Spy Axe

Une crasse du tonnerre qui revient automatiquement peu après le démarrage et ce, que vous l'ayez nettoyé peu avant).

La solution est SmitFraudFix, un logiciel fait pour éliminer ce spyware (ainsi que d'autres).

Une fois téléchargé, dézippez-le sur le Bureau (ou ailleurs).
Ouvrez le dossier SmitfraudFix et lancez SmitfraudFix.cmd
Choisissez l'option 1 (Recherche)

Pour être vraiment efficace, il est recommandé de l'utiliser en mode sans échec (pour cela : démarrez le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionnez "Mode sans échec" puis appuyez sur la touche ENTER du clavier).

Si vous avez un doute, vous pouvez toujours poster ce rapport dans ce forum, bien que tout ce que ce logiciel trouve puisse normalement être éliminé sans état d'âme.

Pour éliminer les spywares (toujours en mode sans échec, de préférence), choisissez l'option n°2 (et si vous avez envie de constater la différence, générez un nouveau rapport).

Voici à quoi ressemble ce programme

 

Et ses rapports:

  • à gauche, la recheche
  • à droite, après la désinfection


Le responsable principal de cette infection est svchosts.dll (il se trouve dans C:/windows/system32) et n'a rien à voir avec les svchost.exe (pas de s) de Windows qui sont tout à fait légitimes et nécessaires.

Certains ont réussi à l'éliminer grâce à Ewido Security Suite, programme dont la version free suffit. Ces instructions sont en anglais, mais très faciles à suivre.

Voici une autre explication (toujours en anglais, les choses intéressantes du web sont généralement dans la langue de Thatcher, prévoyez donc un bon dictionnaire):

Step 1

Configure Windows to Show all hidden files & folders and ensure you're familiar with rebooting into Safe Mode.

Delete your version of SmitRem and download the latest from here. Save the file to your desktop.

Double-click SmitRem.exe to extract it to it's own folder on the desktop

Place a shortcut to Panda ActiveScan on your desktop.

Update Ewido's definitions to the latest.

Step 2

Next, please reboot your computer in Safe Mode - Very Important !!

Run HijackThis again and checkmark the boxes next to the following:-

O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hpE951.tmp

Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked

Step 3

Using Windows explorer, locate the folder C:\Program Files\SpyAxe and double-click the uninstall.exe file inside to uninstall SpyAxe.

Then delete the SpyAxe folder.

Now locate and delete these files/folder in bold:

  • C:\Windows\system32\svchosts.dll <--Careful of the spelling. Do NOT delete svchost.exe !!
  • C:\WINDOWS\system32\mssearchnet.exe
  • C:\WINDOWS\system32\nvctrl.exe<
  • C:\Windows\system32\1024\<--folder
Step 4

Open the SmitRem folder and double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named Smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Step 5

Open Ewido and scan your machine.

  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • Warning: Do NOT open any other windows or your Control Panel while scanning as it may prevent scan completion!!
  • When prompted to clean the first infection, select "Remove" and checkmark the box beside "Perform action on all infections" in the left corner.
  • Upon scan completion, click the Save report button and save the report.txt to your desktop.
  • Then close Ewido Security Suite.
Step 6

Next go to your Control Panel and click Display | Desktop | Customise Desktop | Website | Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.

  • Once on the Panda site click the Scan your PC button and then the Check Now button on the next screen.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your E-mail address and click Send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • Allow the Active X component to install and download the necessary files. (Note: It may take a couple of minutes)
  • When the download is complete, click on Local Disks to start the scan.
  • Upon scan completion, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Il peut arriver que certains fichiers chargés en mémoire ne se laissent pas effacer. Pour vous sortir de là, il existe Killbox. Une fois téléchargé, il suffit de le dézipper pour l'employer (pas besoin d'installation).

Voici comment l'employer en quelques images:

En cliquant sur le petit dossier, vous accèderez à votre ordinateur afin de chercher le fichier à supprimer.
Séletionnez-le pour remplir la case idoine, cochez la case delete selected file, cliquez sur le bouton représentant une croix blanche sur fond rouge, et voilà.
S'il résite, cochez la case delete on reboot, puis la croix.
Validez la boîte de dialogue, et au redémarrage suivant, ce fichier aura cessé de vous embêter.

 

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems.

Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Why? ... because in certain cases "Ad Servers" like Doubleclick will try to open a separate connection on the webpage you are viewing.

