A voir également:
- WORM/VB.NPM.1
- Worm win32 ✓ - Forum Virus
- Worm gamarue ✓ - Forum Virus
- Vbs worm ✓ - Forum Virus
- Remediate vbs worm ✓ - Forum VB / VBA
- W32 blaster worm ✓ - Forum Virus
7 réponses
barpacentriste
Messages postés
6
Date d'inscription
mardi 15 janvier 2008
Statut
Membre
Dernière intervention
26 mars 2008
15 janv. 2008 à 13:10
15 janv. 2008 à 13:10
PS: j'ai oublié d dire que j'avais fait un scan de mon disque via antivir et voilà son rapport, si cela parle à quelqun!??
Même avec ce scan complet, je suis tjs incapable de rentrer dans mes deux disques normalement.
AntiVir PersonalEdition Classic
Report file date: mercredi 14 novembre 2007 10:04
Scanning for 1033903 virus strains and unwanted programs.
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 09:15:41
ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 09:10:43
ANTIVIR3.VDF : 7.0.1.238 241664 Bytes 15/01/2008 09:09:52
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 14/11/2007 09:10:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 14/11/2007 09:10:43
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 14 novembre 2007 10:04
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msimn.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SearchSettings.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'System.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System.exe'
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'raysat345server.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'wrapper.exe' - '1' Module(s) have been scanned
Scan process 'JawsService.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'System.exe' has been terminated
C:\WINDOWS\System.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
44 processes with 43 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '34' files ).
Starting the file scan:
Begin scan in 'C:\' <System>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule\Incoming\PolyTrans 3D Translation System 4.1.2.zip
[0] Archive type: ZIP
--> PolyTrans 3D Translation System 4.1.2.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47a6b4fe.qua'!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP284\A0057892.exe
[DETECTION] Contains detection pattern of the worm WORM/Gaobot.590336
[INFO] The file was moved to '476ab630.qua'!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP346\A0060765.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.gxb
[INFO] The file was moved to '476ab72c.qua'!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061472.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061473.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061476.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061490.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061491.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061494.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061513.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061514.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061517.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was moved to '476abc56.qua'!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061550.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061551.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061554.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061559.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061560.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061563.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061601.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061602.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061605.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061615.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061616.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061632.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061633.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061636.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061643.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061644.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061647.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061721.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061722.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061725.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061790.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le fichier ou le répertoire est endommagé et illisible.
End of the scan: mercredi 14 novembre 2007 10:19
Used time: 14:19 min
The scan has been done completely.
7096 Scanning directories
253510 Files were scanned
35 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
30 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
253475 Files not concerned
1673 Archives were scanned
1 Warnings
29 Notes
Même avec ce scan complet, je suis tjs incapable de rentrer dans mes deux disques normalement.
AntiVir PersonalEdition Classic
Report file date: mercredi 14 novembre 2007 10:04
Scanning for 1033903 virus strains and unwanted programs.
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 09:15:41
ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 09:10:43
ANTIVIR3.VDF : 7.0.1.238 241664 Bytes 15/01/2008 09:09:52
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 14/11/2007 09:10:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 14/11/2007 09:10:43
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 14 novembre 2007 10:04
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msimn.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SearchSettings.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'System.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System.exe'
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'raysat345server.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'wrapper.exe' - '1' Module(s) have been scanned
Scan process 'JawsService.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'System.exe' has been terminated
C:\WINDOWS\System.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
44 processes with 43 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '34' files ).
Starting the file scan:
Begin scan in 'C:\' <System>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule\Incoming\PolyTrans 3D Translation System 4.1.2.zip
[0] Archive type: ZIP
--> PolyTrans 3D Translation System 4.1.2.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47a6b4fe.qua'!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP284\A0057892.exe
[DETECTION] Contains detection pattern of the worm WORM/Gaobot.590336
[INFO] The file was moved to '476ab630.qua'!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP346\A0060765.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.gxb
[INFO] The file was moved to '476ab72c.qua'!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061472.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061473.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061476.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061490.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061491.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061494.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061513.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061514.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP380\A0061517.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was moved to '476abc56.qua'!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061550.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061551.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061554.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061559.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061560.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061563.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061601.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061602.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP381\A0061605.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061615.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061616.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061632.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061633.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061636.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061643.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061644.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061647.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061721.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061722.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061725.EXE
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{E8BB1CDB-EABD-417D-97E6-9667BB525CF1}\RP382\A0061790.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[INFO] The file was deleted!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le fichier ou le répertoire est endommagé et illisible.
