Author Topic: Need help with Trojan Banker - Please!!  (Read 13540 times)

0 Members and 1 Guest are viewing this topic.

zinck

  • Guest
Need help with Trojan Banker - Please!!
« on: April 12, 2011, 05:06:16 PM »
A few days ago I opened an email from a friend.  It said click to open pictures but then I led me to an .exe file.  Avast said I had the virus JS:Banker-l [Trj]

Today when I went to access my online bank I found out that this virus has changed that.  Now I'm afraid they will get my bank information.  But I changed my password there with my laptop.

Today Avast caught another virus:  Win32:Trojan-gen

Avast knows the problems are there but somehow cannot remove them.

Today I tried System Restore to a point before this all started but that did not help either.

I feel stupid for having clicked on that link but it said it was a jpg file.  It took me by surprise.  Now it looks like I will have to reformat my machine.

Does anyone know how to remove this virus manually?  Or is that impossible?

Thank you,
Larry

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37605
  • Not a avast user
Re: Need help with Trojan Banker - Please!!
« Reply #1 on: April 12, 2011, 05:19:49 PM »
check your computer for malware with this

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update before you scan so you have the latest database
click on the remove selected button to quarantine anything found

post the scan log here

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #2 on: April 12, 2011, 07:39:26 PM »
Thank you Pondus for the reply.

I will post the log below.  It shows NO infections.  However while scanning with Malewarebytes, AVAST added four more items to my Virus Chest.  The original location was in C\System Volume Information\_restore
The names are A0016534.exe; A0017160.exe; A0017161.exe; A0017162.exe

So I know I have a problem even though Malewarebytes did not fix it.
I just tried to access my Itau Bank account and again it is not working correctly, the virus is still active.

So I do not know what can be done to fix this problem.  Thank you again for helping me!!!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6341

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/04/2011 14:30:28
mbam-log-2011-04-12 (14-30-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 362827
Time elapsed: 3 hour(s), 14 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37605
  • Not a avast user
Re: Need help with Trojan Banker - Please!!
« Reply #3 on: April 12, 2011, 07:59:44 PM »
Quote
C\System Volume Information\_restore
delete your restore points then do a new scan with avast

Turn off system restore, reboot and turn it on again
http://www.bleepingcomputer.com/tutorials/tutorial56.html

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37605
  • Not a avast user
Re: Need help with Trojan Banker - Please!!
« Reply #4 on: April 12, 2011, 08:05:39 PM »
when you have done the above, you can have Essexboy check if he can see anything wrong

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the log here in this topic and not in the guide )


To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log )

Essexboy will look at the logs when he arrive here...

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #5 on: April 12, 2011, 08:24:49 PM »
I will have to reply later.  I have to leave now.  Thank you!!! :) :)

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #6 on: April 13, 2011, 01:52:35 PM »
I just ran the Avast full system scan and it says NO threat.  I cannot see any way to send you the log.

Now I just went to my bank site and it appears to be okay.  But how did it get fixed?  Nothing showed fixing a virus or removing a trojan.  I am confused.

Probzzie

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #7 on: April 13, 2011, 02:05:05 PM »
Well while Malware Bytes was running you did say Avast! found 4 items correct?
One of those four items could have been your problem, and it seems that when malware bytes was running Avast! scanned along with it and found four infections.
« Last Edit: April 13, 2011, 02:08:34 PM by -BigBear- »

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #8 on: April 13, 2011, 02:53:57 PM »
Quote
Well while Malware Bytes was running you did say Avast! found 4 items correct?
One of those four items could have been your problem, and it seems that when malware bytes was running Avast! scanned along with it and found four infections.

Yes, but yesterday after AVAST found those four items I was still having trouble with the bank site.  Yet when I tried it today it APPEARS to be okay.  I'm still a little bit afraid of it. 
When the bank site works normally my name appears on the screen after I type in my account number.  With the virus my name had stopped appearing.  Today when I put in my account number my name came up like old times.

I just ran the OTS program that essexboy suggests running in his 2010 post on cleaning malware.

I will attempt to attach the log to this reply.

I want to thank everyone who has joined in to help me with this.  I'm am very grateful!! :) :)

Glad to have found this board and appreciate the friendly spirit!  :) :)

Well I am unable to attach the OTS log as it is 491kb.  So now what?

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #9 on: April 13, 2011, 05:29:56 PM »
I divided the OTS log into 4 documents to see if I can send them here.

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #10 on: April 13, 2011, 05:34:51 PM »
Here is the second part.  I had to divide it even smaller.

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #11 on: April 13, 2011, 05:36:11 PM »
Third part of OTS log.

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #12 on: April 13, 2011, 05:36:55 PM »
Fourth part of OTS log.

zinck

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #13 on: April 13, 2011, 05:37:38 PM »
Fifth and final part of OTS log.

spg SCOTT

  • Guest
Re: Need help with Trojan Banker - Please!!
« Reply #14 on: April 13, 2011, 05:43:00 PM »
Hi zinck,

I don't read these logs, but for the one that does... ;)

It seems as though the log is saved as unicode, which jumbles up the text. It needs to be saved in ANSI
Image here: http://forum.avast.com/index.php?topic=65104.msg554427#msg554427

I think this should also bring the filesize down...

Scott