Votre question

Comment chasser Trojan-Spy.Win32.Banker.by sur millénium ????

Tags :
  • Scan
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Février 2007 20:54:38

Bonjour !!! Le rapport de Kaspersky m'indique que je suis infecté par Trojan-Spy.Win32.Banker.by

Voici le rapport :
Sunday, February 04, 2007 8:17:57 PM
Operating System: Microsoft Windows Millennium Edition
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/02/2007
Kaspersky Anti-Virus database records: 249977


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
a:\
c:\
d:\
e:\

Scan Statistics
Total number of scanned objects 38384
Number of viruses found 1
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 00:56:57

Infected Object Name Virus Name Last Action
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped

c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped

c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped

c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped

c:\WINDOWS\WIN386.SWP Object is locked skipped

c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

c:\WINDOWS\Sti_Trace.log Object is locked skipped

c:\WINDOWS\Sti_Event.log Object is locked skipped

c:\WINDOWS\wiaservc.log Object is locked skipped

c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

c:\WINDOWS\Cookies\index.dat Object is locked skipped

c:\WINDOWS\Historique\History.IE5\index.dat Object is locked skipped

c:\WINDOWS\SchedLog.Txt Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.rept Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.reph Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.repi Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.i0000 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.i0001 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.i0100 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.i0101 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.i0200 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.i0201 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.i0300 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Quarantine\QMng.i0301 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.rept Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.reph Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.repi Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.i0000 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.i0001 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.i0100 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.i0101 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.i0200 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.i0201 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.i0300 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Backup\BackupMng.i0301 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\TIF\GlobalTIFMng.rept Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\TIF\GlobalTIFMng.reph Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\TIF\GlobalTIFMng.repi Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\TIF\GlobalTIFMng.i0000 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\TIF\GlobalTIFMng.i0100 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\TIF\GlobalTIFMng.i0200 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.rept Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.reph Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.repi Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.i0000 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.i0001 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.i0100 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.i0101 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.i0200 Object is locked skipped

c:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\Reports\RptMng.i0201 Object is locked skipped

c:\_RESTORE\ARCHIVE\FS111.CAB/A0190438.CPY Infected: Trojan-Spy.Win32.Banker.byu skipped

c:\_RESTORE\ARCHIVE\FS111.CAB CAB: infected - 1 skipped

c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped

c:\_RESTORE\LOGS\vxdalt1.log

J'ai deja supprimé une fois en mode sans échec le fichier C:/system/icpldrvx.exe. Le virus était partis mais il est revenu. Peut-on le supprimé définitivement ?

Autres pages sur : chasser trojan spy win32 banker millenium

a b 8 Sécurité
4 Février 2007 21:39:49

Bonjour,

Désactive puis réactive la restauration du système.

- Télécharge Hijackthis (de Merjin).
- Dézippe le dans un dossier ou sur ton bureau.

- Lance l'application.
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.

AIDE : Tuto sur Hijackthis (Malekal)
4 Février 2007 21:49:32

Logfile of HijackThis v1.99.1
Scan saved at 21:44:44, on 04/02/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MICRO APPLICATION\SéCURITé INTERNET\ANTI-VIRUS\KAVSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICRO APPLICATION\SéCURITé INTERNET\ANTI-VIRUS\KLSWD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\STARTEAK.EXE
C:\PROGRAM FILES\AMD\POWERNOW!\GEMBACK.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\ZTE CORPORATION\ZXDSL852\CNXDSLTB.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICRO APPLICATION\SéCURITé INTERNET\ANTI-VIRUS\KAV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [AMD PowerNow!] "C:\Program Files\AMD\PowerNow!\GemBack.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\SYSTEM\icpldrvx.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRAM FILES\WANADOO\GestMaj.exe EspaceWanadoo.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30ee0b313d6122874618/netzip...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...

a b 8 Sécurité
5 Février 2007 13:24:01

C'est ok.
D'autres problèmes ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS