Besoin d'aide contre win32:Vundo@dll

Lucie -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

mon ordinateur est infecté par le virus win32:Vundo@dll et aujourd'hui avast m'a également trouvé win32:Vundrop[drp]
j'ai utilisé vundofix, mais il ne me trouve rien du tout...

que dois je faire ??

Merci de votre aide...
Configuration: Windows Vista
Firefox 2.0.0.14

5 réponses

  1. Lucie
     
    bon j'avais commencé le scan en mode normal alors voici déja le premier rapport :

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 793

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 170908
    Temps écoulé: 46 minute(s), 26 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 41

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Users\Lucie\AppData\Local\Temp\fccbYrss.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Windows\System32\iifeeBTN.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\Lucie\AppData\Local\Temp\fccbYrss.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\iifeeBTN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CA18YLZD (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CA48S7L2 (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CAC21QUR (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CAHZCKFV (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[10] (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[11] (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4CABPNNIA (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4CAMRK6S8 (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAEVTU9V (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAF65VDI (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAM160VP (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[10] (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[11] (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CA2IBMOW (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CA7Z1VL5 (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CACVW96I (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CAIXWCGX (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CAUYHB9U (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\eFWMCRlK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\jkkJcBsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\khfCsrqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\khfCvVpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\tmp00018a73 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\tmp00018b2e (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\tmp00019f89 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\tmp0001abb9 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Lucie\AppData\Local\Temp\xxyyaARi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    je vais redémarrer en mode sans échec et je renvoie le rapport tout de suite après !
    0
  2. Lucie
     
    en mode sans echec il a retrouvé un seul fichier infecté :

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 793

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 167594
    Temps écoulé: 27 minute(s), 35 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    que dois je faire maintenant ?
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    ________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0