pc infecter par le virus vbs.redlot (vers)

bonjour,

oui vider le contenu de
c\windows temp
c\windows tempory internet files
+ le répertoire "cookies"
Tout ça pour chaque identité.

Où en es-tu ?

je n est pas commencer ,la je vais mi mettre et je tiens au courans.

bon me revoila, donc j ai fait les manipes, mais la j ai un probleme quand je double clic sur fig1.exe jai le mesage suivant :impossible d importer c/windows bureau fig1.rex le fichier n est pas un scip de registre vous ne pouvez emporter que des fichiers de registre
donc je fit quoi la je suis rester en mode sans echec j attend de tes nouvelles avant de quitter le mode sans echec.la je suis connecter sur mon pc portable.

bon. Reste en mode sans échec surtout pour le moment.

Pour ce fichier reg, vérifie qu'il y a bien la ligne vide à la fin (fais un clic droit sur ce fichier/modifier pour l'ouvrir. Positionne-toi à la fin de la dernière ligne et appuie sur entrée pour créer cette ligne vide si elle n'y est pas déjà.

Puis ferme le fichier (confirme la modification) et reessaye -> dis moi ce que ça donne.

quand je fait un clic droi sur fix1 reg j ai plusieur proposition:
imprimer
edtition
ouvrir avec
couper
copier
creee un racourci
je clic sur quoi?

ouvrir avec -> bloc notes

c est fait donc la apres je fait quoi je l enregistre a nouveau
mais dedans il y a des reponses que tu me donne c est normal

bon j ai trouver mes j ai le meme message

bon. Ouvre encore ce fichier (avec le bloc notes), supprime uniquement ceci :
REGEDIT4

et à la place, exactement au même endroit, sans ligne vide au-dessus, et avec une ligne vide au dessous, tu mets ceci :
Windows Registry Editor Version 5.00

Puis tu reessayes

pourrai tu me dire je le trouve ou ?pour moi il doit y avoir une erreur car j ai toute les quetion et les reponse de ce que l on fait

ben c'est toujours le fichier fix1.reg -> tu l'ouvres et tu le modifies en mettant
Windows Registry Editor Version 5.00
à la place de
REGEDIT4

bon ecoute je n est pas le meme fichier que le document texte j ai du faire une erreur .par contre j ai toujours le document texte sur le bureau je ne peu pas l enregistrer a nouveau

bon je doi savoir pouquoi:voila quand j ai fait enregistrer sous je n avais pas dans type de fichier/tou fichier j avais tous document textevoila mon erreur

et là ça marche ?

je te demande si je peu l enregistrer de nouveau car comme j t es expliquer sur mon dernier message je l ai mal enregistrer

bon on va pas passer cent ans là dessus. Tu vas faire les suppressions manuellement. Mais attention de ne pas te tromper !! vérifie à plusieurs reprises que tu supprimes le bon élément. un doute -> n"hésite pas.
imprime pour voir les caractères en gras. Si tu ne trouves pas quelque chose, ça ne fait rien, c'est possible. Tu me diras quoi.

fais démarrer/exécuter et tu tapes
regedit

vas à la clé HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar

et dans le panneau de droite, supprime "{5AA06644-BC46-4220-A460-47A6EB47C96D}"

vas à la clé HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
et supprime la sous-clé {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}

vas à la clé HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
et supprime la sous-clé {D80C4E21-C346-4E21-8E64-20746AA20AEB}

vas à la clé HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
et dans le panneau de droite, supprime {5AA06644-BC46-4220-A460-47A6EB47C96D}

vas à la clé HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
et supprime la sous-clé {10E42047-DEB9-4535-A118-B3F6EC39B807}

vas à la clé HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
et dans le panneau de droite, supprime Kernel32

vas à la clé HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail
et dans le panneau de droite, supprime EditorPreference

vas à la clé HKEY_CURRENT_USER\Identities\{BDF51EED-75A2-4D00-A343-489129E10293}\Software\Microsoft\Outlook Express\5.0\Mail
et dans le panneau de droite, supprime ces trois valeurs :
Compose Use Stationery
Stationery Name
Wide Stationery Name

