徵狀
在執行 Microsoft Windows 2000、Microsoft Windows XP 或 Microsoft Windows Server 2003 的電腦上,有可能遇到下列徵狀:
-
Internet Explorer 的首頁重設為 "about:blank"。
-
Microsoft Windows Defender 意外地結束。
發生的原因
之所以發生這個問題,可能是電腦受到 TrojanSpy:Win32/Banker 特洛伊木馬程式的感染。
其他可行方案
大多數的防毒軟體都可以偵測和防止惡意軟體的感染。如果要解決這個問題,請執行已更新最新簽章檔案的防毒軟體。然後,重新安裝 Microsoft Windows Defender。
其他相關資訊
發生這個問題時,TrojanSpy:Win32/Banker 會採取下列動作:
-
TrojanSpy:Win32/Banker 將 Internet Explorer 首頁設定為 "about:blank"。
-
TrojanSpy:Win32/Banker 刪除位於 C:\Program Files\Microsoft AntiSpyware 資料夾中的所有檔案。
-
TrojanSpy:Win32/Banker 尋找與 Microsoft Windows AntiSpyware (Beta) 相關的視窗,並傳送訊息給這些視窗以將其關閉。
-
TrojanSpy:Win32/Banker 結束與 Microsoft Windows AntiSpyware (Beta) 相關聯的處理程序。
-
TrojanSpy:Win32/Banker 嘗試從某個 Web 伺服器下載,然後執行更新。
-
TrojanSpy:Win32/Banker 嘗試從某個 FTP 伺服器下載,然後執行其他軟體。
-
TrojanSpy:Win32/Banker 阻止使用者存取某些安全網站。
-
TrojanSpy:Win32/Banker 從下列子機碼中移除 gcasServ 登錄項目:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
-
TrojanSpy:Win32/Banker 趁使用者造訪線上銀行網站時,收集使用者個人資訊。
這些網站包括:-
ibank.barclays.co.uk
-
ibank.cahoot.com
-
myonlineaccounts2.abbeynational.co.uk
-
olb.westpac.com.au
-
olb2.nationet.com
-
online.lloydstsb.co.uk
-
sec.westpactrust.co.nz
-
web.da-us.citibank.com
-
www.bpinet.pt
-
www.ebank.hsbc.co.uk
-
www.ebank.hsbc.com.hk
-
www.halifax-online.co.uk
-
www.iblogin.com
-
www.national.com.au
-
www.nwolb.com
-
www.rbsdigital.com
TrojanSpy:Win32/Banker 接著嘗試將此資訊傳送到 FTP 伺服器上。
-
-
TrojanSpy:Win32/Banker 在 %windir%\Req.log 檔案中,記錄您造訪的 URL。不過,包含下列字串的 URL 則不予記錄:
-
https
-
safeform.com
-
northeast.on.ca
-
salesforce.com
-
prudential.com.hk
-
sammikk.com
-
samsunggsbn.com
-
sbc.com
-
s-central.com.au
-
ebay
-
sciamdigital.com
-
scicollege.org.sg
-
upjs.sk
-
eutelsat.net
-
searchfit.org
-
seatbooker.net
-
sebra.com
-
yimg.com
-
acadiau.ca
-
adultfriendfinder.com
-
advisor.com
-
authorize.net
-
bearshare.com
-
betbanking.com
-
bnpparibas.net
-
c1hrapps.com
-
customersvc.com
-
konetic.org
-
delias.com
-
deluxepass.com
-
directnic.com
-
directsex.com
-
earthport.com
-
elance.com
-
element5.com
-
elsevier
-
emetrix.com
-
e-registernow.com
-
europeonline.com
-
ezpeer.com
-
fredericks.com
-
gevalia.com
-
hilton.com
-
hostdozy.com
-
hotbar.com
-
idx.com .au
-
indigosp.com
-
infusion-studios.com
-
intuitcanada.com
-
reuters.com
-
kent.net lkw-walter.com
-
medibank.com.au
-
mouse2mobile.com
-
mysylvan.com
-
nacelink.com
-
netbilling.com
-
netfirms.com
-
netspeed.com.au
-
nike.com.hk
-
novuslink.net
-
nzqa.govt.nz
-
oberon-media.com
-
onlineaccess.net
-
optusnet.com.au
-
orcon.net
-
ordering.co.uk
-
oztralia.com
-
register.com
-
safesite.com
-
shaw.ca
-
billerweb.com
-
sms.ac
-
sparkart.com
-
sparknotes.com
-
starbiz.net.sg
-
telusmobility.com
-
thewheelconnection.com
-
tickle.com
-
trekblue.com
-
tsn.cc
-
ubi.com
-
vandyke.com
-
w2express.com
-
mgm-mirage.com
-
webeweb.net
-
wn.com.au
-
securecart.net
-
secureordering.com
-
secureserver.net
-
imrworldwide.com
-
playstation.com
