|
|
Auteur
|
Message
|
1
|
|
|
|
Probleme resolu
Bonsoir à tous,
J'ai été assez stupide pour cliquer sur les 2 liens msn qui m'ont contaminé: le virus msn Dance jpeg et le virus contact bloqué. Pourriez-vous m'aider à les supprimer svp?
Merci d'avance pour votre aide.
-->Message édité par Greg40 le 13/05/2008 09:30:03<--
|
|
team sécurité
|
|
|
bonsoir
poste moi tes rapports ici
|
|
|
|
|
MSNFix 1.673
C:\Documents and Settings\Greg\Desktop\MSNFix
Fix exécuté le Fri 02/29/2008 - 19:42:24.14 By Greg
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ALLUSE~1\STARTM~1\carlton
... C:\g7n4l2o4i4v4.exe
... C:\WINDOWS\W139_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\W139_jpg.zip
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\ALLUSE~1\STARTM~1\carlton
.. OK ... C:\g7n4l2o4i4v4.exe
.. OK ... C:\WINDOWS\W139_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\W139_jpg.zip
************************ Suppression des dossiers
/!\ ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier Fri 02292008_194337.51.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:00 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AC425807-4334-41D5-BAB9-15C8F6A7B4C8} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Program Files\Sunbelt Software\iHateSpam\siClientUIHotmail.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Cammaestro 4.2GU build 1105
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?8cab8ad282774ee18ca53e84517b4c47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?8cab8ad282774ee18ca53e84517b4c47
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O22 - SharedTaskScheduler: style 2 - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IFA_Moore Service - Unknown owner - C:\Program Files\Common Files\Primal Pictures Shared\Service\IFA_Moore Service File.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
--
End of file - 11144 bytes
|
|
team sécurité
|
|
|
pourmoi ton rapport et propre
fait ca
Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
(clique à gauche sur scan online).
et post moi le rapport de ce scan ici une fois terminé !
tuto bit defender
|
|
|
|
|
|
|
|
Il me reste que 3 heures de scanning.... C'est vraiment lent. Je posterai donc le resultat du scan demain. Je te contacterai pour te demander ton aide, si cela ne te dérange pas. Merci encore
|
|
|
|
|
|
Il me reste que 3 heures de scanning.... C'est vraiment lent. Je posterai donc le resultat du scan demain. Je te contacterai pour te demander ton aide, si cela ne te dérange pas. Merci encore
|
|
team sécurité
|
|
|
|
|
Win32.Netsky.AA@mm
Spreading: high
Damage: low
Size: 22016 bytes (packed)
Discovered: 2004 Apr 21
SYMPTOMS:
-the presence of the following files:
%windir%\\Jammer2nd.exe (the worm, executabla form)
%windir%\\pk_zip_alg.log (the worm, zipped)
%windir%\\pk_zip1.log ,pk_zip2.log ,...,pk_zip8.log (the archive in base64 format)
-the presence of the following registry key:
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Jammer2nd = "%windir%\\Jammer2nd.exe"
-firewall warning for an application trying to listen on port 665/TCP
-firewall warning for an application trying to connect to the following addresses:
www.nibis.de
www.medinfo.ufl.edu
www.educa.ch
TECHNICAL DESCRIPTION:
The worm will copy itself in %windir%\\Jammer2nd.exe and will create a registry key to make sure it will be run after the next restart. Then, it will create in %windir% folder the following files:
pk_zip_alg.log (the worm, zipped),
pk_zip1.log ,pk_zip2.log ,...,pk_zip8.log (the archive in base64 format).
The worm spreads by e-mail. It searches for e-mail addresses in files having extensions:
.cfg .mbx .mdx .htm .html .asp .wab .doc
.eml .txt .php .vbs .rtf .uin .shtm .cgi
.dhtm .ods .stm .xls .adb .tbb .dbx .mht
.mmf .nch .sht .oft .msg .jsp .wsh .xml
.ppt
The e-mails it sents have the following characteristics:
Subject:
Important
Document
Hello
Information
Hi
Message body:
Important details!
Important notice!
Important document!
Important bill!
Important data!
Important!
Important textfile!
Important informations!
The e-mail contains the worm in a zip archive having one of the following names:
Details.zip
Notice.zip
Important.zip
Bill.zip
Data.zip
Part-2.zip
Textfile.zip
Informations.zip
The worm can perform a Denial Of Service (DoS) attack on the following sites:
www.nibis.de
www.medinfo.ufl.edu
www.educa.ch
The worm listens on port 665/TCP. It will accept connections, write the data received in a file
%N%.exe and will execute that file (where %N% is a random number).
