Author Topic: JS:Banker-IC help  (Read 39105 times)

0 Members and 1 Guest are viewing this topic.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37469
  • Not a avast user
Re: JS:Banker-IC help
« Reply #15 on: June 24, 2012, 04:55:56 PM »
I am also suffering with the same JS:Banker-IC issue. I receive the warning message from Avast when I open IE(9), Skype and Avast.

Have run Avast virus scan and the boot time scan, which both claim to have deleted the virus, but it reappears.

I have also run MBAM and even installed Microsoft Security Essentials, both returned 0 infection results.

Please help as I am pulling my hair out here!

Thanks

Paul
start your own topic in the virus and worms section.....where you attach the requested logs

follow this guide and attach (not copy and paste) Logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #16 on: June 24, 2012, 05:21:05 PM »
I am wondering whether this is a false positive, could you manually update the virus definitions and see if it still occurs

dallasa

  • Guest
Re: JS:Banker-IC help
« Reply #17 on: June 24, 2012, 09:02:35 PM »
Kaspersky came up with nothing. All of my virus definitions are up to date so I can't manually update... I'll try uninstalling and reinstalling Avast in a bit and see what happens.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #18 on: June 24, 2012, 09:15:24 PM »
OK this is really weird as I am not seeing anything that would cause this

farmski

  • Guest
Re: JS:Banker-IC help
« Reply #19 on: June 24, 2012, 09:23:11 PM »
I keep getting this "JS:Banker-IC [Trj]" thing come up too.. ive already run sophos antirootkit aswell as spybot/adaware and pc-matic, before seeing this entry... none of the above came up with anything...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #20 on: June 24, 2012, 09:27:26 PM »
I do not believe it to be a false positive now as I am getting no indication of this on either XP or 7

Is it on any specific page or any specific browser

dallasa

  • Guest
Re: JS:Banker-IC help
« Reply #21 on: June 24, 2012, 10:48:53 PM »
Still getting the warnings after reinstalling. It isn't on any specific browser, both Firefox and Chrome bring up the warnings. The objects I've seen that bring up the warning are anything that requires a connection to the net (Firefox, Chrome, Skype, wpad.dat, avast.setup, etc.)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #22 on: June 24, 2012, 10:51:15 PM »
Do you connect via a router ?  And do any other computers using it experience the same problem

dallasa

  • Guest
Re: JS:Banker-IC help
« Reply #23 on: June 24, 2012, 10:52:45 PM »
Yes I do. And I don't have access to the other computers right now, so I don't know.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #24 on: June 24, 2012, 11:55:09 PM »
I t may well be worth resetting the Router

Do you know how to do that ?

What is the router model

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: JS:Banker-IC help
« Reply #25 on: June 25, 2012, 01:03:46 AM »
I am wondering whether this is a false positive, could you manually update the virus definitions and see if it still occurs

I'm thinking the same thing, see http://forum.avast.com/index.php?topic=100088.msg799230#msg799230, my reply to a new topic started by pevans8180 in response to request by Pondus.

I have submitted it to avast for analysis.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gpearson

  • Guest
Re: JS:Banker-IC help
« Reply #26 on: June 25, 2012, 01:06:07 AM »
I recall that that this started happening right after Avast did an automatic virus definition update. I don't have anything else does auto updates on my PC & I hadn't been doing anything out of the ordinary so... I wonder, could this be Avast itself that is corrupted?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: JS:Banker-IC help
« Reply #27 on: June 25, 2012, 01:19:51 AM »
Not corrupt as such, but a virus definitions update could have modified a signature that now detects a file as infected by JS:Banker-IC.

However, yours is slightly different different to this and the other topic as this was on a website file but same JS:Banker-IC signature, an update of this could have implications across many files.

Yours however, refers to a script
Quote from: gpearson
A script started by c:\...\AvastUI.exe
JS:Banker-IC[Trj]
Process: c:\Program Files\...\AvastUI.exe

Normally I would say that you should submit the file detected to avast for further analysis, but I don't see how you can send a script as there is no reference to the script, just the file starting it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dallasa

  • Guest
Re: JS:Banker-IC help
« Reply #28 on: June 25, 2012, 03:43:34 AM »
Not corrupt as such, but a virus definitions update could have modified a signature that now detects a file as infected by JS:Banker-IC.

However, yours is slightly different different to this and the other topic as this was on a website file but same JS:Banker-IC signature, an update of this could have implications across many files.

Yours however, refers to a script
Quote from: gpearson
A script started by c:\...\AvastUI.exe
JS:Banker-IC[Trj]
Process: c:\Program Files\...\AvastUI.exe

Normally I would say that you should submit the file detected to avast for further analysis, but I don't see how you can send a script as there is no reference to the script, just the file starting it.

I should have been more clear earlier, but the same thing (getting a warning for a script) is also what's happening to me most of the time, with the .exe's (of Firefox, Avast, etc.) being the objects that start the script. The only warnings that aren't associated with a script seem to be for wpad.dat.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: JS:Banker-IC help
« Reply #29 on: June 25, 2012, 01:56:11 PM »
OK, that is what I have sent off for analysis, but that doesn't mean its the same file or site, just the one I investigated from the other topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security