Sujet Précédent Sujet Suivant

Virus Virtumondo : que faire ?

Fermé
Julien - 21 oct. 2007 à 19:53
 amelie - 19 nov. 2007 à 23:06
Bonsoir à tous,

je crois que j'ai attrapé le virus virtumondo et je ne sais pas comment m'en débarrasser. Ni mon antivirus (AVG puis Avast) ni mes antispywares (AVG, Ccleaner, Spybot et Ad Aware) n'y arrivent...

J'ai téléchargé virtumondobegone, fait une analyse, voilà les rapports...

Si quelqu'un pouvait m'aider, merci d'avance.

Rapport VBG :

[10/21/2007, 16:05:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julien\Bureau\VirtumundoBeGone.exe" )
[10/21/2007, 16:05:35] - Detected System Information:
[10/21/2007, 16:05:35] - Windows Version: 5.1.2600, Service Pack 2
[10/21/2007, 16:05:35] - Current Username: Julien (Admin)
[10/21/2007, 16:05:35] - Windows is in NORMAL mode.
[10/21/2007, 16:05:35] - Searching for Browser Helper Objects:
[10/21/2007, 16:05:35] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/21/2007, 16:05:35] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/21/2007, 16:05:35] - BHO 3: {7b98f4d3-ab63-4274-91b5-8396c5d90c6d} ()
[10/21/2007, 16:05:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/21/2007, 16:05:35] - Checking for HKLM\...\Winlogon\Notify\kbdlmn
[10/21/2007, 16:05:35] - Found: HKLM\...\Winlogon\Notify\kbdlmn - This is probably Virtumundo.
[10/21/2007, 16:05:35] - Assigning {7b98f4d3-ab63-4274-91b5-8396c5d90c6d} MSEvents Object
[10/21/2007, 16:05:35] - BHO list has been changed! Starting over...
[10/21/2007, 16:05:35] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/21/2007, 16:05:35] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/21/2007, 16:05:35] - BHO 3: {7b98f4d3-ab63-4274-91b5-8396c5d90c6d} (MSEvents Object)
[10/21/2007, 16:05:35] - ALERT: Found MSEvents Object!
[10/21/2007, 16:05:35] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/21/2007, 16:05:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/21/2007, 16:05:35] - No filename found. Continuing.
[10/21/2007, 16:05:35] - BHO 5: {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} ()
[10/21/2007, 16:05:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/21/2007, 16:05:35] - No filename found. Continuing.
[10/21/2007, 16:05:35] - BHO 6: {F855B6D4-839F-4140-8711-8C32EE0CF2F6} ()
[10/21/2007, 16:05:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/21/2007, 16:05:36] - No filename found. Continuing.
[10/21/2007, 16:05:36] - Finished Searching Browser Helper Objects
[10/21/2007, 16:05:36] - *** Detected MSEvents Object
[10/21/2007, 16:05:36] - Trying to remove MSEvents Object...
[10/21/2007, 16:05:37] - Terminating Process: IEXPLORE.EXE
[10/21/2007, 16:05:37] - Terminating Process: RUNDLL32.EXE
[10/21/2007, 16:05:37] - Disabling Automatic Shell Restart
[10/21/2007, 16:05:37] - Terminating Process: EXPLORER.EXE
[10/21/2007, 16:05:37] - Suspending the NT Session Manager System Service
[10/21/2007, 16:05:37] - Terminating Windows NT Logon/Logoff Manager
[10/21/2007, 16:05:38] - Re-enabling Automatic Shell Restart
[10/21/2007, 16:05:38] - File to disable: C:\WINDOWS\system32\kbdlmn.dll
[10/21/2007, 16:05:38] - Removing HKLM\...\Browser Helper Objects\{7b98f4d3-ab63-4274-91b5-8396c5d90c6d}
[10/21/2007, 16:05:38] - Removing HKCR\CLSID\{7b98f4d3-ab63-4274-91b5-8396c5d90c6d}
[10/21/2007, 16:05:38] - Adding Kill Bit for ActiveX for GUID: {7b98f4d3-ab63-4274-91b5-8396c5d90c6d}
[10/21/2007, 16:05:38] - Deleting ATLEvents/MSEvents Registry entries
[10/21/2007, 16:05:38] - Removing HKLM\...\Winlogon\Notify\kbdlmn
[10/21/2007, 16:05:38] - Searching for Browser Helper Objects:
[10/21/2007, 16:05:38] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/21/2007, 16:05:38] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/21/2007, 16:05:38] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/21/2007, 16:05:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/21/2007, 16:05:38] - No filename found. Continuing.
[10/21/2007, 16:05:38] - BHO 4: {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} ()
[10/21/2007, 16:05:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/21/2007, 16:05:38] - No filename found. Continuing.
[10/21/2007, 16:05:38] - BHO 5: {F855B6D4-839F-4140-8711-8C32EE0CF2F6} ()
[10/21/2007, 16:05:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/21/2007, 16:05:38] - No filename found. Continuing.
[10/21/2007, 16:05:38] - Finished Searching Browser Helper Objects
[10/21/2007, 16:05:38] - Finishing up...
[10/21/2007, 16:05:38] - A restart is needed.
[10/21/2007, 16:05:46] - Attempting to Restart via STOP error (Blue Screen!)


Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:02, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - (no file)
O2 - BHO: (no name) - {F855B6D4-839F-4140-8711-8C32EE0CF2F6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [c456f9a5] rundll32.exe "C:\WINDOWS\awusqn.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [msmss.exe] C:\WINDOWS\System32\winns.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - AppInit_DLLs: c:\windows\system32\vtsttrp.dll
O20 - Winlogon Notify: urqqoml - urqqoml.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\frehost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

4 réponses

Réponse 1 / 4
!^^![ME] Messages postés 4744 Date d'inscription dimanche 10 juin 2007 Statut Contributeur Dernière intervention 1 mars 2020 395
21 oct. 2007 à 19:59
salut,

Télécharge VundoFix.exe par Atribune http://www.atribune.org/content/view/24/2/ sur ton Bureau.

* Double-clique sur VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est terminé, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK

--> Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".



Un hacker sachant hacker sans infections est pour moi un bon hacker
bloginformatique.blogspot.com
0
Réponse 2 / 4
Julien
21 oct. 2007 à 20:11
ça, je l'ai déjà fait, Vondufix ne trouve rien... D'où le fait que je sois bien embêté...
0
Réponse 3 / 4
eddy
19 nov. 2007 à 23:01
Bonjour,
telecharge tout simplement spyware doctor ;)
0
Réponse 4 / 4
amelie
19 nov. 2007 à 23:06
Bonjour,
spyware doctor les détecte mais si tu ne l'achètes pas , il n'enlève rien :)
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses