Trojan horse back door.agent.2.h

Excuse moi pour l'oubli du bonjour mon ami... le coeur y est
C'est la fatigue. Vivement les vacances !!!
Bon je vais faire ce que tu m'as dit. @+

re salut ball trap. Voici le résultat !!???
Merci encore Scan started at 22/07/2004 23:11:36

Scanning memory...
Scanning boot sectors...
Scanning files...

Scanned
============================
Objects: 21807
Directories: 1622
Archives: 466
Size(Kb): 408578
Infected files: 0

Found
============================
Viruses found: 0
Suspicious files: 0
Disinfected files: 0
Mail files: 53

Bonjour "Balltrap34".
J'ai vu sur le site que tu était calé en amtière de virus, et je me retourne vers toi afin que tu puisses m'aider à le résoudre.
Mon système est un XP Pro.

j'ai un gros souci de virus qui est le suivant:
"Trojan Horse IRC/Backdoor.SDBOT.75.2.
J'ai suivi sur le forum quels étaient les démarches à suivre

merci de m'aider car je suis perdu...

Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0022\*.*
Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0022\DriverFiles\*.*
Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0022\DriverFiles\i386\*.*
Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0023\*.*
Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0023\DriverFiles\*.*
Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0020\*.*
Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0020\DriverFiles\*.*
Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0020\DriverFiles\i386\*.*
Tue Dec 07 12:57:55 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0024\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0024\DriverFiles\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0024\DriverFiles\i386\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0026\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0026\DriverFiles\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0026\DriverFiles\i386\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0027\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0027\DriverFiles\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0025\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0025\DriverFiles\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0029\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0029\DriverFiles\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\ReinstallBackups\0029\DriverFiles\i386\*.*
Tue Dec 07 12:57:56 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\Defaults\*.*
Tue Dec 07 12:58:00 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\Futuremark\*.*
Tue Dec 07 12:58:00 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\Futuremark\MSC\*.*
Tue Dec 07 12:58:00 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\NtmsData\*.*
Tue Dec 07 12:58:00 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\appmgmt\*.*
Tue Dec 07 12:58:00 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\appmgmt\S-1-5-21-1004336348-573735546-682003330-1003\*.*
Tue Dec 07 12:58:00 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\appmgmt\MACHINE\*.*
Tue Dec 07 12:58:00 2004 => Scanning Folder: C:\WINDOWS\SYSTEM32\appmgmt\S-1-5-21-823518204-1958367476-839522115-1003\*.*

Tue Dec 07 12:58:00 2004 => ***** Checking for specific ITW Viruses *****
Tue Dec 07 12:58:00 2004 => Checking for Welchia Virus...
Tue Dec 07 12:58:00 2004 => Checking for LovGate Virus...
Tue Dec 07 12:58:00 2004 => Checking for CodeRed Virus...
Tue Dec 07 12:58:00 2004 => Checking for OpaServ Virus...
Tue Dec 07 12:58:00 2004 => Checking for Sobig.e Virus...
Tue Dec 07 12:58:00 2004 => Checking for Winupie Virus...
Tue Dec 07 12:58:00 2004 => Checking for Swen Virus...
Tue Dec 07 12:58:00 2004 => Checking for JS.Fortnight Virus...
Tue Dec 07 12:58:00 2004 => Checking for Novarg Virus...
Tue Dec 07 12:58:00 2004 => Checking for Pagabot Virus...
Tue Dec 07 12:58:00 2004 => Checking for Parite.b Virus...
Tue Dec 07 12:58:00 2004 => Checking for Parite.a Virus...

Tue Dec 07 12:58:00 2004 => ***** Scanning complete. *****
Tue Dec 07 12:58:00 2004 => Total Files Scanned: 43816
Tue Dec 07 12:58:00 2004 => Total Virus(es) Found: 6
Tue Dec 07 12:58:00 2004 => Total Disinfected Files: 0
Tue Dec 07 12:58:00 2004 => Total Files Renamed: 0
Tue Dec 07 12:58:00 2004 => Total Deleted Files: 0
Tue Dec 07 12:58:00 2004 => Total Errors: 97
Tue Dec 07 12:58:00 2004 => Time Elapsed: 00:46:26
Tue Dec 07 12:58:00 2004 => Virus Database Date: 2004/12/06
Tue Dec 07 12:58:00 2004 => Virus Database Count: 111591

Tue Dec 07 12:58:00 2004 => Scan Completed.

salut !
j'ai suivi les instructions données par baltrap34, j'ai fait le scan et voici le resultat :

