0.0.7 14376 Bytes 20/04/2007 05:26:04
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 11:34:00
AVREP.DLL : 7.0.0.1 155688 Bytes 20/04/2007 05:26:04
AVPACK32.DLL : 7.3.0.15 360488 Bytes 04/08/2007 14:12:54
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 11:34:00
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 11:34:00
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 11:34:00
NETNT.DLL : 7.0.0.0 7720 Bytes 20/04/2007 05:26:04
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 06/09/2007 11:33:48
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 11:33:48
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 11:34:02

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercredi 10 octobre 2007 11:36

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'WMPNETWK.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATKOSD.EXE' - '1' Module(s) have been scanned
Scan process 'WMPNSCFG.EXE' - '1' Module(s) have been scanned
Scan process 'GUARD.EXE' - '0' Module(s) have been scanned
Scan process 'OctoshapeClient.exe' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'AVGAS.EXE' - '1' Module(s) have been scanned
Scan process 'TomTomHOME.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '34' files ).

Starting the file scan:

Begin scan in 'C:\' <SYSTEME>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Moi\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> setpath.cfexe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was deleted!
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file
[INFO] The file was deleted!
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP348\A0042752.exe
[0] Archive type: RAR SFX (self extracting)
--> setpath.cfexe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was deleted!
C:\System Volume Information\_restore{C37609FF-B829-4FC8-82A8-6D03F417265A}\RP348\A0042753.exe
[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file
[INFO] The file was deleted!
Begin scan in 'D:\' <DONNEES>
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: mercredi 10 octobre 2007 12:03
Used time: 27:06 min

The scan has been done completely.

4583 Scanning directories
243255 Files were scanned
2 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
243253 Files not concerned
7382 Archives were scanned
1 Warnings
0 Notes
0
Réponse 37 / 47
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,
Aucun soucis. C'est Hijackthis, qui est considéré comme infectieux par Antivir.

Pour la sécurité de ton pc : http://perso.orange.fr/Le-site-de-Fill/S%E9curit%E9/Logiciels%20de%20protection.html
En firewall, j'utilise Comodo et j'en suis content.

FillPCA
0
Réponse 38 / 47
lea07
 
comodo mle demande si OctoshapeClient.exe essaie de se connecter je bloque ou j'autorise
0
Réponse 39 / 47
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,
Tu peux autoriser.

FillPCA
0
Réponse 40 / 47
lea07
 
Fill,

faut il que je definisse une nvelle zone de confiancel'ordi me dit qu'avant il faut que j'en crée une
je ne sais pas si j'ai fini d'installer ou non
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses