Home > General > Trojan-downloader.win32.conhook.te/virtumonde

Trojan-downloader.win32.conhook.te/virtumonde

C:\WINDOWS\SYSTEM32\yayxuvu.dll PS: Il faut cliker sur Fix Checked ;-) A+ Donnez votre avis Utile +0 Signaler louiz 24Messages postés vendredi 14 juillet 2006Date d'inscription 15 mai 2007 Dernière intervention 15 juil. Elapsed time 00:00:00 ******** 14:47: | Start of Session, samedi 15 juillet 2006 | 14:47: Spy Sweeper started 14:47: Sweep initiated using definitions version 719 14:47: Starting Memory Sweep 14:53: Memory Tu relance un scan avec spy sweeper et donne le rapport a+ Donnez votre avis Utile +0 Signaler louiz 24Messages postés vendredi 14 juillet 2006Date d'inscription 15 mai 2007 Dernière intervention By default, this is C:\Windows or C:\Winnt. Source

J'ai téléchargé HijackThis que j'ai placé sur le bureau et effectué un scan dont voici le rapport : Logfile of HijackThis v1.99.1 Scan saved at 19:52:44, on 14/07/2006 Platform: Windows XP Merci Afficher la suite [Troajn-Virus]trojan-downloader-conhook [Trojan-Virus] Trojan downloader. System Error. Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task

Checking for Winlogon reference. [07/15/2006, 14:30:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/15/2006, 14:30:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/15/2006, 14:30:56] - Finished Searching Browser Helper Objects [07/15/2006, 14:30:56] - Finishing up... C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : No action taken. C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : No action taken.

A typical path is C:\Program Files. %System% is a variable that refers to the System folder. It accesses Web sites to download possible malicious files related to TROJ_FAKEAV family. Et après reposte un rapport de spy sweeper. Donnez votre avis Utile +0 Signaler Regis59 21192Messages postés mardi 27 juin 2006Date d'inscription Contributeur sécuritéStatut 22 juin 2016 Dernière intervention 14 juil. 2006 à 22:56 Salut Avec ewido, lors du

Antivirus Version Update Result AntiVir 6.35.0.21 07.15.2006 ADSPY/Virtumonde.B Authentium 4.93.8 07.14.2006 no virus found Avast 4.7.844.0 07.14.2006 no virus found AVG 386 07.14.2006 no virus found BitDefender 7.2 07.15.2006 no virus C:\Documents and Settings\Louiz\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken. :mozilla.167:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken. :mozilla.168:C:\Documents and Settings\Louiz\Application Data\Mozilla\Firefox\Profiles\2zpcnyvb.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken. :mozilla.169:C:\Documents and By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). %Temp% is a variable that refers to the temporary folder in the short path form. All Rights Reserved ThreatSearch: ThreatExpert's Statistics for Packed/RLPack [PC Tools]: Packed/RLPack [PC Tools] is also known as: Threat AliasNumber of Incidents Trojan.Vundo [Symantec]126 Vundo [McAfee]55 Trojan Horse [Symantec]54 Generic.dx [McAfee]42

C:\Documents and Settings\Louiz\Mes documents\Download\crack.exe -> Downloader.Adload.cw : No action taken. Celui ci a disparu? Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! It creates registry entries to enable its automatic execution at every system startup.

Checking for Winlogon reference. [07/15/2006, 14:30:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/15/2006, 14:30:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/15/2006, 14:30:47] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} () [07/15/2006, 14:30:47] - WARNING: BHO has Checking for Winlogon reference. [07/15/2006, 14:30:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/15/2006, 14:30:49] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/15/2006, 14:30:49] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object) [07/15/2006, 14:30:49] - ALERT: Found Elapsed time 00:00:05 14:33: Processing Startup Alerts 14:33: Allowed Startup entry: msnmsgr 14:39: Processing Startup Alerts 14:39: Allowed Startup entry: msnmsgr 14:47: | End of Session, samedi 15 juillet 2006 | ConHook [virus] infecté par trojan downloader conhook Infecté par 2 virus : Trojan-Downloader-Zlob (Résolu) Virus: Trojan-Downloader.Bagle et Email-Worm. (Résolu) Virus trojan downloader.wma wimad.l (Résolu) Utile +0 Signaler louiz 24Messages postés vendredi

All rights reserved. http://wpquickadminthemes.com/general/trojan-win32-conhook-i.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: (no R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Starting over... [07/15/2006, 14:30:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [07/15/2006, 14:30:48] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class) [07/15/2006, 14:30:48] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [07/15/2006, 14:30:48] - WARNING: BHO has

