Se connecter / S'enregistrer
Votre question

Cheval de Troie Win32:Delf-Pz

Tags :
  • en quarantaine
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Août 2007 22:08:11

Bonjour à tous.
Je suis présentement infecté par un cheval de troie Win32:D elf-Pz dans le fichier Windows\system32\dxdllreg.exe

Il me cause beaucoup d'ennuies: Modification du registre, accès au registre, disparition du bouton arrêter, mais surtout, perte de l'administration en mode normal et même en mode SANS ÉCHEC.

Il m'empèche d'installer kaspersky (essai gratuit) ET Zeb-Restore(je n'ai pas l'autorisation de l'administrateur!)

Avast ne peut le mettre en quarantaine (Le serveur de la zone de quarantaine n'est pas actif.Echec de la communication RPC.)

Norton ne le détecte pas (étonnat :lol:  )

Il fait planter mon ordi en mode normal en 30 secondes.

J'ai lu beaucoup de messages sur plusieurs forums et là je commence à perdre mes moyens.

Quelqu'un peut m'aider?

Autres pages sur : cheval troie win32 delf

9 Août 2007 22:12:03

Comme Antivirus je te conseil Avira Antivir ;) 
Contenus similaires
9 Août 2007 22:28:12

Merci mais Black Lite ne semble pas fonctionner en mode sans écec (seul interface possible pour l'instant)
9 Août 2007 23:06:14

Merci pour la désinstallation de Norton.

Voici un premier rapport d'Antivir lorsque j'ai scanné le dossier system



AntiVir PersonalEdition Classic
Report file date: 9 août 2007 16:57

Scanning for 740715 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: AMOUREUX

Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 17:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 17:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 17:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 17:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 19:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 19:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 19:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 19:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 19:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 15:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 17:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 13:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 14:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 17:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 16:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 16:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 15:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 17:42:42

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 9 août 2007 16:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '7' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\dxdllreg.exe~
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '471f8077.qua'!
C:\WINDOWS\system32\xpdx.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: 9 août 2007 17:00
Used time: 02:25 min

The scan has been done completely.

208 Scanning directories
6476 Files were scanned
1 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
6475 Files not concerned
4 Archives were scanned
2 Warnings
0 Notes
0 Hidden objects were found

_____________________

Il est maintenant en quarentaine.
Que faire ???
9 Août 2007 23:34:13

Voici le nouveau rapport de scan COMPLET cette fois-ci.



AntiVir PersonalEdition Classic
Report file date: 9 août 2007 17:02

Scanning for 740715 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: AMOUREUX

Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 17:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 17:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 17:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 17:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 19:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 19:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 19:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 19:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 19:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 15:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 17:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 13:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 14:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 17:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 16:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 16:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 15:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 17:42:42

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 9 août 2007 17:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '7' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\xpdx.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: 9 août 2007 17:33
Used time: 30:44 min

The scan has been done completely.

5895 Scanning directories
433019 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
433019 Files not concerned
4327 Archives were scanned
3 Warnings
0 Notes
0 Hidden objects were found

10 Août 2007 00:04:26

Bon, entre temps, j'ai réussi à règler mon problème d'administration.

Une idée de génie m'est venue. Je me suis créé un nouveau compte utilisateur administrateur. (sa fonctionne :D )
Puis j'ai utilisé Zeb-Restore

All right!
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS