PSW.Banker3.SXK

Discussion in 'Malware Help (A Specialist Will Reply)' started by Hanoihancock, Aug 12, 2007.

  1. Hanoihancock

    Hanoihancock Private E-2

    My AVG recently caught the PSW.Banker3.SXK trojan horse. A short spate of other malware followed including Agent.EYS. I haven't experienced any hijacking of browser windows or system slowness, but I am no longer able to use the Windows Update website. When attempting to select 'Custom Updates' from the Windows Update site, I get Error number: 0x80248008.

    I've followed all the Malware removal steps recommended. None of the scans turned up anything. Hopefully you will be able to determine if my PC is still infected, and why it might be prevented from updating. I'm attaching all the requested logs. Note, I wasn't able to save a current Panda ActiveScan log because nothing turned up after running Major Geeks recommended Malware removal tools.

    Counter Spy, BitDefender, and RunKeys logs will be attached to this message. ShowNewFiles is to follow...

    Thanks!

    Hanoihancock
     

    Attached Files:

    Hanoihancock, Aug 12, 2007
    #1
  2. Hanoihancock

    Hanoihancock Private E-2

    ShowNewFiles and HiJackThis logs...

    Hanoihancock
     

    Attached Files:

    Hanoihancock, Aug 12, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You appear to have not done step 2 of the READ ME (at least not properly).

    Also you did not install and rename HijackThis as required and as requested in step 7.

    However that being said, your logs do not show any problems. