TR/Gorshok.A

Fermé
nicolas83 - 19 déc. 2007 à 13:45
 easyrider - 20 déc. 2007 à 21:07
Bonjour, depuis hiers soir j'ai un messages de antivir qui me dit commme quoi il a trouver TR/Gorshok.A j'ai fait une recherche sur google et je ne trouve rien comme solution je pose le log de hijac merci encore pour ce forum et a toutes les personnes qui y participent merci encore



AntiVir PersonalEdition Classic
Report file date: mercredi 19 décembre 2007 12:00

Scanning for 980683 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NEO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 17:57:41
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 17:57:41
ANTIVIR3.VDF : 7.0.1.117 109568 Bytes 18/12/2007 17:47:00
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 14/12/2007 17:57:41
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercredi 19 décembre 2007 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WinButler.exe' - '1' Module(s) have been scanned
Scan process 'mbiavyo.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
58 processes with 58 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\nicolas\Application Data\Microsoft\Windows\mbiavyo.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0000015.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was moved to '47990ca1.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0000160.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was moved to '47990cb0.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP3\A0000223.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was moved to '47990d27.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: mercredi 19 décembre 2007 13:36
Used time: 1:36:09 min

The scan has been done completely.

7524 Scanning directories
296174 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
296171 Files not concerned
11684 Archives were scanned
4 Warnings
1 Notes

5 réponses

J'ai Antivir et Avast tournant ensemble dans mon PC sous Vista.
Antivir détecte le virus TR/Gorshok.A dans le répertoire d' AVAST
C:\Program Files\Alwil Software\Avast4\DATA fichier Clnr0.dll
Ce fichier semble être un fichier creé par AVAST. Est ce le cas ?
0
hello
j'ai exactement le meme message et la fenetre n'arrete pas d'apparaitre meme si je dit a antivir de supprimer le virus
aucune solution pour l'instant
help est bien venu
merci
0
effectivement ca fait pareil chez moi et sur le pc de mon fils 2 pc c'est bizard il me semble que c'est du pipo et qu'avast fait comme d'habitude conflit avec antivir j'ai comme vous les 2 d'installés sur 3 pc 2 pour le moments on bipé des dixaines de fois a suivre...
0
j'ai eu ce trojan hier détecté par Antivir et rien par Avast. La solution :
J'ai désactivé la restauration système (pour la clearer), puis arrêté Avast. J'ai fait un scan avec antivir qui à détecté moulte emplacement de ce trojan, qu'il a mis en quarantaine. A la fin j'ai poubellé tous les trojans détecté par Antivir. J'ai désinstallé Avast. J'ai réactivé la restauration du système.
Depuis tout est ok et je fonctionne qu'avec Antivir.
A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
bjr, j'ai aussi ramassé ce trojan et j'ai aussi avast et antivir mais chez moi antivir me le ressort a chaque fois que je fais un scan avec un autre antivirus ou spyware du genre avast, ad aware, ou avg , j'ai aussi spyboot et je viens de supprimer spysweeper, car il faut 10 min pour que mon pc s'allume quand il ne faut pas le redemarer une deuxieme fois, aurais je trop d'anti crasses??? soit j'ai aussi desactivé la restauration du systeme puis réactivé et on dirait que je gagne qlq minutes au demarage, qlq peut me dire si j'ai trop de protections? merci
0