vas à la clé HKEY_CLASSES_ROOT\dllFile
et supprime la sous-clé Shell

vas à la clé HKEY_CLASSES_ROOT\dllFile\
et supprime la sous-clé ShellEx

vas à la clé HKEY_CLASSES_ROOT\dllFile
et supprime la sous-clé ScriptEngine

vas à la clé HKEY_CLASSES_ROOT\dllFile
et supprime la sous-clé ScriptHostEncode

ferme l'éditeur de registre et fais la suite

dans toolbar j ai ceci
{5AAO6644-B...OO
{8E718888-42...OO
c est sa que je suprime

pas d'approximation, stp. Mets les noms entiers

dans le panneau de droite de Toolbar c'est ça qu'il faut supprimer
{5AA06644-BC46-4220-A460-47A6EB47C96D}

quand je clic sur toolbar j ai ces chiffre (que je te site plus haut )la memme chose je n est pas de chiffre ecris en entier

dans le panneau de droite, en haut de la fenetre de droite, il y a écrit "nom", "type", "donnée"
place ton curseur juste avant "type", une croix va apparaitre, elle te permettra de décaler les colonnes pour les voir en entier

bon j arrive a la fin mai qund je clique sur le pus de shell je n est pas de sou cles la meme chose pour shellex et la meme chose pour scriphostencode iln y a pas de sous cles

c pas le + de Shell !

quand tu es à la clé à la clé HKEY_CLASSES_ROOT\dllFile clique sur le + de dllfile

si en dessous de la clé dllFile tu vois une clé qui s'appelle Shell tu la supprimes
si en dessous de la clé dllFile tu vois une clé qui s'appelle ShellEx tu la supprimes
si en dessous de la clé dllFile tu vois une clé qui s'appelle ScriptEngine tu la supprimes
si en dessous de la clé dllFile tu vois une clé qui s'appelle ScriptHostEncode tu la supprimes

puis tu fais le reste (ce que je t'avais demandé après avoir cliqué sur fix1.reg)

ah donc je suprime le non shell(c est sa la cles ?moi je pensais que c etait des numero

oui une clé a pratiquement le même icone qu'un dossier jaune.
Lorsque c'est dans le panneau de droite, on dit une valeur.

donc voilà tu supprimes shell,ShellEx ,ScriptEngine et ScriptHostEncode s'ils sont tous là

bon me revoila,je te poste l rapport:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows Me (Millennium Edition)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"(Default)" = (empty string)
"Loap" = ""C:\Program Files\tsaa\asan.exe" -vt mt" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SiS Tray" = "C:\WINDOWS\SYSTEM\SISTRAY.EXE" ["Silicon Integrated Systems Corporation"]
"SiS KHooker" = "C:\WINDOWS\SYSTEM\khooker.exe" ["Silicon Integrated Systems Corporation"]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"CountrySelection" = "pctptt.exe" ["PCtel, Inc."]
"PCTVOICE" = "pctvoice.exe" ["PCtel, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\SYSTEM\hpztsb09.exe" ["HP"]
"HPHUPD05" = "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HPHmon05" = "C:\WINDOWS\SYSTEM\HPHMON05.EXE" ["Hewlett-Packard"]
"WooCnxMon" = "C:\PROGRA~1\WANADOO\CnxMon.exe" [","]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"WOOWATCH" = "C:\PROGRA~1\WANADOO\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [null data]
"LoadQM" = "loadqm.exe" [MS]
"LWBMOUSE" = "C:\MMaestro\BWheel35.exe" [empty string]
"POINTER" = "point32.exe" [MS]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [null data]
"QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."]
"avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"]
"ashMaiSv" = "C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe" ["ALWIL Software"]
"Kernel32" = "C:\WINDOWS\SYSTEM\Kernel.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SchedulingAgent" = "mstask.exe" [MS]
"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]
"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]
"avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
PerUser_CVT_Inis\(Default) = "Installation de Windows - Convertisseur FAT32"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"]
{FC3FE19B-025F-4EA2-7D21-7DC2BE5646C0}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\MQDT.DLL" [file not found]
{D90CFC25-46BB-0E17-910F-3FA688AF63C9}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\LRPTTCNG.DLL" [null data]
{735E1B98-FE50-BCAA-2DF4-D0F88D93C898}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\PHJHL.DLL" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\msohev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Qzip3\(Default) = "{4C156620-A582-11D5-858B-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\QUICKZIP\QZSHLEXT.DLL" [file not found]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\IZARC\IZARCCM.DLL" [null data]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Qzip3\(Default) = "{4C156620-A582-11D5-858B-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\QUICKZIP\QZSHLEXT.DLL" [file not found]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\IZARC\IZARCCM.DLL" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\picasabackground.bmp"


