JS:Banker-IC help

[Pondus]

I am also suffering with the same JS:Banker-IC issue. I receive the warning message from Avast when I open IE(9), Skype and Avast.

Have run Avast virus scan and the boot time scan, which both claim to have deleted the virus, but it reappears.

I have also run MBAM and even installed Microsoft Security Essentials, both returned 0 infection results.

Please help as I am pulling my hair out here!

Thanks

Paul

start your own topic in the virus and worms section.....where you attach the requested logs

follow this guide and attach (not copy and paste) Logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

[essexboy]

I am wondering whether this is a false positive, could you manually update the virus definitions and see if it still occurs

[dallasa]

Kaspersky came up with nothing. All of my virus definitions are up to date so I can't manually update... I'll try uninstalling and reinstalling Avast in a bit and see what happens.

[essexboy]

OK this is really weird as I am not seeing anything that would cause this

[farmski]

I keep getting this "JS:Banker-IC [Trj]" thing come up too.. ive already run sophos antirootkit aswell as spybot/adaware and pc-matic, before seeing this entry... none of the above came up with anything...

[essexboy]

I do not believe it to be a false positive now as I am getting no indication of this on either XP or 7

Is it on any specific page or any specific browser

[dallasa]

Still getting the warnings after reinstalling. It isn't on any specific browser, both Firefox and Chrome bring up the warnings. The objects I've seen that bring up the warning are anything that requires a connection to the net (Firefox, Chrome, Skype, wpad.dat, avast.setup, etc.)

[essexboy]

Do you connect via a router ?  And do any other computers using it experience the same problem

[dallasa]

Yes I do. And I don't have access to the other computers right now, so I don't know.

[essexboy]

I t may well be worth resetting the Router

Do you know how to do that ?

What is the router model

[DavidR]

I am wondering whether this is a false positive, could you manually update the virus definitions and see if it still occurs

I'm thinking the same thing, see http://forum.avast.com/index.php?topic=100088.msg799230#msg799230, my reply to a new topic started by pevans8180 in response to request by Pondus.

I have submitted it to avast for analysis.

[gpearson]

I recall that that this started happening right after Avast did an automatic virus definition update. I don't have anything else does auto updates on my PC & I hadn't been doing anything out of the ordinary so... I wonder, could this be Avast itself that is corrupted?

[DavidR]

Not corrupt as such, but a virus definitions update could have modified a signature that now detects a file as infected by JS:Banker-IC.

However, yours is slightly different different to this and the other topic as this was on a website file but same JS:Banker-IC signature, an update of this could have implications across many files.

Yours however, refers to a script

A script started by c:\...\AvastUI.exe
JS:Banker-IC[Trj]
Process: c:\Program Files\...\AvastUI.exe

Normally I would say that you should submit the file detected to avast for further analysis, but I don't see how you can send a script as there is no reference to the script, just the file starting it.

[dallasa]

Not corrupt as such, but a virus definitions update could have modified a signature that now detects a file as infected by JS:Banker-IC.

However, yours is slightly different different to this and the other topic as this was on a website file but same JS:Banker-IC signature, an update of this could have implications across many files.

Yours however, refers to a script

A script started by c:\...\AvastUI.exe
JS:Banker-IC[Trj]
Process: c:\Program Files\...\AvastUI.exe

Normally I would say that you should submit the file detected to avast for further analysis, but I don't see how you can send a script as there is no reference to the script, just the file starting it.

I should have been more clear earlier, but the same thing (getting a warning for a script) is also what's happening to me most of the time, with the .exe's (of Firefox, Avast, etc.) being the objects that start the script. The only warnings that aren't associated with a script seem to be for wpad.dat.

[DavidR]

OK, that is what I have sent off for analysis, but that doesn't mean its the same file or site, just the one I investigated from the other topic.