JS:Banker-IC help

[DavidR]

I have received a reply in relation my submission for analysis, to the issue in the other topic (not considered an FP), http://forum.avast.com/index.php?topic=100088.msg799388#msg799388.

[essexboy]

Hi I am trying this on some others now that Avast has given me a heads up on the possible source

• Select Tools and then Internet Options.
• Click the Connections tab.
• If you are using a LAN, click the LAN Settings button. If you are using a Dial-up or Virtual Private Network connection, select the necessary connection and click the Settings button.
• Make sure the 'automatically detect proxy settings' is checked
• Make sure the 'use a proxy automatic configuration script' option is not checked
• OK out .

[dallasa]

I'm assuming you meant to post the same OTL scan as you did in the other topic too?  Here's the log, it didn't give me an Extras.txt though.

[DavidR]

The extras.txt is only generated on the first run of OTL.

[essexboy]

OK next step I will reset the reg setting for that area

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"WinHttpSettings"=hex:28,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00
Copy everything in the above code box to a notepad file
Save the file as HTTP.reg
In the drop down box select all files to save it as a reg file to your desktop



The icon will look like this


Right click the file and select merge
Accept the warnings
Start IE and see if the alerts are still present

[dallasa]

Done, and the alerts are still present.

[essexboy]

OK back to the drawing board... I will find the solution to this

[dallasa]

Alrighty, I'll stay tuned. And thank you very much for all of your efforts so far, they are much appreciated!

[gpearson]

Hello,

I think Avast have fixed this issue, maybe in their latest virus definition updates. Problem was, if you already had the virus or whatever it was, the definitions couldn't update automatically because Avast itself was blocking the update when it detected the JS:Banker virus (falsely or otherwise). I basically just uninstalled Avast then downloaded the latest version & reinstalled. Everything appears to be normal again... at least so far!!

Geoff Pearson

[gpearson]

Amend my last post... the virus message is back! Time to try another anti-virus program perhaps!

Geoff Pearson

[DavidR]

Personally I would stick with the analysis process, given that the avast labs have confirmed the detection is good.

Switching AV may well see a cessation of the alert, but that is no guarantee that it wasn't good and may leave you vulnerable.

[essexboy]

That is correct, I am currently doing some research to find out where this could be running from

Switching to another AV will remove the alerts no problem... But then you are wide open to a dns changer malware

[gpearson]

Avast still throwing up warnings about JS:Banker-IC Trojan.

I Googled it & found this removal tool...

http://www.uninstallvirus.net/remove-trojanproxyjsbanker-n-automatically-from-your-computer

Can anyone tell me if it is genuine?

Geoff Pearson

[essexboy]

Hmm are you advertising this ?

@dallasa

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

Code: [Select]

:regfind
wpad.net.ms
wpad.dat
85.214.17.43

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[dallasa]

That removal tool sounds a bit sketchy, don't think I have the balls to try it yet  Here is the SystemLook log.