WIN.INI & SYSTEM.INI launch points:
-----------------------------------

SYSTEM.INI
[boot]
"SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\FENÊTR~1.SCR" (Fenêtres volantes.scr) [null data]


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]
"CAMEDIA Master" -> shortcut to: "C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe" ["OLYMPUS OPTICAL CO.,LTD."]
"NkbMonitor.exe" -> shortcut to: "C:\Program Files\Nikon\PictureProject\NkbMonitor.exe" ["Nikon Corporation"]


Enabled Scheduled Tasks:
------------------------

"Démarrage du programme de réglages" -> launches: "walign" [MS]
"Planificateur pour la collecte de données PCHealth" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]
"WebReg 20051027231306" -> launches: "C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\hpqwrg.exe /TaskName 20051027231306 /N "hp photosmart 7600 series" /M Q3010A /S /AP /F 303 /T MY3CA322F2P6" ["Hewlett-Packard Co."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


et pour ce qui es du reste voici ceus que je n est pu suprimer;
1 mediatickts by oin
2 navexel il me demande un code
3 search assitant

je n est pu suprimer:bullseyese network,il ne veu pas le suprimer.
pour tsaa il la suprimer mais ne veu pas le suprime de la corbeille.

il y a encore pas mal de problèmes, même si c'est déjà un peu mieux.
Vas sur ce site http://virusscan.jotti.org/
Colle dans la case à gauche de parcourir
C:\WINDOWS\SYSTEM\Kernel.dll
clique ensuite sur "submit". Un rapport est généré assez rapidement. Dépose le dans ta réponse.
Voilà à quoi doit ressembler ce rapport http://img44.exs.cx/img44/8058/jotti7hl.png

et tu recommences la manip avec ces 2 chemins

C:\WINDOWS\SYSTEM\LRPTTCNG.DLL
C:\WINDOWS\SYSTEM\PHJHL.DLL

bon la je vais passer a je reprendrai apres

Jotti's malware scan 2.99-TRANSITION_TO_3.00
File to upload & scan: Virus

Service
Service load:
0% 100%
File: KERNEL32.DLL
Status:
INCONCLUSIVE (scan still in progress)
MD5 57e5d695e837e8f12be7c3dec5acfa77
Packers detected:
Analyzing...
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Scanning, please wait...
ClamAV
Scanning, please wait...
Dr.Web
Scanning, please wait...
F-Prot Antivirus
Scanning, please wait...
Fortinet
Scanning, please wait...
Kaspersky Anti-Virus
Scanning, please wait...
NOD32
Scanning, please wait...
Norman Virus Control
Scanning, please wait...
UNA
Scanning, please wait...
VBA32
Scanning, please wait...

Powered by
images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/drweb.gif images/f-prot.png images/fortinet.gif images/kaspersky.png images/nod32.gif images/norman.png images/una_logo.jpg images/vba32.png
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, and some people who prefer to remain anonymous... many thanks to all!

Statistics
Last file scanned at least one scanner reported something about: server.vbs, detected by:

Scanner Malware name
AntiVir Trojan/GoboTools
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV VBS.GoboTools.A
Dr.Web X
F-Prot Antivirus VBS/Fraggle.A@dr
Fortinet X
Kaspersky Anti-Virus Trojan-Dropper.VBS.GoboTools
NOD32 X
Norman Virus Control X
UNA X
VBA32 Trojan-Dropper.VBS.GoboTools


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.



Frequently asked questions - Feedback

Debian Valid HTML 4.01!

Page generated by JTPL

Copyright © 2004-2005 Jordi Bosveld <jotti@jotti.org>

tu es allé trop vite
clique sur ce bouton
http://forum.telecharger.01net.com/index.php?forum=microhebdo&page=post&a(...)
et supprime le contenu du message
remplace par le log final (uniquement la partie log, aprsè " Powered by " ça ne nous intéresse pas

en plus ce n'est pas C:\WINDOWS\SYSTEM\Kernell32.dl mais C:\WINDOWS\SYSTEM\Kernell.dll

Jotti's malware scan 2.99-TRANSITION_TO_3.00
File to upload & scan: Virus

Service
Service load:
0% 100%
File: lrpttcng.dll
Status:
INFECTED/MALWARE
MD5 b4cc913f60b80ecbeb00cce4c0473d28
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found Adware.Sahagent.J20.A1
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found not-a-virus:AdWare.Win32.PurityScan.ak
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found Malware.Agent.14 (paranoid heuristics) (probable variant)

Powered by
images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/drweb.gif images/f-prot.png images/fortinet.gif images/kaspersky.png images/nod32.gif images/norman.png images/una_logo.jpg images/vba32.png
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, and some people who prefer to remain anonymous... many thanks to all!