Removal instructions:
Kill the following process:
%windir%\\Jammer2nd.exe
Delete the following files:
%windir%\\Jammer2nd.exe
%windir%\\pk_zip_alg.log
%windir%\\pk_zip1.log ,pk_zip2.log ,...,pk_zip8.log
Delete the following registry key:
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Jammer2nd
ANALYZED BY:
Marius Botis, virus researcher
|
|
team sécurité
|
|
|
|
ce n ai pas le rapport bit defender ca?
|
|
|
|
|
BitDefender Online Scanner - Real Time Virus Report
Generated at: Sat, Mar 01, 2008 - 19:46:21
--------------------------------------------------------------------------------
Scan Info
Scanned Files
315175
Infected Files
5
Virus Detected
Trojan.Dialer.VUY
1
Win32.Netsky.AA@mm
3
Application.Browser.Modifier.Keenvalue.Perfectnav.C
1
|
|
team sécurité
|
|
|
|
oui c est bien le rapport mais il est pas entier je sais pas si il as desinfecter ou pas?
|
|
|
|
|
BitDefender Online Scanner
Scan report generated at: Sat, Mar 01, 2008 - 10:13:20
Scan path: C:\;D:\;E:\;
Statistics
Time
02:23:07
Files
306108
Folders
8202
Boot Sectors
3
Archives
9532
Packed Files
24086
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
984670
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Information][From: 6@mailflip6.edt02.net]=>Bill.zip=>Bill.txt .exe
Infected with: Win32.Netsky.AA@mm
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Information][From: 6@mailflip6.edt02.net]=>Bill.zip=>Bill.txt .exe
Deleted
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Information][From: 6@mailflip6.edt02.net]=>Bill.zip
Updated
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
Update failed
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Hello][From: amelie.martineau@voila.fr]=>Textfile.zip=>Textfile.txt .exe
Infected with: Win32.Netsky.AA@mm
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Hello][From: amelie.martineau@voila.fr]=>Textfile.zip=>Textfile.txt .exe
Deleted
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Hello][From: amelie.martineau@voila.fr]=>Textfile.zip
Updated
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
Update failed
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Important][From: tito77fr@msn.com]=>Part-2.zip=>Part-2.txt .exe
Infected with: Win32.Netsky.AA@mm
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Important][From: tito77fr@msn.com]=>Part-2.zip=>Part-2.txt .exe
Deleted
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Important][From: tito77fr@msn.com]=>Part-2.zip
Updated
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
Update failed
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP715\A0258690.exe
Infected with: Trojan.Dialer.VUY
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP715\A0258690.exe
Deleted
C:\WINDOWS\browserxtras\pn\remove.exe
Detected with: Application.Browser.Modifier.Keenvalue.Perfectnav.C
C:\WINDOWS\browserxtras\pn\remove.exe
Disinfection failed
C:\WINDOWS\browserxtras\pn\remove.exe
Deleted
|
|
team sécurité
|
|
|
ok
c est mieux lol
purge ta restauration system comme ceci
http://bibou0007.com/tutos-et-lexique-f45/purger-la-restauration-du-systeme-t(...)
et dit moi si tu as encore des soucis?
|
|
|
|
|
J'ai fait la restoration du systeme comme indiqué dans ton tutorial. J'ai attendu 3 minutes puis ré-activé la restauration du systeme.
Je vais demander a mes contacts msn s'ils recoivent toujours mes fichiers avec le virus.
Sinon, dis moi si j'ai besoin de faire d'autres scan?
Merci
|
|
|
|
|
|
Je pense que le probleme n'est pas résolu puisque msn m'ouvre une fenetre me disant que je viens de me connecter à msn avec un autre ordinateur... alors que je suis connecté... Pouvez vous m'aider svp?
|
|
team sécurité
|
|
|
commence deja par changer tous tes mot de passe!!
un virus ne ce connect pas a ta place!!
|
|
|
|
|
Ca y est, j'ai changé mes mots de passe.
|
|
team sécurité
|
|
|
|
|
je viens de faire un scan Adaware et il semble que tout soit redevenu normal puisque mon antivirus (macafee) n'a pas détecté les 2 virus msn (alors que c'etait le cas avant ce WE).
Veux tu que je fasse autre chose?
En tout cas merci de ton aide.
|
|
team sécurité
|
|
|
|
nan attend demain pour me dire si tous va bien et si c est le cas tu editeras ton premier message pour mettre resolu a ton titre
|
|
|
1
|