Scan started at 14/09/2005 11:23:02

Scanning memory...
process://C:\PROGRA~1\COMMON~1\zkfi\zkfim.exe - TrojanDownloader:Win32/TSUpdate.K -> Infected
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\cnipre\Local Settings\Temp\00V8BM.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\0BJeK6.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\1uHSkB.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\2MhV6e.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\57QEkr.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\7Hvc6G.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\7kABs7.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\7rjB44.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\8N3vRx.exe - TrojanDownloader:Win32/IstBar -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temp\8Sv0G6.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\AcjDrG.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\bb.exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temp\BdRZdK.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\buymt3.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\bW9oOE.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\CaKr8v.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\CQr9G4.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\D0qoCx.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\dJbwBg.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\DNqCb1.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\dRpTpA.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\DSA0fB.exe - TrojanDownloader:Win32/IstBar -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temp\dur18W.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\dVqXki.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\Dw70Rd.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\DX84Bh.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\EMaYrV.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\ENcron.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\EPSEfo.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\etemyk.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\EyeyZi.exe - TrojanDownloader:Win32/IstBar -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temp\EZpM86.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\fbFTAe.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\FcqVLw.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\GCu8MF.exe - TrojanDownloader:Win32/IstBar -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temp\GFmi3a.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\gHQ4bf.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\GuJLj5.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\GYgVaG.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\HCIcuu.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\HE7u5C.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\iFOD2Z.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\IkfSkB.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\ISbWgJ.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\IyR0Tq.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\j3py8e.exe - TrojanDownloader:Win32/IstBar -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temp\jG0ofa.exe - TrojanDownloader:Win32/IstBar -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temp\jjyaXJ.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\lcfdrv.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\leUKky.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\LhGe0M.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\LUX8CF.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\mgDsew.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\MUKo4J.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\OdSLRZ.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\oNCxDe.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\pilTZy.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\qHNJ9x.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\rLFBJX.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\RUeYET.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\sRSDoe.exe - TrojanDownloader:Win32/IstBar -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temp\TQjGp4.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\VA4SfF.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\vxI5ma.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\wb8CBa.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\xPvacp.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\yuJneX.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\YvFHHE.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temp\Zjd5Ch.exe - TrojanDownloader:Win32/IstBar -> Suspicious
C:\Documents and Settings\cnipre\Local Settings\Temporary Internet Files\Content.IE5\6HMR4PUF\bb[1].exe - TrojanDownloader:Win32/Adload.E -> Infected
C:\Documents and Settings\cnipre\Local Settings\Temporary Internet Files\Content.IE5\FBLF75WW\istrecover[1].exe - TrojanDownloader:Win32/IstBar.IJ -> Infected
C:\Program Files\Common Files\zkfi\zkfim.exe - TrojanDownloader:Win32/TSUpdate.K -> Infected
C:\WINDOWS\dwvgt.exe - TrojanDownloader:Win32/IstBar.IJ -> Infected
C:\WINDOWS\eloawkb.exe - TrojanDownloader:Win32/IstBar.IJ -> Infected
C:\WINDOWS\jnmrrjxa.exe - TrojanDownloader:Win32/IstBar.IJ -> Infected
C:\WINDOWS\obacbat.exe - TrojanDownloader:Win32/IstBar.IJ -> Infected
C:\WINDOWS\qquggpts.exe - TrojanDownloader:Win32/IstBar.IJ -> Infected
C:\WINDOWS\woelks.exe - TrojanDownloader:Win32/IstBar.IJ -> Infected
C:\WINDOWS\xgiqr.exe - TrojanDownloader:Win32/IstBar.IJ -> Infected
C:\WINDOWS\system32\bling.exe - Backdoor:Win32/Sdbot -> Infected
C:\WINDOWS\system32\drivers\etc\hosts - Trojan:Win32/Qhost.F* -> Infected
C:\WINDOWS\system32\drivers\etc\hosts.msn - Trojan:Win32/Qhost.F* -> Infected

Scanned
============================
Objects: 42881
Directories: 2792
Archives: 1979
Size(Kb): -797555
Infected files: 22

Found
============================
Viruses found: 7
Suspicious files: 61
Disinfected files: 0
Mail files: 287

ca a l'air grave je crois !!
est ce que vous pouvez m'aidez a m'en debarasser en me disant ce que je dois faire svp ??!! merci d'avance , j'attends votre reponse le plutot possible

Re
je vais attendre qu'il me le resorte pour te dire le chemin, si je ne l'ai pas éradiqué.
Dans tout les cas je te tiens au courant.
Bonne soirée à toi et @ + tard

Merci

sALUT BALL TRAP 34
J'ai rouvert mon ordi aujourd'hui et toujours rien ??!!!
Bon ben tant mieux s'il n'est plus là.
Je reste vigilant et te recontacte s'il revient.
Bonne journée @+

bonsoir et merci de me répondre

a part ce que je t'ai envoyé le reste c'est le détail de toutes les directories dans le doute voici les fichiers infectés:DATA sur serveur (portable)\OUTLOOK\lisa.pst->Attachment.2087: "terme.pif" - Win32/Magistr.B@mm -> Infected
\OUTLOOK\Lisa.pst->Attachment.1888: "terme.pif" - Win32/Magistr.B@mm -> Infected
(Untitled)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
(Untitled)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
: (Untitled)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
->Message.10: (Untitled)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
OUTLOOK\lisa.pst->Attachment.2191: "terme.pif" - Win32/Magistr.B@mm -> Infected
\PROCEDURE CABINET.dbx->Message.10: (Untitled)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
dbx->Message.10: (Untitled)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected
: (Untitled)->(part0002:terme.pif) - Win32/Magistr.B@mm -> Infected


les autres sont suivis de la mention suivante: \DATA sur serveur (portable)\OUTLOOK\20_EML.vir - Win32/Nimda.eml -> Suspicious

J'utilise AVG qui m'a indiqué en date du 11/08/2004
VIRUS INFECCTION DETECTED!!!
detais sur trois fichiers : back door.agent.2.h
Question cette antivirus est-il fiable?

puis plusieur fois dans la journée ceci:
c:\system volume information\restore(4711C735-CD7C-43DE-A19E-C4B81406B432]\RP308\A0090935.exe
to remove thisvirus,please run AVG for windows
en haut de la fenetre : AVG resident schield

Voila toute l'histoire désolé pour la contrainte d'une aussi longue lecture!!
bonne réception
pat

Bonjour
il faut que je suprime toute la masagerie ou mail ,par mail?
de plus connaissant mes fichiers ils y en a dans word!!
désolé je suis néophite en informatique...
merci encore de ton aide
pat