virus

virus - Win NT/2K/XP - Windows & Software

Marsh Posté le 03-03-2005 à 17:52:21    

Posté le 03-03-2005 à 17:48:47    voila j'ai le virus funner-A (w32.funner) et norton me l'a detecter eet il me dirige vers symantec  
http://securityresponse.symantec.c [...] unner.html  
et il me dise d'ajouter une valeur dans un dossier nommée winlogon que je n'ai pas  
voila ce k'il dise :  
When W32.Funner is executed, it performs the following actions:  
 
 
Copies itself as:  
 
%System%\IEXPLORE.EXE  
%System%\EXPLORE.EXE or %System%\EXPLORER.EXE  
%Windir%\rundll32.exe  
%System%\userinit32.exe  
c:\funny.exe  
 
and executes the first three files listed.  
 
Notes:  
The three files make sure that the other two are running and will restart them if any are stopped.  
These files require the MSVBVM60.DLL file, which is a component of the Microsoft Visual Basic run-time environment.  
%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).  
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.  
 
Creates a log file named %System%\bsfirst2.log.  
 
Adds the value:  
 
"Userinit"="userinit32.exe,"  
 
to the registry key:  
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon  
 
so that the userinit32.exe runs when you start Windows.  
 
Adds the value:  
 
"MMSystem"="%Windir%\rundll32.exe "%System%\mmsystem.dll"", RunDll32"  
 
to some of the following registry keys:  
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce  
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run  
 
so that the rundll32.exe runs when you start Windows.  
 
May add the line:  
 
Shell = %System%\explore.exe  
 
to the [boot] section of the system.ini file.  
 
Attempts to send c:\funny.exe to contacts in the Microsoft MSN Messenger instant message program.  
 
 
May contact the www.78p.com domain and download various components.

Reply

Marsh Posté le 03-03-2005 à 17:52:21   

Reply

Marsh Posté le 03-03-2005 à 17:55:31    

Ce qui compte c'est pas trop ce que fait le virus mais ce qu'il faut faire pour s'en debarasser non ? a mon avis tu n'a pas copier/coller ce qu'il fallait...

Reply

Marsh Posté le 03-03-2005 à 17:56:51    

lol ouais,

Reply

Marsh Posté le 03-03-2005 à 17:57:50    

si kelkun pe me doner un lien pour le désinfection

Reply

Marsh Posté le 03-03-2005 à 18:00:44    

http://securityresponse.symantec.c [...] unner.html
 
:::::: Removal Instructions ::::::
 
Disable System Restore (Windows Me/XP).  
Update the virus definitions.  
Restart the computer in Safe mode or VGA mode.  
Run a full system scan and delete all the files detected as W32.Funner.  
Reverse the changes made to the registry.  
Reverse the changes made to the System.ini file  
Remove entries from the Hosts file
 
lis bien alors...

Reply

Marsh Posté le 03-03-2005 à 18:05:48    

bein en bas de la page, t'a les "removal instructions"...
http://securityresponse.symantec.c [...] unner.html

Reply

Marsh Posté le 03-03-2005 à 18:23:20    

kelkun pe me le dire en francais

Reply

Marsh Posté le 03-03-2005 à 18:27:50    

Reply

Marsh Posté le 03-03-2005 à 18:59:41    

j'ai fai un scan avec a²free et rien

Reply

Marsh Posté le 03-03-2005 à 20:00:43    

je ne compren pa ce k'il vau faire donc si kelkun pe m'expliquer clairement
merci

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed