infection XP spyware 2009

[fuzzo]

Salut a tous, d'abords un grand merci au créateur de Malware software! et surtout de l'aide immense et bénévole que des gens donnent a des noobies de l'informatique via les forums. On dirait pas comme ca, mais vous etres d'une grande aide en cas de problemes comme celui-ci. Alors merci les gars!!

 

Donc malware vient de nettoyer mon PC de cette sal***** de virus (cf. titre)

 

Donc j'avais Xp spyware 2009 en icone dans ma barre de tache, apparement pas installé car mon fond d'ecran est resté inchangé (pas comme le message d'alerte du mois dernier ou j'ai été obligé de réinstallé windows) non visible dans Programme file et dans le menue pour disintallé les programmes.

 

voici le rapport généré par malware lors de mon infection d'il y a environs 1heure :

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1310

Windows 5.1.2600 Service Pack 2

 

23/10/2008 20:13:23

mbam-log-2008-10-23 (20-13-23).txt

 

Type de recherche: Examen rapide

Eléments examinés: 89602

Temps écoulé: 43 minute(s), 15 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 13

Fichier(s) infecté(s): 22

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917 (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\Account.1716 (Retrieved after unexpected restart.)\Application Data\rhc3kjj0e917\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

D:\Documents and Settings\julien\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

D:\Documents and Settings\julien\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

D:\Documents and Settings\julien\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSlxcp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.

D:\Documents and Settings\Julien.SN115068160310\Local Settings\Temp\TDSS4a08.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

D:\Documents and Settings\Julien.SN115068160310\Local Settings\Temp\TDSS4a18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

D:\Documents and Settings\Julien.SN115068160310\Local Settings\Temp\TDSS4c3a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS5d03.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS5e9a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSarxx.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSScfmm.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSScube.log (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoity.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSvoql.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSxhyf.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Par contre une question:

 

Au démarrage spybot me signal des modifs importante quant au registre, lors de l'infection je les ai toute refusées de peur de voir mon PC KO. Dois-je les accéptés la prochaine fois ?

 

Dernier petite infos, spybot n'est vraiment pas terrible, il ne me trouvais rien a chaque fois tandis que malware m'en a trouvé 39. Allez cherché l'erreur ? Spybot a proscrire ?

 

PS:Devant mon inquietude, j'ai dis a mon frangin d'en faire un , le constat est sans appel il est avait 152

 

Tout commentaire et réponses sont les bienvenues.

 

Et encore merci pour votre aide!

 

(Mon probleme de bande passante etait peut etre dus a ces infections)

[pear]

Bonsoir ,

c'est le tea timer de Spybot qui vous avertit et qu'il faut toujours désactiver avant d'utiliser un outil de désinfection.

[fuzzo]

désactiver spybot ?

 

je refais donc une analyse malware en ayant désactiver le resident spybot.

 

Quelqu'un peut me dire pourquoi spybot n'a rien fait contre ce virus ?

Modifié le 23 octobre 2008 par fuzzo