Statistics
Last file scanned at least one scanner reported something about: server.vbs, detected by:

Scanner Malware name
AntiVir Trojan/GoboTools
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV VBS.GoboTools.A
Dr.Web X
F-Prot Antivirus VBS/Fraggle.A@dr
Fortinet X
Kaspersky Anti-Virus Trojan-Dropper.VBS.GoboTools
NOD32 X
Norman Virus Control X
UNA X
VBA32 Trojan-Dropper.VBS.GoboTools


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.



Frequently asked questions - Feedback

Debian Valid HTML 4.01!

Page generated by JTPL

Copyright © 2004-2005 Jordi Bosveld <jotti@jotti.org>

Jotti's malware scan 2.99-TRANSITION_TO_3.00
File to upload & scan: Virus

Service
Service load:
0% 100%
File: phjhl.dll
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 e6b129906ad88a37bcc60394f2396a88
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Trojan.PurityAd
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found not-a-virus:AdWare.Win32.PurityScan.ak
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found AdWare.Win32.PurityScan.ak

Powered by
images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/drweb.gif images/f-prot.png images/fortinet.gif images/kaspersky.png images/nod32.gif images/norman.png images/una_logo.jpg images/vba32.png
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, and some people who prefer to remain anonymous... many thanks to all!

Statistics
Last file scanned at least one scanner reported something about: city.zip, detected by:

Scanner Malware name
AntiVir X
ArcaVir Trojan.Killwin.Aj
Avast X
AVG Antivirus X
BitDefender Trojan.Killwin.C
ClamAV Trojan.Killwin.T
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
UNA X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.



Frequently asked questions - Feedback

Debian Valid HTML 4.01!

Page generated by JTPL

Copyright © 2004-2005 Jordi Bosveld <jotti@jotti.org>

bon tu recommences avec C:\WINDOWS\SYSTEM\Kernell.dll et pas kernell32.dll
et stp ne mets pas la tartine, il n'y a que le log qui nous intéresse, pas la suite

Voilà à quoi doit ressembler ce rapport http://img44.exs.cx/img44/8058/jotti7hl.png

bon ecoute je reviens tou a l heure

je suis obliger de te laisser pour l intant car mon gamin veus internet donc je quitte pour ce soir a demain si biensur tu es la
bonne soirée

me revoila donc je t envois le raports ,mais coup la pas la tartine .






Service load:
0% 100%
File: Kernel.dll
Status:
INFECTED/MALWARE
MD5 62c513c3f14a33590039fa39cf8c6b41
Packers detected:
-
Scanner results
AntiVir
Found VBS/Redlof.A
ArcaVir
Found Trojan.VBS.Manual.x
Avast
Found VBS:Redlof
AVG Antivirus
Found nothing
BitDefender
Found VBS.Redlof.A
ClamAV
Found VBS.Redlof-A
Dr.Web
Found VBS.Redlof
F-Prot Antivirus
Found VBS/Redlof.A@m
Fortinet
Found VBS/RedLof-M
Kaspersky Anti-Virus
Found Virus.VBS.Confi
NOD32
Found VBS/Redolf.A
Norman Virus Control
Found VBS/Redlof_based
UNA
Found nothing
VBA32
Found VBS.Redlof

bonjour,

reposte un log Silent Runners
attend que le message te dise que le scan est terminé 'environ 1 minute)

je suis obliger de faire un scan en passant en mode sans echec,car en mode normale des que je clic sur silenruners je plante.aussi je voulai te dire que j ai etais obliger de desactiver avast quand je t envoyer le rapors de toute a l heure car avaste signlais le virus tous le temps je ne pouvais le fermee dons j ai desactier avast.

tu dois pouvoir autoriser ce script avec Avast. Comment je ne peux pas te dire car je n'ai pas cet antivirus.

quand avast est activer je ne peut pas len cer silen runers car je plante et j ai le message suivant:c\mes document \silenc runers
erreur le serveur RPC n est pas disponible,donc je fait comment?