« previous next »
Pages: [1]   Go Down

Author Topic: VBS: Banker EA  (Read 2680 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
VBS: Banker EA
« on: February 05, 2016, 10:00:00 PM »
I have a virus that I detected through a full scan and then once it was over It told me to do a boot scan. And once it was done i did both another full scan and a scan of the folder in which it is located. The name of the location is:

C:\Windows\System32\config\SOFTWARE.LOG1

I also checked the folder to see what was in there an it showed

C:\Windows\System32\config\SOFTWARE.LOG2

However, it does not show LOG.1

Additionally, i tried moving it to chest and it was not able to do so as it is supposedly being used at the moment.

Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: VBS: Banker EA
« Reply #1 on: February 05, 2016, 10:26:15 PM »
Logged

REDACTED

  • Guest
Re: VBS: Banker EA
« Reply #2 on: February 05, 2016, 11:01:57 PM »
Ok here they are
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: VBS: Banker EA
« Reply #3 on: February 05, 2016, 11:06:06 PM »
Could you let me know if this cures it :)

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
2016-02-04 16:28 - 2015-11-29 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-02-01 15:13 - 2015-11-29 20:23 - 00000000 ____D C:\Users\Angel Garcia\AppData\Roaming\Comodo
2016-02-01 15:13 - 2015-11-29 20:23 - 00000000 ____D C:\Users\Angel Garcia\AppData\Local\Comodo
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
Logged

REDACTED

  • Guest
Re: VBS: Banker EA
« Reply #4 on: February 05, 2016, 11:59:48 PM »
I did a full scan and a scan of the folder so far nothing.
Logged

REDACTED

  • Guest
Re: VBS: Banker EA
« Reply #5 on: February 06, 2016, 12:17:21 AM »
Spoke to soon now it is detecting

C:\Windows\System32\config\SOFTWARE.LOG2
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: VBS: Banker EA
« Reply #6 on: February 06, 2016, 12:13:21 PM »
Does this only get detected on a full scan ?
Logged
Pages: [1]   Go Up
« previous next »