For XP SP2 users you should see a Security Center prompt about allowing this connection.
Simply click No and continue. Yes the prompts can be annoying but at least you'll know.
Note: this prompt only occurs if *.doubleclick.net is included in the "Restricted Zone".


Note: By placing these type sites in the Restricted Zone this also cures the "Back Button" issue.

Now includes most major parasites, hijackers and unwanted Search Engines!
Proudly now the #1 rated HOSTS file on the Internet!  - Google | MSN | Yahoo | AltaVista
Now featured on the Kim Komando Radio Show
The MVPS HOSTS file has been selected by Pricelessware as "the best of the best in Freeware"

In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, annoying banners, hit counters, etc. to load. This also helps to protect your Privacy and Security by blocking sites that may track your viewing habits, also known as  "click-thru tracking" or Data Miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another effective "Layer of Protection".

Editors Note: As time has progressed the focus of this project has changed from just blocking ads/banners to protecting the user from the many parasites that now exist on the Internet. It doesn't serve much purpose if you block the ad banner from displaying as most other HOSTS files do, but get hijacked by a parasite from an evil exploit or download contained on the web site. The object is to surf faster while preserving your Safety, Security and Privacy.

Download: hosts.zip [right-click - Select: Save Target As] [Updated 12-12-05]

This download includes a simple batch file (mvps.bat) that will rename the existing HOSTS file (HOSTS.MVP) then copy the included HOSTS file to the proper location. For more information please see the readme.txt included in the download.

Download Information: (checksum info is on the HOSTS file not the "hosts.zip")
MD5: 465dc357cd87c47d28a1cce5119fc917 SHA-1: 5fcaa931e4c885916013e114fddcc0b0b67f5fbb
(created by File Checksum Integrity Verifier) To view Checksum for this download 

Manual Method - Unzip in a "temp" folder and place in the appropriate installed location:

Note: the below locations are for the default paths, edit as needed.

Windows XP >= C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98/ME >= C:\WINDOWS

There is no need to turn on, adjust or change any settings. Windows automatically looks for the existence of a HOSTS file and if found, checks the HOSTS file first for entries to the web page you just requested. The 127.0.0.1 is the location of your computer, so when the entry (example) " ad.doubleclick.net" is requested your computer thinks 127.0.0.1 is the location of the file. When this file is not located it skips onto the next file and thus the ad server is blocked from loading the banner, Cookie, or some unscrupulous ActiveX, or javascript file.

In case you're wondering ... this all happens in microseconds, which is much faster than trying to fetch a file from half way around the world. Another great feature of the HOSTS file is that it is a two-way file, meaning if some parasite does get into your system (usually bundled with other products) the culprit can not get out (call home) as long as the necessary entries exist. This is why it's important to keep your HOSTS file up to Date.

Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000 and XP. Windows 98 and ME are not affected.

To resolve this issue (manually) open the "Services Editor"

  • Start | Run (type) "services.msc" (no quotes)
  • Scroll down to "DNS Client", Right-click and select: Properties<
  • Click the drop-down arrow for "Startup type"
  • Select: Manual, click Apply/Ok and restart.

You can see that the above "Service" is not needed (after a little browsing) by opening the Services Editor again, scroll down to DNS Client and check the "Status" column. It should be blank, if it was needed it would show "Started" in that column.

Editors Note: The above instructions are intended for a single (home-user) PC. If your machine is part of a "Domain", check with your IT Dept. before applying this work-around. This especially applies to Laptop users who travel or bring their machines home. Make sure to reset the Service prior to connecting (reboot required) to your work Domain ...

DnsManual.bat (resets the DNS Client to Manual) [right-click and select: Save Target As]
DnsDisabled.bat (resets the DNS Client
To use: double-click on the downloaded file and that's it ...

Related Utilities

Editors Note: I use and recommend all of these terrific programs.

HOSTS Secure is a utility that you can use to automatically download, unzip, and install the MVPS HOSTS file. Features include a scheduler to keep the file up to Date. Note: requires ".Net Framework 1.1"

Rename the HOSTS file on the fly ... a simple one click batch file.

Hoster is a terrific multi-function Hosts File Manager Note: no install required, it runs from anywhere ...

HostsMan is a freeware application that lets you manage your Hosts file. Includes an option to turn off the unneeded DNS Client Service.


Various Troubleshooting Articles

Mis à jour le 11 janvier, 2008

Retour à l'accueil