Infections multiples de spy & trojan

[Charlie_Ness]

Salut Bruce Lee !

ok c'est fait :

 

Sat Feb 24 15:03:51 2007 => **********************************************************

Sat Feb 24 15:03:52 2007 => eScan AntiVirus Toolkit Utility.

Sat Feb 24 15:03:52 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.

Sat Feb 24 15:03:52 2007 => **********************************************************

Sat Feb 24 15:03:52 2007 => Version 4.4.7

Sat Feb 24 15:03:52 2007 => Log File: C:\KASPER~1\mwav.log

Sat Feb 24 15:03:52 2007 => Latest Date of files inside MWAV: 23 Feb 2007 07:10:29.

Sat Feb 24 15:03:54 2007 => AV Library Loaded...

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\kavss.exe

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\Getvlist.exe

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\kavss.dll

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\kavssdi.dll

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\kavssi.dll

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\kavvlg.dll

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\msvlclnt.dll

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\ipc.dll

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\main.avi

Sat Feb 24 15:03:54 2007 => Scanning File C:\KASPER~1\virus.avi

Sat Feb 24 15:03:55 2007 => Virus Database Date: 2007/02/23

Sat Feb 24 15:03:55 2007 => Virus Database Count: 272614

Sat Feb 24 15:04:07 2007 => AV Library Unloaded (3)...

Sat Feb 24 15:56:49 2007 => **********************************************************

Sat Feb 24 15:56:49 2007 => eScan AntiVirus Toolkit Utility.

Sat Feb 24 15:56:49 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.

Sat Feb 24 15:56:49 2007 => **********************************************************

Sat Feb 24 15:56:49 2007 => Version 4.4.7

Sat Feb 24 15:56:49 2007 => Log File: C:\KASPER~1\mwav.log

Sat Feb 24 15:56:52 2007 => Latest Date of files inside MWAV: 23 Feb 2007 07:10:29.

Sat Feb 24 15:56:58 2007 => AV Library Loaded...

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\kavss.exe

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\Getvlist.exe

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\kavss.dll

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\kavssdi.dll

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\kavssi.dll

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\kavvlg.dll

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\msvlclnt.dll

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\ipc.dll

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\main.avi

Sat Feb 24 15:56:59 2007 => Scanning File C:\KASPER~1\virus.avi

Sat Feb 24 15:56:59 2007 => Virus Database Date: 2007/02/23

Sat Feb 24 15:56:59 2007 => Virus Database Count: 272614

 

Sat Feb 24 15:57:50 2007 => **********************************************************

Sat Feb 24 15:57:50 2007 => eScan AntiVirus Toolkit Utility.

Sat Feb 24 15:57:50 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.

Sat Feb 24 15:57:50 2007 =>

Sat Feb 24 15:57:50 2007 => Support: [email protected]

Sat Feb 24 15:57:50 2007 => Web: http://www.mwti.net

Sat Feb 24 15:57:50 2007 => **********************************************************

Sat Feb 24 15:57:50 2007 => Version 4.4.7

Sat Feb 24 15:57:50 2007 => Log File: C:\KASPER~1\mwav.log

Sat Feb 24 15:57:50 2007 => Latest Date of files inside MWAV: 23 Feb 2007 07:10:29.

 

Sat Feb 24 15:57:50 2007 => Options Selected by User:

Sat Feb 24 15:57:50 2007 => Memory Check: Enabled

Sat Feb 24 15:57:50 2007 => Registry Check: Enabled

Sat Feb 24 15:57:50 2007 => StartUp Folder Check: Enabled

Sat Feb 24 15:57:50 2007 => System Folder Check: Enabled

Sat Feb 24 15:57:50 2007 => System Area Check: Disabled

Sat Feb 24 15:57:50 2007 => Services Check: Enabled

Sat Feb 24 15:57:50 2007 => Drive Check: Disabled

Sat Feb 24 15:57:50 2007 => All Drive Check :Enabled

Sat Feb 24 15:57:50 2007 => Scanning Type: Scan And Clean

Sat Feb 24 15:57:50 2007 => Folder Check: Disabled

 

Sat Feb 24 15:57:51 2007 => ***** Scanning Registry Files *****

 

[ ... ]

 

 

Sun Feb 25 01:04:48 2007 => ***** Scanning complete. *****

 

Sun Feb 25 01:04:48 2007 => Total Number of Files Scanned: 365299

Sun Feb 25 01:04:48 2007 => Total Number of Virus(es) Found: 21

Sun Feb 25 01:04:48 2007 => Total Number of Disinfected Files: 0

Sun Feb 25 01:04:48 2007 => Total Number of Files Renamed: 17

Sun Feb 25 01:04:48 2007 => Total Number of Deleted Files: 1

Sun Feb 25 01:04:48 2007 => Total Number of Errors: 58

Sun Feb 25 01:04:48 2007 => Time Elapsed: 04:28:18

Sun Feb 25 01:04:48 2007 => Virus Database Date: 2007/02/23

Sun Feb 25 01:04:48 2007 => Virus Database Count: 272614

 

Sun Feb 25 01:04:48 2007 => Scan Completed.

