[RESOLU]trojan win 32 :Small-JMH

[Bilifly]

Vas y tu peux, de toute manière on va scanner tout tes disques durs, y compris l'externe ^^

Allez au travail !, la procédure

[ALUMA]

ok je telecharge les logiciels car je les est pas tous

[ALUMA]

Bonjour a tous
j'ai un probleme avec spybot ,j'ai suivi la procedure sauf adware car lelien n'est plus valable
bon voila mon probleme spybot ne veut plus enlever et je n'est plus de barre de tache que le fond d'ecran et spybot .
de l'aide s'il vous plait merci
PS : felecitation pour le passage au V3

[Bilifly]

Bonsoir à toi

Citation :bon voila mon probleme spybot ne veut plus enlever et je n'est plus de barre de tache que le fond d'ecran et spybot .
de l'aide s'il vous plait merci

Heink¿ j'ai rien compris
Spybot ne veut plus enlever quoi ? tu peux être plus clair ?

Merci pour la V3

[ALUMA]

bonjour
bilifly j'ai reussi a redemarer l'ordi mais le virus est toujour la .Ca na rien fait la procedure que j'ai suivi et maintenant quand j'eteind le pc et que je le rallume il y a une page bleu écrit ,je n'est pas le temps de la lire ensuite j'ai la page noir ou il est ecrit (demarrer en mode sans échec ou demarrer windows normalement)pour vous situer ,alors que avant je ne l'avais pas.
j'ai scanner avec avast et la il le trouve dans c:/systeme volume .........
mais je n'arrive ni a le supprimer directement ni apres l'avoir mis en quarantaine.

[Bilifly]

Bonsoir ALUMA

As-tu désactivé la restauration du système ? c'est pourtant indiqué au début de la procédure

[ALUMA]

comment faire pour désactivé la restauration systeme slt

[ALUMA]

j'ai fait un scan avec antivir voila ce que sa donne
Trojan-Dropper.Win32.Agent.ere

AntiVir PersonalEdition Classic
Report file date: mercredi 27 février 2008 23:03

Scanning for 1126829 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MATHOUX-D588644

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:56:32
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 21:56:32
ANTIVIR3.VDF : 7.0.2.203 88064 Bytes 27/02/2008 21:56:32
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 27/02/2008 21:56:34
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/02/2008 21:56:35
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 27 février 2008 23:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb04.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\Documents and Settings\MATHOUX\Local Settings\Temp\winlogon.exe
[WARNING] The file could not be opened!
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\MATHOUX\Local Settings\Temp\winlogon.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\MATHOUX\Mes documents\bsplayer214.942_clip.exe
[DETECTION] Contains detection pattern of the dropper DR/WhenU.A.8
[INFO] The file was moved to '4835e483.qua'!
C:\RECYCLER\S-1-5-21-117609710-842925246-1060284298-1004\Dc5.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47faeb15.qua'!
C:\System Volume Information\_restore{1B92FA4B-DE4B-4391-A991-35E28078C930}\RP357\A0123252.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f6eb00.qua'!


End of the scan: jeudi 28 février 2008 00:17
Used time: 1:14:56 min

The scan has been done completely.

3908 Scanning directories
203567 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
203564 Files not concerned
1790 Archives were scanned
4 Warnings
1 Notes

[ALUMA]

[Bilifly]

Bonsoir à toi

Déjà tu as deux antivirus, Avast et Antivir, désinstalles en un

Et pour désactiver la restauration du système, c'est indiqué tout au début de la procédure, regarde bien