Re bonsoir plutôt je viens de finir un antivirus en ligne qui lui me dirais plus que c'est: W32/Bagle.HX.worm
Le logiciel en ligne est :Panda total scan.il met des truc sur se virus mais c'est en anglais et j'y comprend rien non plus.. je vous le met quand même..
w32/bagle.hx.w... Virus Latent Hide + Info
c:\windows\system32\wintems.exe
hkey_current_user\software\datetime4
En détail technique y mette sa:
Effects
Bagle.HX carries out the following actions:
It has rootkit functionalities, which allow it to hide files, processes and Windows Registry entries.
It attempts to disable the following services:
A
Aavmker4, ABVPN2K, ADBLOCK.DLL, ADFirewall, AFWMCL, Ahnlab, alerter, AlertManger, AntiVir, AntiyFirewall, ARP.DLL, aswMon2, aswRdr, aswTdi, aswUpdSv, Ati, avast!, AVEService, AVExch32Service, AvFlt, Avg7Alrt, Avg7Core, Avg7RsW, Avg7RsXP, Avg7UpdSvc, AvgCore, AvgFsh, AVGFwSrv, AvgFwSvr, AvgServ, AvgTdi, AVIRAMailService, AVIRAService, avpcc, AVUPDService, AVWUpSrv, AvxIni, awhost32.
B
backweb, BackWeb, Bdfndisf, bdftdif, bdss, BlackICE, BsFileSpy, BsFirewall, BsMailProxy.
C
CAISafe, ccEvtMgr, ccPwdSvc, ccSetMgr, ccSetMgr.exe, CONTENT.DLL.
D
DefWatch, DNSCACHE.DLL, drwebnet, dvpapi, dvpinit.
E
ewido.
F
firewall, F-Prot, fsbwsys, FSDFWD, F-Secure, FSFW, FSMA, FTPFILT.DLL, FwcAgent, fwdrv.
G
Guard.
H
HSnSFW, HSnSPro, HTMLFILT.DLL, HTTPFILT.DLL.
I
IMAPFILT.DLL, InoRPC, InoRT, InoTask, Ip6Fw, Ip6FwHlp.
K
KAVMonitorService, KAVSvc, KLBLMain, KPfwSvc, KWatch3, KWatchSvc.
M
MAILFILT.DLL, McAfee, McAfeeFramework, McShield, McTaskManager, mcupdmgr.exe, MCVSRte, Microsoft, MonSvcNT, MpfService.
N
navapsvc, NDIS_RD, Ndisuio, Network, nipsvc, NISSERV, NISUM, NNTPFILT.DLL, NOD32ControlCenter, NOD32krn, NOD32Service, Norman, Norton, NPDriver, NPFMntor, NProtectService, NSCTOP, nvcoas, NVCScheduler, nwclntc, nwclntd, nwclnte, nwclntf, nwclntg, nwclnth, NWService.
O
OfcPfwSvc, Outbreak, Outpost, OutpostFirewall.
P
PASSRV, PAVAGENTE, PavAtScheduler, PAVDRV, PAVFIRES, PAVFNSVR, Pavkre, PavProc, PavProt, PavPrSrv, PavReport, PAVSRV, PCC_PFW, PCCPFW, PersFW, Personal, POP3FILT.DLL, PREVSRV, PROTECT.DLL, PSIMSVC.
Q
qhwscsvc, Quick.
R
ravmon8, RfwService.
S
SAVFMSE, SAVScan, SBService, schscnt, SECRET.DLL, SharedAccess, SmcService, SNDSrvc, SPBBCSvc, SpiderNT, SweepNet, SWEEPSRV.SYS, Symantec.
T
T_H_S_M, The_Hacker_Antivirus, tm_cfw, Tmntsrv, TmPfw, tmproxy, tmtdi.
V
V3MonNT, V3MonSvc, Vba32ECM, Vba32ifs, Vba32Ldr, Vba32PP3, VBCompManService, VexiraAntivirus, VFILT, VisNetic, vrfwsvc, vsmon, VSSERV.
W
WinAntivirus, WinRoute, wuauserv, wuauserv.
X
xcomm.
These services belong to several security tools, such as antivirus programs and firewalls, among others.
