Banbounet

Pas de chance pour moi : avast vient de me faire des alertes sur Win32:Agent-VM. M'énerve tout ça... Je vous mets le journal avast, si ça peut aider. 03/12/2005 16:07:58 SYSTEM 504 Sign of "Win32:Mytob-DC [Wrm]" has been found in "E-mail 'Important Notification' De : [email protected], A : [email protected]\email-info.zip#493298867" file. 04/12/2005 18:35:52 SYSTEM 1976 Sign of "Win32:Netsky-P [Wrm]" has been found in "E-mail 'Re: A!p$ghsa' De : [email protected], A : [email protected]\details03.txt .pif#744319258" file. 04/12/2005 18:37:32 SYSTEM 1976 Sign of "Win32:Mytob-DC [Wrm]" has been found in "E-mail 'Sagrpdnmgxrrmqr' De : [email protected], A : [email protected]\account-password.zip#1331964488" file. 04/12/2005 18:37:36 SYSTEM 1976 Sign of "Win32:Mytob-DC [Wrm]" has been found in "E-mail 'ACCOUNT ALERT' De : [email protected], A : [email protected]\email-info.zip#2207951845" file. 04/12/2005 18:37:41 SYSTEM 1976 Sign of "Win32:Netsky-P [Wrm]" has been found in "E-mail 'Re: Request' De : [email protected], A : [email protected]\details05.zip#4253473385" file. 04/12/2005 18:37:45 SYSTEM 1976 Sign of "Win32:Netsky-P [Wrm]" has been found in "E-mail 'Mail Delivery (failure [email protected])' De : [email protected], A : [email protected]\message.scr#744319258" file. 05/12/2005 00:15:40 SYSTEM 1968 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 05/12/2005 00:15:41 SYSTEM 1968 An error has occured while attempting to update. Please check the logs. 05/12/2005 10:52:48 SYSTEM 2016 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 05/12/2005 10:52:49 SYSTEM 2016 An error has occured while attempting to update. Please check the logs. 08/12/2005 08:35:21 SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 08/12/2005 08:35:22 SYSTEM 1972 An error has occured while attempting to update. Please check the logs. 08/12/2005 19:46:06 SYSTEM 1972 Sign of "Win32:Mytob-DC [Wrm]" has been found in "E-mail '*WARNING* Your Email Account Will Be Closed' De : [email protected], A : [email protected]\account-info.zip#2979931750" file. 08/12/2005 19:46:25 SYSTEM 1972 Sign of "Win32:Mytob-DC [Wrm]" has been found in "E-mail 'Account Alert' De : [email protected], A : [email protected]\email-info.zip#3582857432" file. 08/12/2005 19:46:32 SYSTEM 1972 Sign of "Win32:Netsky-P [Wrm]" has been found in "E-mail 'Mail Authentication' De : [email protected], A : [email protected]\pgp_sess01_rebrion.alban.pif#744319258" file. 09/12/2005 00:29:53 SYSTEM 1972 Sign of "VBS:Malware [script]" has been found in "http://69.31.84.84/default.php?id=93256&c=qvU1m1qH3VQ40n5682Rp485NmFKvi857" file. 09/12/2005 00:29:57 SYSTEM 1972 Sign of "VBS:Malware [script]" has been found in "http://69.31.84.84/default.php?id=93256&c=jUx1v1P93uH40kjj8oRS4j5ENFFib980" file. 10/12/2005 14:26:46 SYSTEM 1964 Sign of "VBS:Malware [script]" has been found in "http://69.31.84.84/default.php?id=93256&c=uLs1U1Sp3Bc42VSP24RH1v18mFipm9S9" file. 11/12/2005 02:32:52 SYSTEM 1964 Sign of "VBS:Malware [script]" has been found in "http://69.31.84.84/default.php?id=93256&c=Ups1M1UJ3PU42tsp6XR04t7ZMFqfO8U7" file. 11/12/2005 02:33:46 SYSTEM 1964 Sign of "VBS:Malware [script]" has been found in "http://69.31.84.84/default.php?id=93256&c=9VM1J1O43de424Ot6jR04f8T9FQr14m1" file. 13/12/2005 00:43:41 SYSTEM 1928 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 13/12/2005 00:43:41 SYSTEM 1928 An error has occured while attempting to update. Please check the logs. 17/12/2005 02:31:47 SYSTEM 1948 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 17/12/2005 02:31:47 SYSTEM 1948 An error has occured while attempting to update. Please check the logs. 18/12/2005 13:09:28 SYSTEM 1924 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 18/12/2005 13:09:29 SYSTEM 1924 An error has occured while attempting to update. Please check the logs. 22/12/2005 22:17:26 SYSTEM 1972 Sign of "Win32:Netsky-P [Wrm]" has been found in "E-mail 'Re: Submit a Virus Sample' De : [email protected], A : [email protected]\signature.zip#250089449" file. 22/12/2005 22:17:56 SYSTEM 1972 Sign of "Win32:Netsky-P [Wrm]" has been found in "E-mail 'Mail Delivery (failure [email protected])' De : [email protected], A : [email protected]\message.scr#744319258" file. 22/12/2005 22:18:05 SYSTEM 1972 Sign of "Win32:Mytob-DC [Wrm]" has been found in "E-mail 'Important Notification' De : [email protected], A : [email protected]\information.zip#2141968109" file. 22/12/2005 22:18:10 SYSTEM 1972 Sign of "Win32:Netsky-P [Wrm]" has been found in "E-mail 'Mail Delivery (failure [email protected])' De : [email protected], A : [email