Author Topic: JS:Banker-IC help  (Read 39103 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: JS:Banker-IC help
« Reply #30 on: June 25, 2012, 03:10:40 PM »
I have received a reply in relation my submission for analysis, to the issue in the other topic (not considered an FP), http://forum.avast.com/index.php?topic=100088.msg799388#msg799388.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #31 on: June 25, 2012, 04:43:16 PM »
Hi I am trying this on some others now that Avast has given me a heads up on the possible source

  • Select Tools and then Internet Options.
  • Click the Connections tab.
  • If you are using a LAN, click the LAN Settings button. If you are using a Dial-up or Virtual Private Network connection, select the necessary connection and click the Settings button.
  • Make sure the 'automatically detect proxy settings' is checked
  • Make sure the 'use a proxy automatic configuration script' option is not checked
  • OK out .



dallasa

  • Guest
Re: JS:Banker-IC help
« Reply #32 on: June 25, 2012, 07:44:47 PM »
I'm assuming you meant to post the same OTL scan as you did in the other topic too?  ;) Here's the log, it didn't give me an Extras.txt though.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: JS:Banker-IC help
« Reply #33 on: June 25, 2012, 07:51:54 PM »
The extras.txt is only generated on the first run of OTL.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #34 on: June 25, 2012, 08:42:23 PM »
OK next step I will reset the reg setting for that area

Code: [Select]
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"WinHttpSettings"=hex:28,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00

Copy everything in the above code box to a notepad file
Save the file as HTTP.reg
In the drop down box select all files to save it as a reg file to your desktop



The icon will look like this


Right click the file and select merge
Accept the warnings
Start IE and see if the alerts are still present

dallasa

  • Guest
Re: JS:Banker-IC help
« Reply #35 on: June 25, 2012, 09:35:38 PM »
Done, and the alerts are still present.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #36 on: June 25, 2012, 09:38:22 PM »
OK back to the drawing board... I will find the solution to this

dallasa

  • Guest
Re: JS:Banker-IC help
« Reply #37 on: June 25, 2012, 10:02:21 PM »
Alrighty, I'll stay tuned. And thank you very much for all of your efforts so far, they are much appreciated!

gpearson

  • Guest
Re: JS:Banker-IC help
« Reply #38 on: June 26, 2012, 01:25:58 PM »
Hello,

I think Avast have fixed this issue, maybe in their latest virus definition updates. Problem was, if you already had the virus or whatever it was, the definitions couldn't update automatically because Avast itself was blocking the update when it detected the JS:Banker virus (falsely or otherwise). I basically just uninstalled Avast then downloaded the latest version & reinstalled. Everything appears to be normal again... at least so far!!

Geoff Pearson


gpearson

  • Guest
Re: JS:Banker-IC help
« Reply #39 on: June 26, 2012, 01:31:07 PM »
Amend my last post... the virus message is back! Time to try another anti-virus program perhaps!

Geoff Pearson

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88761
  • No support PMs thanks
Re: JS:Banker-IC help
« Reply #40 on: June 26, 2012, 01:36:57 PM »
Personally I would stick with the analysis process, given that the avast labs have confirmed the detection is good.

Switching AV may well see a cessation of the alert, but that is no guarantee that it wasn't good and may leave you vulnerable.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #41 on: June 26, 2012, 05:17:51 PM »
That is correct, I am currently doing some research to find out where this could be running from

Switching to another AV will remove the alerts no problem... But then you are wide open to a dns changer malware

gpearson

  • Guest
Re: JS:Banker-IC help
« Reply #42 on: June 29, 2012, 11:10:36 PM »
Avast still throwing up warnings about JS:Banker-IC Trojan.

I Googled it & found this removal tool...

http://www.uninstallvirus.net/remove-trojanproxyjsbanker-n-automatically-from-your-computer

Can anyone tell me if it is genuine?

Geoff Pearson

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JS:Banker-IC help
« Reply #43 on: June 30, 2012, 12:26:52 AM »
Hmm are you advertising this ?

@dallasa

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: [Select]
:regfind
wpad.net.ms
wpad.dat
85.214.17.43
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

dallasa

  • Guest
Re: JS:Banker-IC help
« Reply #44 on: June 30, 2012, 01:36:07 AM »
That removal tool sounds a bit sketchy, don't think I have the balls to try it yet  :P Here is the SystemLook log.