JS:Banker-D

[DavidR]

Did it!
:- )

It is still there in the post where you quoted essexboy's fix, in Reply #10 (http://forum.avast.com/index.php?topic=70760.msg593483#msg593483). Although the quoted text is his, it is in your post so you can also modify that and change the http to hxxp.

Or are you talking about the cleanup of OTL ?
If so you also have to modify your post to prevent accidental exposure to a malicious site.

[pablomaz]

Did it!
:- )

It is still there in the post where you quoted essexboy's fix, in Reply #10 (http://forum.avast.com/index.php?topic=70760.msg593483#msg593483). Although the quoted text is his, it is in your post so you can also modify that and change the http to hxxp.

Or are you talking about the cleanup of OTL ?
If so you also have to modify your post to prevent accidental exposure to a malicious site.

I'm sorry David, I missed that one... I think it's ok now.
Thank you, my friends!

[pablomaz]

Internet Settings: "AutoConfigURL" = hxxp://www.windows72.net/0xf04.pac

It was autoconfiguring all urls to be routed via this site.  Unfortunately no malware removal tools check this area as there are too many variables

Run OTL and hit the cleanup button now 

Oh, I get it... Very clever. 
Thanks, man!

[SlaineMacRoth]

I believe I've found the answer to this one. Its a registry setting located at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
There should be a key named AutoConfigURL which points to a text file located on your PC. Mine was named KB_Beast.txt (Beast being the name of my PC). This text file had loads of banking sites, hotmail, Gmail, Paypal sites listed. I deleted the value for the AutoConfigRL key and havent had any warnings since. On the plus side it seems Avast has been blocking this script from running. I hope this helps in your case as well.

Regards

[Pondus]

@SlaineMacRoth    did you check the date on this topic ?

last post was feb 2011