protected]\message.scr#744319258" file. 07/06/2006 12:50:38 SYSTEM 272 Sign of "VBS:Malware " has been found in "http://www.mt-download.com/mtrslib2.js" file. 30/06/2006 11:16:10 SYSTEM 2008 Sign of "VBS:Malware [Gen]" has been found in "http://bestcount.net/adv/021/count.jar\BlackBox.class" file. 30/06/2006 11:16:12 SYSTEM 2008 Sign of "VBS:Malware [Gen]" has been found in "http://countbest.net/adv/109/count.jar\BlackBox.class" file. 08/09/2006 10:43:45 SYSTEM 1512 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 08/09/2006 10:43:46 SYSTEM 1512 An error has occured while attempting to update. Please check the logs. 22/09/2006 10:16:21 SYSTEM 316 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 22/09/2006 10:16:21 SYSTEM 316 An error has occured while attempting to update. Please check the logs. 29/09/2006 03:10:33 SYSTEM 1512 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 29/09/2006 03:10:34 SYSTEM 1512 An error has occured while attempting to update. Please check the logs. 29/09/2006 07:17:08 SYSTEM 1512 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 29/09/2006 07:17:09 SYSTEM 1512 An error has occured while attempting to update. Please check the logs. 06/10/2006 10:44:35 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\Documents and Settings\All Users\Documents\setup.exe\[uPX]" file. 06/10/2006 10:44:39 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\setup.exe\[uPX]" file. 06/10/2006 10:44:41 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "D:\setup.exe\[uPX]" file. 06/10/2006 11:12:27 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\Documents and Settings\All Users\Documents\setup.exe\[uPX]" file. 06/10/2006 11:12:29 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\setup.exe\[uPX]" file. 06/10/2006 11:12:31 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "D:\setup.exe\[uPX]" file. 06/10/2006 12:31:38 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\Documents and Settings\All Users\Documents\setup.exe\[uPX]" file. 06/10/2006 17:53:07 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\Documents and Settings\All Users\Documents\setup.exe\[uPX]" file. 06/10/2006 17:53:12 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\setup.exe\[uPX]" file. 06/10/2006 17:53:15 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "D:\setup.exe\[uPX]" file. 06/10/2006 18:27:23 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\Documents and Settings\All Users\Documents\setup.exe\[uPX]" file. 06/10/2006 18:27:26 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\setup.exe\[uPX]" file. 06/10/2006 18:27:28 SYSTEM 1476 Sign of "Win32:Agent-VM [Trj]" has been found in "D:\setup.exe\[uPX]" file. 07/10/2006 01:46:37 SYSTEM 1064 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\Documents and Settings\All Users\Documents\setup.exe\[uPX]" file. 07/10/2006 01:46:39 SYSTEM 1064 Sign of "Win32:Agent-VM [Trj]" has been found in "C:\setup.exe\[uPX]" file. 07/10/2006 01:46:41 SYSTEM 1064 Sign of "Win32:Agent-VM [Trj]" has been found in "D:\setup.exe\[uPX]" file.

Bonjour, ou plutôt bonsoir. Sur les conseils d'un prof de sécurité des réseaux (M. Wolf P., enseignant à la DCSSI), j'ai installé avast. Selon lui, pourquoi payé 60 € pour un anti-virus qui ne peux garantir une sécurité absolue, et il renvoie à l'affaire Guillermito (voici le lien pour plus d'info. Mais depuis deux jours, avast me fais plein d'alertes : Sign of "Win32:Agent-VM [trj]" has been found in "C:\setup.exe\[uPX]" file, in "D:\..." et encore un dans "document and settings" Sur votre forum, j'ai vu que plusieurs personnes avaient rencontré ce problème, et je sollicite donc votre aide. J'ai suivi à la lettre la procédure de pré-nettoyage, et il m'a fallu 3 scan avec antivir pour supprimer les 3 fichiers (alors qu'avast, même en scan minutieux, ne trouvait rien, tout en continuant de me faire des alertes) et je vous poste le rapport de HijackThis. J'attends votre réponse avec impatience. Merci d'avance. Logfile of HijackThis v1.99.1 Scan saved at 01:10:25, on 07/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\Mixer.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\Resources\Themes\DameK UltraBlue\AquaDock\Aqua Dock.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F3 - REG:win.ini: run= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe O4 - HKLM\..\Run: [EasyMod] C:\Program Files\EasyBox\EasyMod.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Aqua Dock.lnk = C:\WINDOWS\Resources\Themes\DameK UltraBlue\AquaDock\Aqua Dock.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118619817531 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe