Trojan horse

romain -  
 Gaelgroove -
bonjour je souhaiterai savoir comment se débarrasser de "the trojan horse TR/Dlr.Wintri.BC.1 "paske moi j y arrive pa et sa commence a me prendre la téte alors je ne dirai k une chose "HELP !! " merci d avance !

6 réponses

  1. bernie61
     
    Salut
    Pour un trojan, toujours même procédure: l'effacer là où il est selon ton alerte; c'est plus facile si tu effaces en mode sans échec ou VGA et s'il est dans Restore ou System Volume... alors désactiver restauration système sur XP ou windowsMe;
    A+
    0
  2. romain
     
    toujours pa d réponse a mon probléme : j ai un trojan horse mon antivirus le détecte j le supprime mai a chak foi ke je redémarre mon PC il revient j ai téléchargé antitrojan shield et trojan remover mai ils ne détecte rien QUE FAIRE ? je n y connai pa grand chose alors si quelqu un pouvait m ai der sa serait sympa MERCI
    0
  3. bernie61
     
    Re salut
    ouvre le fichier .log de ton antivirus pour savoir où est ton trojan si tu sais plus et suis le post 1 ci-dessus
    A+
    0
    1. romain
       
      voila ce k il ya dans log :05/07/2004,21:59 AVGuard has scanned the following file:
      C:\DOCUMENTS AND SETTINGS\ROMAIN\BUREAU\TRJSETUP.EXE
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,21:59 AVGuard has scanned the following file:
      C:\DOCUMENTS AND SETTINGS\ROMAIN\BUREAU\NFS UNDERGROUND.LNK
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,21:59 AVGuard has scanned the following file:
      C:\PROGRAM FILES\WINRAR\RAREXT.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,21:59 AVGuard has scanned the following file:
      C:\PROGRAM FILES\EA GAMES\NFS UNDERGROUND\SPEED.EXE
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000064
      05/07/2004,21:59 AVGuard has scanned the following file:
      C:\PROGRA~1\TROJAN~1\TRSHLEX.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,21:59 AVGuard has scanned the following file:
      C:\WINDOWS\SYSTEM32\SYNCUI.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,21:59 AVGuard has scanned the following file:
      C:\PROGRAM FILES\AVPERSONAL\AVSHLEXT.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU DéMARRER\PROGRAMMES\ACCESSOIRES\OUTILS SYSTèME\NETTOYAGE DE DISQUE.LNK
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU DéMARRER\PROGRAMMES\ADOBE
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\WINDOWS\SYSTEM32\SHGINA.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\WINDOWS\SYSTEM32\DUSER.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\WINDOWS\SYSTEM32\MSGINA.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\WINDOWS\SYSTEM32\ODBC32.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\WINDOWS\SYSTEM32\ODBCINT.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\WINDOWS\RESOURCES\THEMES\LUNA\SHELL\NORMALCOLOR\SHELLSTYLE.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\DOCUMENTS AND SETTINGS\VIDAL GUILLAUME\MES DOCUMENTS\DESKTOP.INI
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\WINDOWS\SYSTEM32\WIASHEXT.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\WINDOWS\SYSTEM32\STI.DLL
      [INFO] User access to the file has been allowed.
      Requesting PID=1928 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\UNWISE.EXE
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000060
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\DIRECTX
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000010
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\EMULE
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\COMPLUS APPLICATIONS
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\EA GAMES
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\COMMON FILES
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\FICHIERS COMMUNS
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\CLEANER 5 EZ
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\AVPERSONAL
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\PROGRAM FILES\AVPERSONAL\DELUS.EXE
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000860
      05/07/2004,22:00 AVGuard has scanned the following file:
      C:\PROGRAM FILES\AVPERSONAL\AVNT.EXE
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000860
      05/07/2004,22:00 WARNING: AVGuard detected a problem in the file
      C:\PROGRAM FILES\AVPERSONAL\INFECTED
      [ERROR] Unable to open the file [13].
      Error Code: 13
      INFO: The access to the file has been denied!
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00004020
      05/07/2004,22:02 AVGuard has scanned the following file:
      C:\RECYCLER\S-1-5-21-1715567821-436374069-839522115-1005\INFO2
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=OPEN DesiredAccess=0x00000001 CreateOptions=0x00000860
      05/07/2004,22:02 AVGuard has scanned the following file:
      C:\RECYCLER\S-1-5-21-1715567821-436374069-839522115-1005\INFO2
      [INFO] User access to the file has been allowed.
      Requesting PID=652 Mode=CLOSE DesiredAccess=0x00000002 CreateOptions=0x00000860
      0
    2. bernie61
       
      Resalut
      ouvre le fichier NTGRDRT.LOG de ton AntiVir et regarde là;
      A+
      0
      1. Karina > bernie61
         
        Bonjour,
        Moi aussi j'ai le probleme des chevaux :o( . Et pour en revenir au conseil numero 1 : comment fait on pour effacer les virus Troj en mode sans echec ???
        Merci beaucoup
        Karine
        0
      2. Karine > bernie61
         
        Merci Bernie,
        Je vais essayer en suivant les conseils du lien...
        Karine
        0
  4. Thomas
     
    Bien le bonjour.
    De mon côté, le Trojan Horse a eu la bonne idée de se mettre sur mon anti virus. (Symantec, dans le system32 pour faciliter les choses).
    Donc quand j'essaye de le supprimer, il refuse vu qu'il est sur un programme ouvert
    Et vu que c'est sur un portable que le boulot a prêté durant lecongé maternité, j'hésite à supprimer des applica
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Gaelgroove
     
    Salut a tous.
    Pour tous les petits problémes de ce genre rien de telle qu'un petit tour dans la base des registres.
    Menu démarrer,exécuter et vous tapez Regedit.
    Puis dans edition,rechercher et là vous tapez le noms du trojan plusieur fois,effacer dans la partie de droite les lignes qui comporte
    le NOM.
    Retapez le nom dans rechcher jusqu'a la fenêtre: Recherch dans le registre terminé.
    Voilà,il n'y à plus qu'a essayer.
    Gaelgroove de Lens.@+
    0