Author Topic: JS:Banker-IC help (Read 41038 times)

dallasa · « **Reply #60 on:** July 02, 2012, 02:46:42 AM »

Here is the log of that scan. And yeah, moving the file to the chest doesn't seem to help much. I ran a full boot-time scan a few days ago, which detected wpad.dat and moved it to the chest, but the warnings continue.

Mephitidae · « **Reply #61 on:** July 02, 2012, 03:46:47 AM »

ive found it, complete with url from which its downloaded, in the registry... dunno if deleting those keys would be a good idea or not tho...

---

addendum

well... i finally got rid of it but.... um... id rather tell essexboy how i did it so he could translate my 'slide in sideways' approach to this thing to something everyone could do... so... yeah.... essex... when you get back online drop me an email or pm... (pref email cos i cant send pm over this forum for some reason)

mchain · « **Reply #62 on:** July 02, 2012, 05:35:04 AM »

Quote from: Mephitidae on July 02, 2012, 03:46:47 AM

ive found it, complete with url from which its downloaded, in the registry... dunno if deleting those keys would be a good idea or not tho...

Hi Mephitidae,

Perhaps a better idea would be to post the registry lines here so essexboy can have a look for it. We are all numpties when something new like this comes along... best to wait on these registry references....

...Once you have 20 or more posts here, then you can pm....

Mephitidae · « **Reply #63 on:** July 02, 2012, 06:10:07 AM »

well... thats just it... i had a mindset of 'im just going to reinstall anyway so what the heck' when i did what i did so i didnt care if i broke things... fortunately i didnt and fixed it instead... i didnt keep a record of the registry lines... but they may be in the backup data... ...registry tricks arent what solved it tho and thats where the slide in sideways part comes in...

DavidR · « **Reply #64 on:** July 02, 2012, 02:07:17 PM »

Having gone this far it would best followed through, that way it would have helped you, but importantly give essexboy information to help others in this position.

I think he feels like I do a reformat and reinstall (nuclear option) is one of last resort.

Mephitidae · « **Reply #65 on:** July 02, 2012, 04:32:54 PM »

false alarm.... didnt get rid of it.... only blocked it for a single reboot and then it came back.... even tho there is nothing in the registry that references the url its downloaded from....

-- edit

i cant change the homepage IE is set to either... so something is most likely hidden in gpedit.msc .... yay...

--edit again

something is rewriting it ... its being stored in HKU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections among other places... ... mentions a malformed url http://wpad/wpad.dat ...

Bluemeanie · « **Reply #66 on:** July 02, 2012, 06:02:28 PM »

This may or may not be related, but I remembered reading something earlier where they talked about Wpad.
http://www.wilderssecurity.com/showthread.php?t=327034

essexboy · « **Reply #67 on:** July 02, 2012, 06:15:14 PM »

I believe that I have found the common denominator now... Took some reading but fingers crossed

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net.ms

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Mephitidae · « **Reply #68 on:** July 02, 2012, 07:52:21 PM »

that caused a hard freeze when it wanted to reboot but i reset the machine and it continued...

heres the log file....

oddest part about this log is that opera java and flash were uninstalled quite some time ago..

--edit

didnt clean the virus out either... it still re-downloaded

essexboy · « **Reply #69 on:** July 02, 2012, 07:55:37 PM »

Have the alerts ceased ? Also could you run a quick scan so that I can check the TCPIP

essexboy · « **Reply #70 on:** July 02, 2012, 07:57:07 PM »

OK just seen that could you run this MSFixit prior to the OTL scan please http://support.microsoft.com/kb/299357

Mephitidae · « **Reply #71 on:** July 02, 2012, 08:13:28 PM »

heres the resetlog.txt from the KB article.... the OTL quick scan is taking quite a while... will post that when its done...

essexboy · « **Reply #72 on:** July 02, 2012, 08:37:56 PM »

The fixit replaced some bad values... This has shown that I need to learn more about networking

Mephitidae · « **Reply #73 on:** July 02, 2012, 08:40:52 PM »

OTL quickscan is stuck.... its used about 600+mb of ram which on my system (256mb) goes into the page file.... its just sitting there thrashing the hdd while doing nothing...

suggestions?

essexboy · « **Reply #74 on:** July 02, 2012, 08:43:46 PM »

Aye stop it reboot the system and just run a quick scan

Author Topic: JS:Banker-IC help (Read 41038 times)

dallasa

Re: JS:Banker-IC help

Mephitidae

Re: JS:Banker-IC help

mchain

Re: JS:Banker-IC help

Mephitidae

Re: JS:Banker-IC help

DavidR

Re: JS:Banker-IC help

Mephitidae

Re: JS:Banker-IC help

Bluemeanie

Re: JS:Banker-IC help

essexboy

Re: JS:Banker-IC help

Mephitidae

Re: JS:Banker-IC help

essexboy

Re: JS:Banker-IC help

essexboy

Re: JS:Banker-IC help

Mephitidae

Re: JS:Banker-IC help

essexboy

Re: JS:Banker-IC help

Mephitidae

Re: JS:Banker-IC help

essexboy

Re: JS:Banker-IC help