Ajoute les éléments suivants sur le système (les noms de fichiers sont aléatoires) :your picture ?! hxxp://afxdesigns.net/pictures/viewimage.php?=..
Scan du fichier :* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
o System Updates = "qylr.exe"
* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
o System Updates = "qylr.exe"
so that qylr.exe runs every time Windows starts
* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
o System Updates = "qylr.exe"
so that qylr.exe runs every time Windows starts
* [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
o System Updates = "qylr.exe"
* [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
o System Updates = "qylr.exe"
* [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
o System Updates = "qylr.exe"
so that qylr.exe runs every time Windows starts
* [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
o System Updates = "qylr.exe"
so that qylr.exe runs every time Windows starts
* [HKEY_CURRENT_USER\Software\Microsoft\OLE]
o System Updates = "qylr.exe"
* [HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa]
o System Updates = "qylr.exe"
Kaspersky le détecte en Backdoor.Win32.SdBot.fiq
Complete scanning result of "F.EXE", processed in VirusTotal at 07/16/2008 12:19:38 (CET).
[ file data ]
* name..: F.EXE
* size..: 158208
* md5...: 1ae1c022ed14d9d59cfc275f9a51c747
* sha1..: 80cf1c62f398d789a3b757964853430f346d202d
* peid..: -
[ scan result ]
AhnLab-V3 2008.7.16.0/20080716 found nothing
AntiVir 7.8.0.68/20080716 found [DR/Delphi.Gen]
Authentium 5.1.0.4/20080715 found nothing
Avast 4.8.1195.0/20080715 found nothing
AVG 7.5.0.516/20080716 found nothing
BitDefender 7.2/20080716 found [Trojan.Inject.FW]
CAT-QuickHeal 9.50/20080715 found nothing
ClamAV 0.93.1/20080716 found nothing
DrWeb 4.44.0.09170/20080716 found nothing
eSafe 7.0.17.0/20080715 found nothing
eTrust-Vet 31.6.5959/20080716 found nothing
Ewido 4.0/20080715 found nothing
F-Prot 4.4.4.56/20080715 found [W32/DelfInject.A.gen!Eldorado]
F-Secure 7.60.13501.0/20080716 found nothing
Fortinet 3.14.0.0/20080716 found nothing
GData 2.0.7306.1023/20080716 found nothing
Ikarus T3.1.1.26.0/20080716 found nothing
Kaspersky 7.0.0.125/20080716 found nothing
McAfee 5339/20080715 found nothing
Microsoft 1.3704/20080716 found [VirTool:Win32/DelfInject.gen!K]
NOD32v2 3271/20080716 found [a variant of Win32/Injector.U]
Norman 5.80.02/20080715 found nothing
Panda 9.0.0.4/20080715 found [Suspicious file]
Prevx1 V2/20080716 found nothing
Rising 20.53.22.00/20080716 found nothing
Sophos 4.31.0/20080716 found [Mal/Behav-154]
Sunbelt 3.1.1536.1/20080715 found nothing
Symantec 10/20080716 found nothing
TheHacker 6.2.96.381/20080716 found nothing
TrendMicro 8.700.0.1004/20080716 found nothing
VBA32 3.12.8.0/20080715 found nothing
VirusBuster 4.5.11.0/20080715 found nothing
Webwasher-Gateway 6.6.2/20080716 found [Trojan.Dropper.Delphi.Gen]