Home > General > Win32:[email protected]

Win32:[email protected]

rapport Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:12:20, on 26.05.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Do a File, Exit and answer 'Yes' to save changes.A caution - Do not run Combofix more than once. C:\Users\AURLIE~1\AppData\Loca​l\Temp\YabHNXbc.ini2 moved successfully. http://quodsoftware.com/general/win32-vundo-aat.html

Win32/Vundo may also inject its code into the following processes if they are found to be running on your computer, possibly to stop or alter the functionality of the process, which may File move failed. Sign in AccountManage my profileView sample submissionsHelpMalware Protection CenterSearchMenuSearch Malware Protection Center Search Microsoft.com Search the Web AccountAccountManage my profileView sample submissionsHelpHomeSecurity softwareGet Microsoft softwareDownloadCompare our softwareMicrosoft Security EssentialsWindows DefenderMalicious Software Win32/Vundo might modify the following registry entry to load the newly created DLL whenever you start your PC or Internet Explorer: In subkey: HKLM\SOFTWARE\Classes\CLSID\Sets value: "InprocServer32"With data: "

Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google rawprawn 10:49 20 May 08 Try this online scanclick here birdface 10:50 20 May 08 Maybe try this.click here dgoldy 11:02 20 May 08 will try rawprawn's link first, Veuillez lire l'article suivant : http://forum.telecharger.01net [...] ges-1.html Merci d'en prendre connaissance.

al1-loPosté le 27/05/2008à15:19:18 bjr a ts depuis kelke jour g un virus type Vundo qui est signalé par mon Note : Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt. @+

(Publicité) aureggaeli​en Posté le 27/05/2008à21:14:17 Merci beaucoup.

Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_422​3_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.ex​e O23 - Service: FLEXnet Licensing Service - Macrovision Europe Moderates web browsing Trojan:Win32/Vundo.LN!dll may redirect the affected user's web browser to a malicious website. Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast!

AV: avast! Live -- Registry Dump ------------------------------​------------------------------​--- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDDF3383-EC5F-49DF-A8B6-CEC2D8F6164C}] C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolba​r.dll [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser] "{C75C8E7E-5059-4469-AC11-D754​4B260382}"= C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolba​r.dll [ ] Top Threat behavior Trojan:Win32/Vundo.LN!dll is a generic detection for a component of Win32/Vundo - a multiple-component family of programs that deliver 'out of context' pop-up advertisements. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FVundo.IB!dll dgoldy 10:46 20 May 08 When i tried to move this file into quarantine, i received an error message.To scared to delete the file cos i don't think my PC will

It should be noted that autorun.inf files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation media. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. Prevention Take these steps to help prevent infection on your computer. Variants of the family have also been observed using encryption techniques in order to obfuscate their communication with remote sites, including Trojan:Win32/Vundo.AX, Trojan:Win32/Vundo.BH, and Trojan:Win32/Vundo.FZ.

Variants of Win32/Vundo might use dropper or downloader executable components, which might be detected with the following names: Trojan:Win32/Vundo.gen!AW Trojan:Win32/Vundo.HIY Trojan:Win32/Vundo.OD Trojan:Win32/Vundo.QA TrojanDropper:Win32/Vundo.A TrojanDropper:Win32/Vundo.B TrojanDownloader:Win32/Vundo TrojanDownloader:Win32/Vundo.J We have observed the dropper I then went to bed.I got up this morning, and got the same message about a trojan, here is a screenshot of it: http://img151.imageshack.us/img151/4435/arrrol7.jpgHere is my Hijackthis log:Logfile of Trend Micro Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! C:\Users\AURLIE~1\AppData\Loca​l\Temp\YabHNXbc.ini moved successfully.

This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.  What to do now  The following Microsoft software detects and removes this threat: Microsoft Security Essentials or, for Windows this contact form Modifies browser behavior Variants of the family, such as Trojan:Win32/Vundo.K, might redirect certain URLs to others of their own choosing, including search engines such as webvolta.ru. Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast!

This family uses advanced defensive and stealth techniques to escape detection and to hinder removal. There is more information about returning an infected PC to its pre-infected state in the following articles: Resetting your computer's security settings to default Stopping and starting Windows services:  For Windows 7 For They can also disable pop-ups from certain advertising-related or advertising-supported sites when you visit them, such as the following: ads.180solutions.com ads.doubleclick.net ads1.revenue.net ads2.revenue.net banners.pennyweb.com images.trafficmp.com search.ebay.com web.ask.com www2.yesadvertising.com yahoo.com z1.adserver.com Win32/Vundo also disables have a peek here iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast!

C:\Users\AURLIE~1\AppData\Loca​l\Temp\tmp00018121 moved successfully. Total Physical Memory: 1023 MiB (1024 MiB recommended). -- HijackThis (run as Aurélien.exe) ------------------------------​-------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:02:43, on 27/05/2008 Platform: Windows Vista (WinNT 6.00.1904) Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

nos

En vous remerciant d'avance.

All Rights Reserved. kelkun peut il m'aider. Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_422​3_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.ex​e O23 - Service: FLEXnet Licensing Service - Macrovision Europe Win32:[email protected] Started by Maine_IT_Guy , Jun 04 2008 05:54 PM This topic is locked 2 replies to this topic #1 Maine_IT_Guy Maine_IT_Guy Members 1 posts OFFLINE Local time:08:13 PM Posted

Hijackthis log below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:43, on 6/4/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil I tried it twice, and got a blue screen both times. · actions · 2008-May-28 10:54 am · (locked) CajunTekInsane CajunPremium Memberjoin:2003-08-08Arlington, TX CajunTek Premium Member 2008-May-28 12:23 pm Let's try S'inscrire maintenant Vous n'êtes pas encore membre ? http://quodsoftware.com/general/win32-vundo-genh.html C:\Users\AURLIE~1\AppData\Loca​l\Temp\jusched.log moved successfully.

Why should I update my software? iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! These files may include updates or additional components.   Stops security services Variants of Win32/Vundo may end or stop services associated with the following security-related applications: Ad-Aware Microsoft Giant/Antispyware (this is an C:\Users\AURLIE~1\AppData\Loca​l\Temp\cbXNHbaY.dll scheduled to be moved on reboot.

Pour plus d’informations, consultez les données suivantes : %PC-de-Aurélien275 ID d’analyse : {C5207BD8-09ED-4BDC-A7B1-2C2A2​F99D86B} Utilisateur : PC-de-Aurélien\Aurélien Nom : %PC-de-Aurélien271 ID : %PC-de-Aurélien272 ID de gravité : Everyone else please begin a New Topic. Windows Internal Firewall is enabled.