It attempts to download a file from the following websites:
http://8marta.ru/img/path
http://asvt.ru/images
http://avistrade.ru/prog/img/proizvod
http://calimasurf.com/images/base/orig
http://celebrationsinspain.com/images
http://coral-adventures.com/images
http://dearruthie.com/images
http://dmax.ru/images
http://efpa-eg.net/images
http://ferrumcomp.ru/images
http://financialbusiness.ca/images
http://golden-ring.net/images
http://goodbathscents.com/images
http://jamminjo.com/images
http://kmold.biz/images
http://kokon.com/images
http://komt.ru/images
http://magian.ru/images
http://merkur-akademie.de/images
http://mir-vesov.ru/p/lang/CVS
http://monomah-city.ru/vakans
http://nakorable.ru/htdocs/img
http://optimsasia.com/images
http://pvcps.ru/images
http://raz-naraz.wz.cz/html/fanklub
http://redshop.ru/images
http://roszvetmet.com/images
http://schiffsparty.de/bilder/uploads
http://sdom.ru/images
http://service6.valuehost.ru/images
http://spbso.ru/images
http://stroyindustry.ru/service/construction
http://tarkan.ru/images
http://transaerotours.ru/img
http://trehrechie.ru/images
http://turnstylesticketing.com/images
http://twilightzone.cz/distro
http://vladzernoproduct.ru/control/sell/t
http://vniipo.ru/images/_notes
http://voelckergmbh.de/images
http://vserozetki.ru/images
http://vtr-spb.ru/fp/mikrobus/gazel
http://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau
http://www.belteh.ru/images/ludi
http://www.bmblawfirm.com/images
http://www.deadlygames.de/DG/BF/BF-Links/clans
http://www.emil-zittau.de/karten
http://www.enertelligence.com/playitsafe/images
http://www.enkor.ru/images
http://www.etype.hostingcity.net/mysql_admin_new/images
http://www.g-antssoft.com/images/icon/jpg/blog
http://www.ipromocionales.com/images
http://www.katjas-reisen.de/blog/images/colors
http://www.levada.ru/htmlarea/images
http://www.mirage.ru/sport/omega/pic/omega
http://www.moscowapartments.ru/images/_vti_cnf
http://www.ordendeslichts.de/intern
http://www.pechki.ru/images
http://www.rhone.ch/images
http://www.zdom.ru/images
This file could be of any nature, including malware.
Infection strategy
Bagle.HX creates the following files:
HIDR.EXE, in C:\Documents and Settings\%username%\Application Data\hidires. This file is a copy of the worm.
For further references, the variable %path% will be used instead of the full name.
M_HOOK.SYS, in %path%. This file is detected as Rootkit/Akill.
WINTEMS.EXE in the Windows system directory.
Bagle.HX creates the following entries in the Windows Registry:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
drvsyskit = %path%\hidr.exe
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
german.exe = %sysdir%\wintems.exe
where %sysdir% is the Windows system directory.
By creating these entries, Bagle.HX ensures that it is run whenever Windows is started.
HKEY_CURRENT_USER\ SOFTWARE\ DateTime4
port=5b7e
HKEY_CURRENT_USER\ SOFTWARE\ DateTime4
wdrn=1
HKEY_CURRENT_USER\ SOFTWARE\ DateTime4
uid= <random>
Bagle.HX creates the following path in the Windows Registry:
HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ m_hook
with the necessary entries in order to register itself as a system service.
This service provides the worm with rootkit functionalities, which allow it to hide files, processes and Windows Registry entries.
Further Details
Bagle.HX is written in the programming language Visual C++. This worm is 15,876 bytes in size.
En solution y mette sa:
How to remove Bagle.HX?
As Bagle.HX uses rootkit techniques in order to hide its files and Windows Registry entries, it is necessary to follow the routine below in order to eliminate it:
Restart the computer in the Safe mode. This way, all the files and Windows Registry entries will be visible, as the rootkit is not activated.
Then, carry out an analysis with Panda Antivirus or Panda ActiveScan and eliminate it by following the program's instructions.
Additional notes:
After deleting this malware by following the specified steps, if your computer runs Windows Millennium, click here to find out how to eliminate it from the _Restore folder.
After deleting this malware by following the specified steps, if your computer runs Windows XP, click here to find out how to eliminate it from the _Restore folder.
How can I protect my computer from Bagle.HX?
In order to keep your computer protected, bear the following tips in mind:
Panda Software's TruPreventTM Technologies detected and successfully blocked Bagle.HX, without prior knowledge of the malicious code.
Install a good antivirus in your computer. Click here to get the Panda antivirus solution that best suits your needs.
Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
Keep your permanent antivirus protection enabled at all times.
For more detailed information about how to protect your computer against viruses and other threats, click here.
En faite je vien de voir j'en ais plein je sais plus quoi faire...
Anti virus gratuit