End of the scan: mercredi 14 novembre 2007 10:19
Used time: 14:19 min
The scan has been done completely.
7096 Scanning directories
253510 Files were scanned
35 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
30 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
253475 Files not concerned
1673 Archives were scanned
1 Warnings
29 Notes
jetlovie
Messages postés
73
Date d'inscription
mercredi 7 novembre 2007
Statut
Membre
Dernière intervention
14 octobre 2010
101
15 janv. 2008 à 13:19
15 janv. 2008 à 13:19
bonjours barpacentriste en effet tu est infecter par le virus WORM/VB.NPM.1
c'est a cause de lui que tu ne peut pas accéder a tes disques.
c'est a cause de lui que tu ne peut pas accéder a tes disques.
barpacentriste
Messages postés
6
Date d'inscription
mardi 15 janvier 2008
Statut
Membre
Dernière intervention
26 mars 2008
15 janv. 2008 à 14:17
15 janv. 2008 à 14:17
Salut jetlovie,
je m'en doutais un peu, mais y a t'il une sollution pour réaccéder à ces deux disques? Antivir n'a pas l'air de faire l'affaire.
Y a t-il un autre soft?
je m'en doutais un peu, mais y a t'il une sollution pour réaccéder à ces deux disques? Antivir n'a pas l'air de faire l'affaire.
Y a t-il un autre soft?
Bonjour,
J'ai le même probleme et d'apres les infos que j'ai pu avoir a droite ou a gauche c'est un virus tres difficile à enlever et il se propage très vite. Il semblerait qu'il se transmet avec les excutions automatiques des disques durs externes ou cle usb. Ces derniers tu peux les formater, il revient systematiquement. C'est d'ailleurs par une cles usb que je l'ai attrape et refille à tous mon materiel chez moi !
Bref un ami à réussi il y a un mois à l'enlever avec Kastersky (prend la version d'essai de 30 jours et telecharge la mise à jour complete )
Tu peux essayer.
Personnellement je viens d'essayer et j'ai comme message " Ce fichier exécutable automatiquement a été altéré. L'installation sera interrompue." (trop facile sinon...)
Tiens moi au courant si ca marche pour toi ! Ou si tu trouves une autre solution...
Sinon si tu veux acceder à tes disques durs externe clic droit avec la souris et explore
Si tu reformates ton pc le probleme est que ton disque dur externe à le virus lui aussi, et il le refilera aussi sec a ton pc (le miens je l'ai reformater il y a deux semaines )
Si quelqu'un à la solution !
J'ai le même probleme et d'apres les infos que j'ai pu avoir a droite ou a gauche c'est un virus tres difficile à enlever et il se propage très vite. Il semblerait qu'il se transmet avec les excutions automatiques des disques durs externes ou cle usb. Ces derniers tu peux les formater, il revient systematiquement. C'est d'ailleurs par une cles usb que je l'ai attrape et refille à tous mon materiel chez moi !
Bref un ami à réussi il y a un mois à l'enlever avec Kastersky (prend la version d'essai de 30 jours et telecharge la mise à jour complete )
Tu peux essayer.
Personnellement je viens d'essayer et j'ai comme message " Ce fichier exécutable automatiquement a été altéré. L'installation sera interrompue." (trop facile sinon...)
Tiens moi au courant si ca marche pour toi ! Ou si tu trouves une autre solution...
Sinon si tu veux acceder à tes disques durs externe clic droit avec la souris et explore
Si tu reformates ton pc le probleme est que ton disque dur externe à le virus lui aussi, et il le refilera aussi sec a ton pc (le miens je l'ai reformater il y a deux semaines )
Si quelqu'un à la solution !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour à tous!
