Cheval de Troie Win32:Delf-Pz
Dernière réponse : dans Sécurité
Bonjour à tous.
Je suis présentement infecté par un cheval de troie Win32![:D]( ":D")
elf-Pz dans le fichier Windows\system32\dxdllreg.exe
Il me cause beaucoup d'ennuies: Modification du registre, accès au registre, disparition du bouton arrêter, mais surtout, perte de l'administration en mode normal et même en mode SANS ÉCHEC.
Il m'empèche d'installer kaspersky (essai gratuit) ET Zeb-Restore(je n'ai pas l'autorisation de l'administrateur!)
Avast ne peut le mettre en quarantaine (Le serveur de la zone de quarantaine n'est pas actif.Echec de la communication RPC.)
Norton ne le détecte pas (étonnat![:lol:]( ":lol:")
)
Il fait planter mon ordi en mode normal en 30 secondes.
J'ai lu beaucoup de messages sur plusieurs forums et là je commence à perdre mes moyens.
Quelqu'un peut m'aider?
Je suis présentement infecté par un cheval de troie Win32
elf-Pz dans le fichier Windows\system32\dxdllreg.exeIl me cause beaucoup d'ennuies: Modification du registre, accès au registre, disparition du bouton arrêter, mais surtout, perte de l'administration en mode normal et même en mode SANS ÉCHEC.
Il m'empèche d'installer kaspersky (essai gratuit) ET Zeb-Restore(je n'ai pas l'autorisation de l'administrateur!)
Avast ne peut le mettre en quarantaine (Le serveur de la zone de quarantaine n'est pas actif.Echec de la communication RPC.)
Norton ne le détecte pas (étonnat
)Il fait planter mon ordi en mode normal en 30 secondes.
J'ai lu beaucoup de messages sur plusieurs forums et là je commence à perdre mes moyens.
Quelqu'un peut m'aider?
Autres pages sur : cheval troie win32 delf
Lassé par la pub ? Créez un compte
Bonsoir,
Comme le conseil cammino, désinstal Norton suis ce lien car il est pas commode à virer :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
Ensuite prend Antivir comme anti-virus :
http://www.malekal.com/tutorial_antivir.php
Tuto + guide pour une bonne instal
Ensuite fait une analyse en mode sans echec avec antivir et poste le rapport
Comme le conseil cammino, désinstal Norton suis ce lien car il est pas commode à virer :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
Ensuite prend Antivir comme anti-virus :
http://www.malekal.com/tutorial_antivir.php
Tuto + guide pour une bonne instal
Ensuite fait une analyse en mode sans echec avec antivir et poste le rapport
Merci pour la désinstallation de Norton.
Voici un premier rapport d'Antivir lorsque j'ai scanné le dossier system
AntiVir PersonalEdition Classic
Report file date: 9 août 2007 16:57
Scanning for 740715 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: AMOUREUX
Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 17:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 17:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 17:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 17:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 19:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 19:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 19:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 19:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 19:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 15:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 17:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 13:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 14:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 17:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 16:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 16:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 15:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 17:42:42
Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 9 août 2007 16:57
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '7' files ).
Starting the file scan:
Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\dxdllreg.exe~
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '471f8077.qua'!
C:\WINDOWS\system32\xpdx.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: 9 août 2007 17:00
Used time: 02:25 min
The scan has been done completely.
208 Scanning directories
6476 Files were scanned
1 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
6475 Files not concerned
4 Archives were scanned
2 Warnings
0 Notes
0 Hidden objects were found
_____________________
Il est maintenant en quarentaine.
Que faire ???
Voici un premier rapport d'Antivir lorsque j'ai scanné le dossier system
AntiVir PersonalEdition Classic
Report file date: 9 août 2007 16:57
Scanning for 740715 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: AMOUREUX
Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 17:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 17:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 17:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 17:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 19:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 19:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 19:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 19:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 19:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 15:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 17:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 13:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 14:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 17:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 16:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 16:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 15:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 17:42:42
Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 9 août 2007 16:57
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '7' files ).
Starting the file scan:
Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\dxdllreg.exe~
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '471f8077.qua'!
C:\WINDOWS\system32\xpdx.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: 9 août 2007 17:00
Used time: 02:25 min
The scan has been done completely.
208 Scanning directories
6476 Files were scanned
1 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
6475 Files not concerned
4 Archives were scanned
2 Warnings
0 Notes
0 Hidden objects were found
_____________________
Il est maintenant en quarentaine.
Que faire ???
Voici le nouveau rapport de scan COMPLET cette fois-ci.
AntiVir PersonalEdition Classic
Report file date: 9 août 2007 17:02
Scanning for 740715 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: AMOUREUX
Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 17:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 17:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 17:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 17:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 19:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 19:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 19:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 19:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 19:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 15:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 17:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 13:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 14:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 17:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 16:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 16:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 15:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 17:42:42
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 9 août 2007 17:02
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '7' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\xpdx.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: 9 août 2007 17:33
Used time: 30:44 min
The scan has been done completely.
5895 Scanning directories
433019 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
433019 Files not concerned
4327 Archives were scanned
3 Warnings
0 Notes
0 Hidden objects were found
AntiVir PersonalEdition Classic
Report file date: 9 août 2007 17:02
Scanning for 740715 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: AMOUREUX
Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 17:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 17:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 17:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 17:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 19:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 19:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 19:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 19:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 19:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 15:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 17:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 13:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 14:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 17:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 16:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 16:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 15:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 17:42:42
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 9 août 2007 17:02
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '7' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\xpdx.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: 9 août 2007 17:33
Used time: 30:44 min
The scan has been done completely.
5895 Scanning directories
433019 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
433019 Files not concerned
4327 Archives were scanned
3 Warnings
0 Notes
0 Hidden objects were found
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumCheval de troie win32 small.eo
- ForumAidez-moi cheval de troie win32
- ForumCheval de troie win32 delf-kmp trj
- ForumCheval de troie win32
- ForumCheval de troie win32 tratbho
- ForumInfection par cheval de troie win32
- ForumCheval de troie win32 agent.obh.
- ForumCheval de troie win32 sdbot-gen44
- ForumCheval de troie win32 fasec trj
- ForumVirus cheval de troie win32
- Voir plus
