Ajoute la ligne suivante sur HijackThis :
Ajoute les fichiers :O4 - HKLM\..\Run: [Windows Reverse Preperation] winrvp.exe
Scan du fichier :C:\Windows\System32\winrvp.exe
%Temp%\new-photos.zip
EDIT Kaspersky le détecte en : Backdoor.Win32.IRCBot.axpFile picture_0027-newcamera.JPEG-scann received on 12.29.2007 13:55:16 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 5/32 (15.63%)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.28 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.12.29 -
Avast 4.7.1098.0 2007.12.28 -
AVG 7.5.0.516 2007.12.28 -
BitDefender 7.2 2007.12.29 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.29 -
DrWeb 4.44.0.09170 2007.12.29 -
eSafe 7.0.15.0 2007.12.27 Suspicious File
eTrust-Vet 31.3.5412 2007.12.29 -
Ewido 4.0 2007.12.29 -
FileAdvisor 1 2007.12.29 -
Fortinet 3.14.0.0 2007.12.29 -
F-Prot 4.4.2.54 2007.12.28 -
F-Secure 6.70.13030.0 2007.12.28 -
Ikarus T3.1.1.15 2007.12.29 -
Kaspersky 7.0.0.125 2007.12.29 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.29 -
NOD32v2 2755 2007.12.29 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.29 Suspicious file
Prevx1 V2 2007.12.29 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.29 Mal/Emogen-N
Sunbelt 2.2.907.0 2007.12.28 -
Symantec 10 2007.12.29 -
TheHacker 6.2.9.174 2007.12.28 -
VBA32 3.12.2.5 2007.12.29 -
VirusBuster 4.3.26:9 2007.12.28 -
Webwasher-Gateway 6.6.2 2007.12.28 Trojan.Crypt.XPACK.Gen
Additional information
File size: 74752 bytes
MD5: f7d59587e0947457948af8ef12fc83d0
SHA1: 70a6ce13c0123ae6815c87dfb09babea53e2fb9d
PEiD: -
packers: EXECryptor
packers: Execryptor