Banker3 trojan??

philstar

Just this morning when i was browsing the web, i gotta message from my AV program saying virus detected, in fact i got it several times.

It turn out to be a trojan horse..PSW.Banker3.NRY

Tried to get some info on it, but could'nt find anything...has anyone come across this pest before??:(

Thx Phil.

Hal1

Do a scan using trend micro from their webby and run spybot too if you have it. Those 2 are good at finding trojans / malware etc.

ActorSeeksJob

Do this

Please download the self-extracting version of HijackThis from here:

HijackThis_sfx download

Save HijackThis_sfx to your desktop.

Double-click the file then click the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

Open HijackThis and click Do a system scan and save a log file. Copy the entire contents of that log and post it here

scojones

If you paste the log into hijackthis.de it will let you know which files are safe to remove.

ActorSeeksJob

To be honest you shouldn't use hijackthis.de. It's not that good, and misses a lot of bad stuff and other important things that only a person can spot.

It also doesn't help you delete the files, fix malware in the NT services, or tell you which tools you need to use to clean your PC.

Also if the user uses hijackthis.de and has HJT in a temp folder, which a lot of people have it in, and if he makes a mistake then he wont be able to restore his backups.

Sorry to say but hijackthis.de and other programs like it are just a bad idea.

philstar

well i did a scan with AVG and the virus is healed.

So i just wanted to know have you come across Banker3 before, as i was told it could be a password tracker.

ActorSeeksJob

Have not come across it before, but since it's a password stealer you should change all the passwords for sites from a different pc. Also if you use it for online banking you might want to get in touch with your bank.

scojones

ActorSeeksJob wrote:

To be honest you shouldn't use hijackthis.de. It's not that good, and misses a lot of bad stuff and other important things that only a person can spot.

It also doesn't help you delete the files, fix malware in the NT services, or tell you which tools you need to use to clean your PC.

Also if the user uses hijackthis.de and has HJT in a temp folder, which a lot of people have it in, and if he makes a mistake then he wont be able to restore his backups.

Sorry to say but hijackthis.de and other programs like it are just a bad idea.

Do you use any sort of tool for interpreting the logs?

ActorSeeksJob

no tools, just use websites like CastleCops and BleepingComputers for checking a lot of entries.

scojones

BleepingComputers is proving to be an invaluable tool.

ActorSeeksJob

I'll post some links if you ever want to try analyse your own log. Although even if you find infections, there's usually a lot more than just fixing them with HijackThis to do.

The main site I use is
http://aumha.org/a/hjttutor.php
That also links you to the main sites when you need to find out about 02/04 entries etc

This site is considered the "HijackThis Bible"
http://www.bleepingcomputer.com/tutorials/tutorial42.html

I have more sites for dealing with infections like WareOut, or Registry tutorials when a reg fix is needed, and more stuff like that. But the two above sites are the best.