Author Topic: Win32:Banker-BHS [Trj] - HELP  (Read 2365 times)

0 Members and 1 Guest are viewing this topic.

nrv

  • Guest
Win32:Banker-BHS [Trj] - HELP
« on: December 17, 2006, 05:19:01 PM »
Avast has discovered the Win32:Banker-BHS [Trj] on my computer and it is affecting my system badly.
Avast scans find it but doesn't remove it.
The Avast  scan tells me errors occurred during trying to either moving it to the chest or deleting this trojan.
Can someone please help me get this virus out of my computer?

I have run Avast boot scan too but it didn't help.
Thank you

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86670
  • No support PMs thanks
Re: Win32:Banker-BHS [Trj] - HELP
« Reply #1 on: December 17, 2006, 05:28:31 PM »
What Operating System are you using ? is it up to date ?
What avast! version and VPS file (virus database) number, e.g. 0630-2 (see about avast!) ?
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

What is your firewall ?

It may be that there are other elements that are restoring/downloading the file.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

nrv

  • Guest
Re: Win32:Banker-BHS [Trj] - HELP
« Reply #2 on: December 17, 2006, 05:56:47 PM »
I am using WindowsXp Pro with all recent windows updates available..
the Avast is 4.7 Home edition and file version is: 0659-1
Avast provides for the infected file name as:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E
Zone Alarm is the firewall
I'll download the recommended avg..

Thank you..

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86670
  • No support PMs thanks
Re: Win32:Banker-BHS [Trj] - HELP
« Reply #3 on: December 17, 2006, 06:09:50 PM »
OK the c:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.

Win XP - How to disable System Restore

Quote
Avast has discovered the Win32:Banker-BHS [Trj] on my computer and it is affecting my system badly.
Other than the system volume information issue is there anything else that you say is effecting your system badly ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

nrv

  • Guest
Re: Win32:Banker-BHS [Trj] - HELP
« Reply #4 on: December 17, 2006, 06:23:02 PM »
David,
 Thank you very much.
I'll proceed with this process and return here if other problems become obvious.
Thank you, again, for this help.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86670
  • No support PMs thanks
Re: Win32:Banker-BHS [Trj] - HELP
« Reply #5 on: December 17, 2006, 07:10:19 PM »
Your welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

nrv

  • Guest
Re: Win32:Banker-BHS [Trj] - HELP
« Reply #6 on: December 17, 2006, 09:40:16 PM »
David,
 Following your directions it worked perfectly.
The scan after disabling the system restore and the reboots revealed the trojan was gone.
I've reenabled the system restore and hope tomorrow's scan will continue showing a clean slate.
Thank you so much.