Zen.A, Perl/Exploit.Zone.A, Perl/Spyki.B, Perl/Termapp.A, PHP/Exploit.Deftool.A, PHP/Exploit.Deftool.B, PHP/Exploit.Deftool.C, PHP/Exploit.Inject.A, PHP/Exploit.Inject.B, PHP/Exploit.Inject.C, PHP/Exploit.Serv-U.15, PHP/Exploit.Small.A, PHP/Nucledor.B, PHP/PhpShell.A, REG/StartPage, Swart.B, Unix/Exploit.Local.A, Unix/Exploit.Vxcron.A, VBS/Agent.C, VBS/Bebop.B, VBS/DelFile.V, VBS/Exploit.Phel, VBS/Exploit.Phel.A, VBS/Exploit.Phel.AA, VBS/Exploit.Phel.AH, VBS/Exploit.Phel.AS, VBS/Exploit.Phel.AU, VBS/Exploit.Phel.AV, VBS/Exploit.Phel.B, VBS/Exploit.Phel.BG, VBS/Exploit.Phel.BI, Donnez votre avis Utile +0 Signaler louiz 24Messages postés vendredi 14 juillet 2006Date d'inscription 15 mai 2007 Dernière intervention 15 juil. 2006 à 14:37 Voilà, j'ai donc executé VirtumundoBegone, redemarré et Elapsed time 00:48:17 13:06: Traces Found: 29 13:53: Removal process initiated 13:53: Quarantining All Traces: trojan agent winlogonhook 13:53: Warning: Out of memory 13:53: Warning: Out of memory 13:53: Failed to have a peek here A+ Donnez votre avis Utile +0 Signaler louiz 24Messages postés vendredi 14 juillet 2006Date d'inscription 15 mai 2007 Dernière intervention 15 juil. 2006 à 18:31 ******** 17:58: | Start of Session,

Code: 8. Code: 8. Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.

Code: 8.

a+ Donnez votre avis Utile +0 Signaler louiz 24Messages postés vendredi 14 juillet 2006Date d'inscription 15 mai 2007 Dernière intervention 14 juil. 2006 à 23:45 Voilà, j'ai supprimé tous les fichiers iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Donnez votre avis Utile +0 Signaler Regis59 21192Messages postés mardi 27 juin 2006Date d'inscription Contributeur sécuritéStatut 22 juin 2016 Dernière intervention 14 juil. 2006 à 23:49 Salut Remet un HijackThis a+ Checking for Winlogon reference. [07/15/2006, 14:30:47] - Checking for HKLM\...\Winlogon\Notify\yayxuvu [07/15/2006, 14:30:47] - Found: HKLM\...\Winlogon\Notify\yayxuvu - This is probably Virtumundo. [07/15/2006, 14:30:47] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object [07/15/2006, 14:30:47] - BHO

Starting over... [07/15/2006, 14:30:47] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [07/15/2006, 14:30:47] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class) [07/15/2006, 14:30:47] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [07/15/2006, 14:30:48] - WARNING: BHO has Checking for Winlogon reference. [07/15/2006, 14:30:48] - Checking for HKLM\...\Winlogon\Notify\jkklm [07/15/2006, 14:30:48] - Found: HKLM\...\Winlogon\Notify\jkklm - This is probably Virtumundo. [07/15/2006, 14:30:48] - Assigning {861BD06F-4ABE-474A-9FFA-6872FCA98C34} MSEvents Object [07/15/2006, 14:30:48] - BHO Espace insuffisant pour traiter cette commande 12:49: Warning: Failed to read file "c:\program files\mozilla firefox\avg71f_395a764.exe". http://wpquickadminthemes.com/general/trojan-downloader-conhook.html Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast!

C:\Documents and Settings\Louiz\Local Settings\Temporary Internet Files\Content.IE5\YZSRQBQP\YazzleActiveX[1].cab/YazzleActiveX.ocx -> Adware.MediaTickets : No action taken. Antivirus Version Update Result AntiVir 6.35.0.21 07.15.2006 TR/PCK.Klone.G.14 Authentium 4.93.8 07.14.2006 no virus found Avast 4.7.844.0 07.14.2006 no virus found AVG 386 07.14.2006 no virus found BitDefender 7.2 07.15.2006 no virus Donnez votre avis Utile +0 Signaler Regis59 21192Messages postés mardi 27 juin 2006Date d'inscription Contributeur sécuritéStatut 22 juin 2016 Dernière intervention 15 juil. 2006 à 13:15 Re, Indique t il un Donnez votre avis Utile +0 Signaler Regis59 21192Messages postés mardi 27 juin 2006Date d'inscription Contributeur sécuritéStatut 22 juin 2016 Dernière intervention 15 juil. 2006 à 14:45 Fixe ceci O3 - Toolbar: