AntiGuide: trojanADV



PagePrincipale :: DerniersChangements :: ParametresUtilisateur :: Vous êtes 216.73.216.8 :: Signaler un abus :: le: 20250603 17:08:15
20080905, voir la saga à BilanFF30

EN FAIT FAUTE DE TREND, lire: TrendReparer20080905

la suite pour info...
4 machines Xp pro, session admin, pas de mot de passe, en plus outlook et Internet Explorer,
protégées par Pc-Cillin attaquées, depuis 3 ne démarrent plus
observations
- clé run du registre vide pas absolument certain
- nouvelle tâche ne trouve pas explorer, àprès copie, se lance, mais seulement après reboot pour donner le bouton démarer
- ok pour nouvelle tâche cmd.exe
- impossible de lancer ntbackup ni gestionnaire de disque (servicer RPC indisponible)
debrieffing
Pc-Cillin a mis en quarantaine le fichier explorer.exe qui a du être infecté, @ confirmer en regardant ses log
réparation
- remis c:\windows\exporer.exe venant d'un Xp de même génération (5.1.2600)

pages récentes sur google, à la question: troj generic adv, 500000 réponses, dont:
lu: http://forums.techguy.org/malware-removal-hijackthis-logs/747072-troj-generic-adv.html
en se limitant à ces 7 derniers jouire, 900 réponses
celui là ressemble: http://www.bleepingcomputer.com/forums/topic167568.html , il dit :
Ok heres the situation, I went to sleep, and when i woke up, trend micro anti-virus had a message up saying:

"To remove a trojan horse program we need to restart the computer.
Trojan name: TROJ Generic.ADV
Restart now | Restart Later"
I had no idea how it could find a virus while i wasn't doing anything, but i clicked restart now. When it was back up, it said "Libeay32?.dll was not found, please try re-installing the program." at the top of that was the name "sprtcmd.exe"
Now everytime i try to run spy sweeper it does a physical memory dump.
Trend-Micro Anti-Virus found TROJ Generic.ADV in 4 files:
wextract.exe
Swsupport.dll
Microsoft office Activation
and libeay32.dll

PLEASE HELP!!!!
un autre http://forums.cnet.com/5208-6035_102-0.html?forumID=32&threadID=237645 dit:
Trojan.Generic.Adv
by tnd_ice - 3/10/07 8:38 AM

Recently, my Trend Micro PC-cillin virus program found Trojan.Generic.Adv. The virus program couldn't remove all of it. The location of the file is in Docs & Settings/Local Settings/Temp. I now have a folder that is titled 'clclean.0001.d.ir.0000'. I cannot delete or quarantine this folder. I have attempted using Spyware Doctor from PCTools, but this has not worked. When I scan with Spyware Doctor in normal mode, I still receive '1 infection found'. When I scan in Safe Mode, I have 0 infections. Any suggestions on removing this quickly would help.

I have Windows XP Media Center OS.
2008-09-08 10:32:10 :: Propriétaire : PoF :: Commenter :: Recherche :
Recherche par Google (en travaux):
XHTML 1.0 valide ? :: CSS valide ? :: -- Fonctionne avec WikiNi 0.4.4 (interwiki)