Author Topic: ANOTHER JS:Banker-IC problem (Read 13583 times)

farmski · « **Reply #15 on:** June 28, 2012, 08:32:38 AM »

still betting all the same alerts tho...

essexboy · « **Reply #16 on:** June 28, 2012, 07:41:05 PM »

Quote

Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will receive a prompt:
Do you want to skip supplementary searches?
click NO[/list]

If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)

Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

farmski · « **Reply #17 on:** June 29, 2012, 02:17:10 PM »

Ah.. had to amend the file as the it saved as .txt not .vbs...

essexboy · « **Reply #18 on:** June 29, 2012, 02:52:34 PM »

Bear with me I am awaiting the result on another thread with a similar problem

farmski · « **Reply #19 on:** June 29, 2012, 03:10:11 PM »

Absolutely no worries.. Thanks for all your effort, appreciated

essexboy · « **Reply #20 on:** June 29, 2012, 04:19:24 PM »

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:regfind
wpad.net.ms
wpad.dat
85.214.17.43

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

farmski · « **Reply #21 on:** June 29, 2012, 05:37:31 PM »

HI Thanks

SystemLook 30.07.11 by jpshortstuff
Log created at 16:36 on 29/06/2012 by Farmski 02
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "wpad.net.ms"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"LastDetectUrl"="http://wpad.net.ms/wpad.dat"
[HKEY_USERS\S-1-5-21-1166256793-323034234-1524400773-1001\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"LastDetectUrl"="http://wpad.net.ms/wpad.dat"

Searching for "wpad.dat"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"LastDetectUrl"="http://wpad.net.ms/wpad.dat"
[HKEY_USERS\S-1-5-21-1166256793-323034234-1524400773-1001\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"LastDetectUrl"="http://wpad.net.ms/wpad.dat"

Searching for "85.214.17.43"
No data found.

-= EOF =-

essexboy · « **Reply #22 on:** June 29, 2012, 07:30:32 PM »

Could you let me know if the alerts cease

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
[-HKEY_USERS\S-1-5-21-1166256793-323034234-1524400773-1001\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

gpearson · « **Reply #23 on:** June 29, 2012, 11:22:23 PM »

I Googled JS:Banker-IC & came up with this URL that supposedly offers a fix...

http://www.uninstallvirus.net/remove-trojanproxyjsbanker-n-automatically-from-your-computer

Question is... is it genuine?

Geoff Pearson

essexboy · « **Reply #24 on:** June 30, 2012, 12:23:53 AM »

Yes(ish) but I wouldn't use it

farmski · « **Reply #25 on:** July 01, 2012, 12:16:58 PM »

otl log as requested..

essexboy · « **Reply #26 on:** July 01, 2012, 12:33:34 PM »

Are the alerts still present

farmski · « **Reply #27 on:** July 01, 2012, 02:36:02 PM »

yes, still getting them. thanks for all your effort

essexboy · « **Reply #28 on:** July 01, 2012, 05:13:21 PM »

OK back to the drawing board .. I thought I was on a winner there

farmski · « **Reply #29 on:** July 01, 2012, 06:02:33 PM »

just seems strange that no other scans seem to find anything..

Author Topic: ANOTHER JS:Banker-IC problem (Read 13583 times)

farmski

Re: ANOTHER JS:Banker-IC problem

essexboy

Re: ANOTHER JS:Banker-IC problem

farmski

Re: ANOTHER JS:Banker-IC problem

essexboy

Re: ANOTHER JS:Banker-IC problem

farmski

Re: ANOTHER JS:Banker-IC problem

essexboy

Re: ANOTHER JS:Banker-IC problem

farmski

Re: ANOTHER JS:Banker-IC problem

essexboy

Re: ANOTHER JS:Banker-IC problem

gpearson

Re: ANOTHER JS:Banker-IC problem

essexboy

Re: ANOTHER JS:Banker-IC problem

farmski

Re: ANOTHER JS:Banker-IC problem

essexboy

Re: ANOTHER JS:Banker-IC problem

farmski

Re: ANOTHER JS:Banker-IC problem

essexboy

Re: ANOTHER JS:Banker-IC problem

farmski

Re: ANOTHER JS:Banker-IC problem