Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: nrv on December 17, 2006, 05:19:01 PM

Title: Win32:Banker-BHS [Trj] - HELP
Post by: nrv on December 17, 2006, 05:19:01 PM
Avast has discovered the Win32:Banker-BHS [Trj] on my computer and it is affecting my system badly.
Avast scans find it but doesn't remove it.
The Avast  scan tells me errors occurred during trying to either moving it to the chest or deleting this trojan.
Can someone please help me get this virus out of my computer?

I have run Avast boot scan too but it didn't help.
Thank you
Title: Re: Win32:Banker-BHS [Trj] - HELP
Post by: DavidR on December 17, 2006, 05:28:31 PM
What Operating System are you using ? is it up to date ?
What avast! version and VPS file (virus database) number, e.g. 0630-2 (see about avast!) ?
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

What is your firewall ?

It may be that there are other elements that are restoring/downloading the file.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. Ewido, a.k.a. avg anti-spyware (http://www.ewido.net/en/download/) If using winXP. or a-Squared free (http://www.emsisoft.com/en/software/free/) if using win98/ME.
Title: Re: Win32:Banker-BHS [Trj] - HELP
Post by: nrv on December 17, 2006, 05:56:47 PM
I am using WindowsXp Pro with all recent windows updates available..
the Avast is 4.7 Home edition and file version is: 0659-1
Avast provides for the infected file name as:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E
Zone Alarm is the firewall
I'll download the recommended avg..

Thank you..
Title: Re: Win32:Banker-BHS [Trj] - HELP
Post by: DavidR on December 17, 2006, 06:09:50 PM
OK the c:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.

Win XP - How to disable System Restore (http://www.pchell.com/virus/systemrestore.shtml)

Quote
Avast has discovered the Win32:Banker-BHS [Trj] on my computer and it is affecting my system badly.
Other than the system volume information issue is there anything else that you say is effecting your system badly ?
Title: Re: Win32:Banker-BHS [Trj] - HELP
Post by: nrv on December 17, 2006, 06:23:02 PM
David,
 Thank you very much.
I'll proceed with this process and return here if other problems become obvious.
Thank you, again, for this help.
Title: Re: Win32:Banker-BHS [Trj] - HELP
Post by: DavidR on December 17, 2006, 07:10:19 PM
Your welcome.
Title: Re: Win32:Banker-BHS [Trj] - HELP
Post by: nrv on December 17, 2006, 09:40:16 PM
David,
 Following your directions it worked perfectly.
The scan after disabling the system restore and the reboots revealed the trojan was gone.
I've reenabled the system restore and hope tomorrow's scan will continue showing a clean slate.
Thank you so much.