J'ai aussi été infecté par le WORM/VB.NPM.1 par le biais d'une clée USb. Il semblerai que je l'ai supprimé de mon PC. Par contre maintenant , au demarrage, un dossier System apparait, et l'orsqu'il n'apparait pas, mo PC refuse de demarrer.
Pouvez vous m'aider!!!
Merci Beaucoup!!
J'ai aussi été infecté par le WORM/VB.NPM.1 par le biais d'une clée USb. Il semblerai que je l'ai supprimé de mon PC. Par contre maintenant , au demarrage, un dossier System apparait, et l'orsqu'il n'apparait pas, mo PC refuse de demarrer.
Pouvez vous m'aider!!!
Merci Beaucoup!!
Le virus est arrivé sur les PC de mon école et résultat on se le refile tous avec nos clefs.
Je suis aussi infectée, quelqu'un oeut-il nous aider?
C'est trop la merde si je perd tout ce que j'ai sur mon PC, tout on taff.... au secours!
Je suis aussi infectée, quelqu'un oeut-il nous aider?
C'est trop la merde si je perd tout ce que j'ai sur mon PC, tout on taff.... au secours!
Salut,
J'ai eu le même problème, et ce "virus" se propage effectivement très vite.J'avais lu un post dessus qui indiquait comment le supprimer manuellement de façon efficace.
Le malin il cache ses fichiers, et on peut même faire afficher les fichiers cachés de façon classique( il l'a désactivé directement dans la base registre).Du coup l'auteur du post a eu la bonne idée d'utiliser Filezilla...oui même si cela n'a rien à avoir, il permet de visualiser les fichiers cachés.
Avant tout, dans le gestionnaire des tâches, il faut terminer le processus "system.exe" ( attention à ne pas terminer le processus "System" sans le .exe ).
A partir de Filezilla, supprimer:
-C:\autorun.inf
-C:\recycle (icone de la corbeille)
-C:\windows\config\*.exe il doit y avoir 2 fichiers à supprimer, ils ont l'icone d'un dossier windows
-C:\windows\system.exe si votre antivirus ne l'a pas encore supprimé
Ceci est à effectuer sur tout vos disques dur et media amovibles : clés usb, carte mémoires...
Attention: à l'insertion de ces médias, l'autorun va copier le virus sur votre disque dur, donc refaites le nettoyage :/
Par contre pour le dossier system qui s'ouvre au démarrage, il faut modifier des paramètres dans la base de registre.Je vais pas me lancer dans l'explication, ceux qui connaissent la base, vous pouvez voir la clé dans le currentVersion de windowsNT (si je me souvien bien).
J'ai eu le même problème, et ce "virus" se propage effectivement très vite.J'avais lu un post dessus qui indiquait comment le supprimer manuellement de façon efficace.
Le malin il cache ses fichiers, et on peut même faire afficher les fichiers cachés de façon classique( il l'a désactivé directement dans la base registre).Du coup l'auteur du post a eu la bonne idée d'utiliser Filezilla...oui même si cela n'a rien à avoir, il permet de visualiser les fichiers cachés.
Avant tout, dans le gestionnaire des tâches, il faut terminer le processus "system.exe" ( attention à ne pas terminer le processus "System" sans le .exe ).
A partir de Filezilla, supprimer:
-C:\autorun.inf
-C:\recycle (icone de la corbeille)
-C:\windows\config\*.exe il doit y avoir 2 fichiers à supprimer, ils ont l'icone d'un dossier windows
-C:\windows\system.exe si votre antivirus ne l'a pas encore supprimé
Ceci est à effectuer sur tout vos disques dur et media amovibles : clés usb, carte mémoires...
Attention: à l'insertion de ces médias, l'autorun va copier le virus sur votre disque dur, donc refaites le nettoyage :/
Par contre pour le dossier system qui s'ouvre au démarrage, il faut modifier des paramètres dans la base de registre.Je vais pas me lancer dans l'explication, ceux qui connaissent la base, vous pouvez voir la clé dans le currentVersion de windowsNT (si je me souvien bien).
