Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Banker.TX
- Thread starter micker377
- Start date
Download hijack this from the link below.Please do this. Click here:
to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
Do a few scans here!
* Download the trial version of Ewido Security Suite here
* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.
download cleanup
* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET
* Click here for info on how to boot to safe mode if you don't already know
how.
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:
* Run Ewido:
* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
* Run Cleanup:
* Click on the "Cleanup" button and let it run.
* Once its done, close the program.
reboot to normal mode and run a few online scans!
Run an online antivirus check from
choose extended database for the scan!
Run ActiveScan online virus scan here
When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!
post another hijack this log, the ewido and active scan logs
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
Do a few scans here!
* Download the trial version of Ewido Security Suite here
* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.
download cleanup
* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET
* Click here for info on how to boot to safe mode if you don't already know
how.
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:
* Run Ewido:
* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
* Run Cleanup:
* Click on the "Cleanup" button and let it run.
* Once its done, close the program.
reboot to normal mode and run a few online scans!
Run an online antivirus check from
choose extended database for the scan!
Run ActiveScan online virus scan here
When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!
post another hijack this log, the ewido and active scan logs
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
- Thread starter
- #4
- Thread starter
- #7
- Thread starter
- #9
Windows Search probably won't find it because it won't use that as the filename. Here is some cross-reference information
Did one of the online scanners from FAQ760-3862 turn up anything?
Steve
Did one of the online scanners from FAQ760-3862 turn up anything?
Steve
try this. It looks like a false pos but you could try running spysweeper!
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
* Click the Free Trial link under "Downloads/SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
* Click the Free Trial link under "Downloads/SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
- Thread starter
- #12
So much for SpySweeper. I d/l it (5+megs), installed it, and was told that it had expired! Uninstalled it. Went to respond (as I'm doing now), and got "404"'s on all sites. Thank God for System Restore. I haven't had time to check the other online sites yet. However, "banker" hasn't shown up in a day and a half. Maybe "Defender" finally got rid of it.
Further to this, I am getting this "Banker.TX" password stealer (referred to by Windows Defender). There is no sign of any file on my system with Banker in its name, nor does the Registry reference given by WD contain any such thing.
The registry reference was HKLM\Software\Microsft\WindowsNT\CurrentVersion\Winlogon\\Shell
This contains the value "explorer.exe", so I don't know how/where WD is finding Banker.TX...maybe the program just wants to "appear" to be doing something useful?
The registry reference was HKLM\Software\Microsft\WindowsNT\CurrentVersion\Winlogon\\Shell
This contains the value "explorer.exe", so I don't know how/where WD is finding Banker.TX...maybe the program just wants to "appear" to be doing something useful?
- Thread starter
- #14
- Status