 

Sun Feb 25 01:23:34 2007 => Virus Database Date: 2007/02/23

Sun Feb 25 01:23:34 2007 => Virus Database Count: 272614

Sun Feb 25 01:24:38 2007 => AV Library Unloaded (3)...

 

***** Virus trouvés *****

 

File C:\Documents and Settings\Charly\Favoris\Références\fonts\kers Design Web Site___Design Font (????·????) ¦ Maniackers Design Web Site___Design Font (????·????) ¦ Maniac.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File C:\Documents and Settings\Charly\Favoris\Références\Nippon\??????? DESIO.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File C:\Program Files\ESET\infected\41XO31DA.NQF tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.

 

File C:\System Volume Information\_restore{8C6A8BEC-3180-4F5B-BFC7-F003AF0BFC77}\RP300\A0118012.exe infected by "Backdoor.Win32.HacDef.bo" Virus. Action Taken: File Renamed.

 

File C:\System Volume Information\_restore{8C6A8BEC-3180-4F5B-BFC7-F003AF0BFC77}\RP300\A0118014.exe infected by "Backdoor.Win32.HacDef.bo" Virus. Action Taken: File Renamed.

 

File C:\VundoFix Backups\yudvqemx.dll.bad infected by "Trojan.Win32.BHO.g" Virus. Action Taken: File Deleted.

 

File C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe tagged as not-a-virus:RiskTool.Win32.WFPDisabler.a. No Action Taken.

 

File F:\Bench-web\Galaxy_M21\www.asahi-net.or.jp\?????(???)-0421updated.htm infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Bench-web\Galaxy_M21\????=?????????.htm infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Amadou & Mariam\Amadou et Mariam - Dimanche a` Bamako - 12 - Taxi Bamako.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Bernard Lavillier\Bernard Lavilliers - 03 - L'e´te´.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Purebrazil2 Maracatu Ato^mico.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File F:\Musiques Partagées\Purebrazil4 Flor de Maracuja´.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Purebrazil6 Re´u Confesso.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Purebrazil9 E´ Isso Ai´.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Purebrazil\10 Os Alquimistas Esta~o Chegando Os Alquimistas.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Purebrazil\11 A Beleza E´ Voce^, Menina.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Purebrazil\12 Nega de Obaluae^.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Purebrazil\13 Mane´ Joa~o.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\Musiques Partagées\Purebrazil\20 Balanc¸a Pema.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

File F:\System Volume Information\_restore{8C6A8BEC-3180-4F5B-BFC7-F003AF0BFC77}\RP300\A0118022.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.d. No Action Taken.

[bruce lee]

re,

 

Tes infections proviennent de telechargement avec des programmes tel emule.... Vire tous les fichiers que tu as téléchargé avec emule ou autres programmes de telechargement.

 

Suis scrupuleusement les instructions de ce lien (desactive et réactive la restauration de systeme)

 

http://service1.symantec.com/SUPPORT/INTER...020830101856924

 

As tu encore des problemes avec ton PC?

[Charlie_Ness]

Bonjour Bruce Lee!

 

Ben... justement c'est la lecture des résultats qui m'inquiète un peu :

Mais tu me diras, que la suite est peut-être évidente, mais j'ai quand même un doute... ?

 

=======================================

Sun Feb 25 01:04:48 2007 => Total Number of Virus(es) Found: 21

Sun Feb 25 01:04:48 2007 => Total Number of Disinfected Files: 0

Sun Feb 25 01:04:48 2007 => Total Number of Files Renamed: 17

Sun Feb 25 01:04:48 2007 => Total Number of Deleted Files: 1

=======================================

 

21 virus trouvés et désinfectés : zéro (?)

Est-ce à dire que la démarche à suivre est donc de suprimer tous les fichiers incriminés ?

 

Quand aux fichiers renommés, tous ceux qui sont nommés "Renamed"

sont toujours présents aux mêmes emplacements. (sans le dit fichier renommé...)

Mais peut-etre est-il par la suite, placé ailleurs?

 

Mille Merci d'avance pour ces éclaircissements !

Muchas Gracias Hombré !!!!!!!!

[bruce lee]

Salut Charlie_Ness,

 

 

Oui, supprimes les fichiers infectés.

 

Pour:

 

File C:\System Volume Information\_restore{8C6A8BEC-3180-4F5B-BFC7-F003AF0BFC77}\RP300\A0118012.exe infected by "Backdoor.Win32.HacDef.bo" Virus. Action Taken: File Renamed.

 

N'y touche pas mais fais ceci steplait:

 

 

Suis scrupuleusement les instructions de ce lien (desactive et réactive la restauration de systeme)

 

http://service1.symantec.com/SUPPORT/INTER...020830101856924

 

refais ensuite un nouveau scan en ligne avec kaspersky puis poste le rapport

 

@+