titloup
Elite
Vlà... ce tit TROJAN de merdeu, faisait déjà des siennes... je l'avais répéré il y a quelques jours, il tournait parmis les autres tâches... vlà qu'il essaye aujourd'hui de se connecter au WEB... et BAM dans sa tronche...
Une petite recherche sur google m'informe que c'est celui-ci:
Backdoor.IRC.SdBot
SdBot is a family of backdoor remote, malicious administration software.
This family of viruses allows an evil-doer to control victim computers remotely by sending commands via IRC channels.
Installation
Depending upon the backdoor version it copies itself either to the Windows System directory or to other directories located in the System directory.
The program also sets its copy to be executed upon Windows start-up by writing a registry value to one of the following registry keys:
HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run
The name of the registry value varies in different versions.
Payload
The SdBot backdoor program connects to various IRC servers, then connects with a channel that is hard coded in its body, and then receives remote control commands from its master (person controlling the program).
The remote control commands feature downloading and executing remote files, acting as an IRC proxy server, joining IRC channels, sending messages via IRC, and sending UDP and ICMP packets to remote computers.
Bref, une merde à supprimer trés vite, à mon avis je l'ai chopé quelque part sur IRC... comment j'en sais rien... en plus NORTON ne le DETECTE PAS :x
Pour le DETECTER
:arrow: www.kaspersky.com/remoteviruschk.html
Pour le SUPPRIMER
:arrow: Comme NORTON ne le detecte pas je l'ai fait manuellement
:arrow: Supprimer le fichier lui-même C:\WINDOWS\SYSTEM32\MsProt32.exe
:arrow: Supprimer les clés dans le registre comme indiqué plus haut[/url]
Une petite recherche sur google m'informe que c'est celui-ci:
Backdoor.IRC.SdBot
SdBot is a family of backdoor remote, malicious administration software.
This family of viruses allows an evil-doer to control victim computers remotely by sending commands via IRC channels.
Installation
Depending upon the backdoor version it copies itself either to the Windows System directory or to other directories located in the System directory.
The program also sets its copy to be executed upon Windows start-up by writing a registry value to one of the following registry keys:
HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run
The name of the registry value varies in different versions.
Payload
The SdBot backdoor program connects to various IRC servers, then connects with a channel that is hard coded in its body, and then receives remote control commands from its master (person controlling the program).
The remote control commands feature downloading and executing remote files, acting as an IRC proxy server, joining IRC channels, sending messages via IRC, and sending UDP and ICMP packets to remote computers.
Bref, une merde à supprimer trés vite, à mon avis je l'ai chopé quelque part sur IRC... comment j'en sais rien... en plus NORTON ne le DETECTE PAS :x
Pour le DETECTER
:arrow: www.kaspersky.com/remoteviruschk.html
Pour le SUPPRIMER
:arrow: Comme NORTON ne le detecte pas je l'ai fait manuellement
:arrow: Supprimer le fichier lui-même C:\WINDOWS\SYSTEM32\MsProt32.exe
:arrow: Supprimer les clés dans le registre comme indiqué plus haut[/url]