The Avenger

Poster ici les programmes utiles que vous avez découverts
Malekal_morte
Site Admin
Site Admin
Messages : 95726
Inscription : 10 sept. 2005 13:57
Contact :

The Avenger

Message par Malekal_morte » 05 janv. 2010 19:31

The Avenger est un Fix écrit par Swandog46 très puissant qui permet de supprimer des malwares et notamment les plus récalcitrant comme les rootkits (voir la page supprimer les rootkits).

A travers un script, le fix permet de supprimer n'importe quel fichier, clef du registre ou driver.

Site Officiel : http://swandog46.geekstogo.com/

Syntaxe des scripts : http://swandog46.geekstogo.com/avenger2/tutorial.html
Exemple d'utilisation : http://swandog46.geekstogo.com/avenger2/example.html

Voici la fenêtre de The Avenger (assez simpliste) où l'on copie/colle le script.
Notez que The Avenger est capable de reconnaître quelque rootkit courant et de les désactiver (option Automatically disable any rootkits found)

Image

Cette vidéo montre comment The Avenger est capable de supprimer le rogue Malware Defense et surtout le Trojan.Alureon / Trojan.Tdss :



Le script utilisé :
Drivers to delete:
H8SRTd.sys

Files to Delete:
C:\Documents and Settings\Malekal_morte\Local Settings\Temp\H8SRTb239.tmp
C:\Documents and Settings\Malekal_morte\Local Settings\Temp\H8SRTcb1f.tmp
C:\Documents and Settings\Malekal_morte\Local Settings\Temp\h8srtmainqt.dll
C:\WINDOWS\system32\drivers\H8SRTbphqhxnlwx.sys
C:\WINDOWS\system32\H8SRTdmrrfqjsqm.dat
C:\WINDOWS\system32\H8SRTgriyddcbfp.dll
C:\WINDOWS\system32\H8SRTnmfdewbsmp.dll
C:\WINDOWS\system32\H8SRTqphaxvkyle.dll
c:\WINDOWS\system32\krl32mainweq.dll
c:\Documents and Settings\Malekal_morte\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk
c:\Documents and Settings\Malekal_morte\Desktop\99fe.exe
c:\Documents and Settings\Malekal_morte\Desktop\Malware Defense Support.lnk
c:\Documents and Settings\Malekal_morte\Desktop\Malware Defense.lnk
c:\Documents and Settings\Malekal_morte\Desktop\wscsvc32.exe.txt
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\1.ico
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\2.ico
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\3.ico
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\Installer.exe
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\settdebugx.exe
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\SSM_uninstall.log
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\test.reg
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac491f.tmp
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8577.tmp
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8894.tmp
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8e13.tmp
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\wscsvc32.exe
c:\Documents and Settings\Malekal_morte\Recent\wscsvc32.exe.txt.lnk
c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk
c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Malware Defense.lnk
c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk

Folders to delete:
c:\Program Files\Malware Defense
Le log au redémarrage :
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTbphqhxnlwx.sys
Driver disabled successfully.

Rootkit scan completed.

Driver "H8SRTd.sys" deleted successfully.
File "C:\Documents and Settings\Malekal_morte\Local Settings\Temp\H8SRTb239.tmp" deleted successfully.
File "C:\Documents and Settings\Malekal_morte\Local Settings\Temp\H8SRTcb1f.tmp" deleted successfully.
File "C:\Documents and Settings\Malekal_morte\Local Settings\Temp\h8srtmainqt.dll" deleted successfully.
File "C:\WINDOWS\system32\drivers\H8SRTbphqhxnlwx.sys" deleted successfully.
File "C:\WINDOWS\system32\H8SRTdmrrfqjsqm.dat" deleted successfully.
File "C:\WINDOWS\system32\H8SRTgriyddcbfp.dll" deleted successfully.
File "C:\WINDOWS\system32\H8SRTnmfdewbsmp.dll" deleted successfully.
File "C:\WINDOWS\system32\H8SRTqphaxvkyle.dll" deleted successfully.
File "c:\WINDOWS\system32\krl32mainweq.dll" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\99fe.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\Malware Defense Support.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\Malware Defense.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\wscsvc32.exe.txt" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\x2e3v29c.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\1.ico" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\2.ico" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\3.ico" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\Installer.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\settdebugx.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\SSM_uninstall.log" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\test.reg" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac491f.tmp" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8577.tmp" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8894.tmp" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8e13.tmp" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\wscsvc32.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Recent\wscsvc32.exe.txt.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Malware Defense.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk" deleted successfully.
Folder "c:\Program Files\Malware Defense" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.


Répondre

Revenir vers « Programmes utiles »