-
western-inventory.com
-
securewebexchange.com
-
securitymetrics.com
-
selfmgmt.com
-
t-mobile.co.uk
-
xtra.co.nz
-
canon-europe.com
-
senecac.on.ca
-
sephora.com
-
liveperson.net
-
ariba.com
-
sympatico.ca
-
xs4all.nl
-
macau.ctm.net
-
rogers.com
-
sfgov.org
-
cic.gc.ca
-
vodafone.co.uk
-
hku.hk
-
sfa.prudential.com.sg
-
shkcorpws5.shkp.com
-
ecompanystore.com
-
o2online.de
-
shopadmin.daum.net
-
shoppersoptimum.ca
-
go-fia.com
-
zoovy.com
-
shopundco.com
-
shutterfly.com
-
signup.sprint.ca
-
silicon-power.com
-
singnet.com.sg
-
simplyhotels.com
-
sims.sfu.ca
-
singaporeair.com
-
site-secure.com
-
esdlife.com
-
flextronics.com
-
cometsystems.com
-
snapfish.com
-
solo3.nordea.fi soccer.com
-
hkuspace.org
-
soundclick.com
-
swamp.lan spiritair.com
-
sportingbet.com
-
sportodds.com
-
worldgaming.net adaptec.com
-
sqnet.com.sg srp.org.sg
-
ains.com.au
-
campoints.net
-
ingrammicro.com
-
kundenserver.de
-
speedera.net
-
farlep.net
-
lanck.net .sok
-
monster.com
-
ihost.com
-
gigaisp.net
-
webtrendslive.com
-
a-net.com
-
puma.com
-
apple.com
-
streamload.com
-
maximonline.com
-
look.ca
-
supergo.com
-
cablebg.net
-
dell
-
sony
-
inlandrevenue.gov.uk
-
tbihosting.com
-
quickbooks.com
-
techdata.com
-
telpacific.com.au
-
telstra.com
-
freedom.net
-
recruitsoft.com
-
tepore.com
-
theaa.com
-
three.com.hk
-
ticketmaster.com
-
ultrastar.com
-
ti.com
-
tirerack.com
-
tm.net.my
-
tmi-wwa.com
-
tdcwww.net
-
stanfordalumni.org
-
012.net
-
starhubshop.com.sg
-
datasvit.net
-
ssdcl.com.sg
-
music
-
iinet.net.au
-
iprimus.com.au
-
hp.com
-
game
-
towerhobbies.com
-
travel.com.au
-
travel.priceline.com
-
travelclub.swiss.com
-
travelcommunications.co.uk
-
trivita.com
-
trust1.com
-
trustinternational.com
-
yorku.ca
-
preschoicefinancial.com
-
united.intranet.ual.com
-
unixcore.com
-
uwindsor.ca
-
ucas.co.uk
-
ups.com
-
yesasia.com
-
usafis.org
-
uscden.net
-
uscitizenship.info
-
va-bank.com
-
vasa.slsp.sk
-
veloz.com
-
victoriassecret.com
-
videotron.com
-
mcafee.com
-
virginblue.com.au
-
virginmobileusa.com
-
vodafone vpost.com.sg
-
vutbr.cz
-
opusit.com.sg
-
ibm.com
-
aircanada.ca
-
walgreens.com
-
watchguard.com
-
icq.com
-
ych.com
-
uottawa.ca
-
uoguelph.ca
-
there.com
-
webassign.net
-
comcast.net
-
douglas.bc.ca
-
carleton.ca
-
mcgill.ca
-
mcmaster.ca
-
queensu.ca
-
sheridanc.on.ca
-
ubc.ca
-
unb.ca
-
.ac.at
-
.ac.nz
-
.ust.hk
-
microsoft.com
-
guidehome.com
-
sap-ag.de
-
nwa.com
-
webzdarma.cz
-
intel.com
-
bigpond.net.au
-
willhill.com
-
.ac.uk
-
t-mobile.com
-
uwaterloo.ca
-
delawarenorth.com
-
worldwinner.com
-
worth1000.com
-
wrem.sis.yorku.ca
-
sierraclub.org
-
serviticket.com
-
yagma.com
-
yes.com.hk .edu
-
yourastrologysite.com
-
ytv.com .o2.co.uk
-
zwallet.com
-
TrojanSpy:Win32/Banker 會以瀏覽器協助程式物件的形式,安裝於 Internet Explorer 中。
若要自動保護電腦不受感染,請一律執行會使用最新簽章檔案的防毒軟體。若要保護電腦不受到目前以及未來的威脅,請造訪下列 Microsoft 網站:
http://www.microsoft.com/taiwan/athome/security/default.mspx
