Author Topic: ANOTHER JS:Banker-IC problem  (Read 13516 times)

0 Members and 1 Guest are viewing this topic.

farmski

  • Guest
ANOTHER JS:Banker-IC problem
« on: June 27, 2012, 08:56:21 PM »
Hi...

Seemingly same issue as the others...  Posting logs as they come through

Many thanks for all further assistance...



Malwarebytes

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Farmski 02 :: SCRATCHY-D [administrator]

Protection: Enabled

27/06/2012 19:46:44
mbam-log-2012-06-27 (19-46-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229699
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

farmski

  • Guest
Re: ANOTHER JS:Banker-IC problem
« Reply #1 on: June 27, 2012, 09:00:13 PM »
TDSSKiller Log


farmski

  • Guest
Re: ANOTHER JS:Banker-IC problem
« Reply #2 on: June 27, 2012, 09:33:38 PM »
Complete Internet Repair


farmski

  • Guest
Re: ANOTHER JS:Banker-IC problem
« Reply #3 on: June 27, 2012, 09:39:03 PM »
OLT

additional custom scan/fix

%SYSTEMDRIVE%\*.exe
/md5start
WSHELPER.*
services.exe
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /rs

farmski

  • Guest
Re: ANOTHER JS:Banker-IC problem
« Reply #4 on: June 27, 2012, 09:44:53 PM »
OTL attachment was too big to attach..

http://www16.zippyshare.com/v/77508892/file.html

farmski

  • Guest
Re: ANOTHER JS:Banker-IC problem
« Reply #5 on: June 27, 2012, 09:47:27 PM »
Is that all I need to give at this point or any logs that I am missing??

much appreciated thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: ANOTHER JS:Banker-IC problem
« Reply #6 on: June 27, 2012, 09:48:02 PM »
aswMBR log.  ;)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: ANOTHER JS:Banker-IC problem
« Reply #7 on: June 27, 2012, 09:52:16 PM »
Hi there as you may have noticed I have as of now been unable to discover the location of the miscreant for this..  So I am using all my analysis tools to try and find it..

You can use a different on, which is the next on my list

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    Do you want to skip supplementary searches?
    click NO
    [/list]
    • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
    • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
    • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
    *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: ANOTHER JS:Banker-IC problem
    « Reply #8 on: June 27, 2012, 10:02:16 PM »
    Once silent runners has completed then run this OTL fix

    Warning This fix is only relevant for this system and no other, using on another computer may cause problems

    Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following


      Quote
      :OTL
      IE - HKU\S-1-5-21-1166256793-323034234-1524400773-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108753&babsrc=SP_ss&mntrId=ec5198800000000000001c750837a9b4
      IE - HKU\S-1-5-21-1166256793-323034234-1524400773-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
      [2012/06/27 01:50:21 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Farmski 02\AppData\Roaming\Mozilla\Firefox\Profiles\iogx7ur9.default\extensions\crossriderapp435@crossrider.com
      [2012/02/05 21:30:50 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
      O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
      O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
      [2012/05/31 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService

      :Files
      ipconfig /flushdns /c
      C:\Windows\tasks\At*.job
      C:\Program Files (x86)\BabylonToolbar

      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [CREATERESTOREPOINT]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    farmski

    • Guest
    Re: ANOTHER JS:Banker-IC problem
    « Reply #9 on: June 27, 2012, 10:13:51 PM »
    hi..

    the silent runners saves as a text file?? just opens as text..

    is it supposed to be .bat or ???

    farmski

    • Guest
    Re: ANOTHER JS:Banker-IC problem
    « Reply #10 on: June 27, 2012, 10:19:19 PM »
    aswMBR

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: ANOTHER JS:Banker-IC problem
    « Reply #11 on: June 27, 2012, 10:45:22 PM »
    It will be a text file just attach it

    After you have run the OTL fix could you let me know if you still get the alerts

    farmski

    • Guest
    Re: ANOTHER JS:Banker-IC problem
    « Reply #12 on: June 28, 2012, 07:34:46 AM »
    silent runners

    http://www16.zippyshare.com/v/58762337/file.html

    dont understand how to run it tho.. no prompt to do anything?

    farmski

    • Guest
    Re: ANOTHER JS:Banker-IC problem
    « Reply #13 on: June 28, 2012, 08:25:30 AM »
    otl log 2

    farmski

    • Guest
    Re: ANOTHER JS:Banker-IC problem
    « Reply #14 on: June 28, 2012, 08:26:17 AM »
    otl log after custom fix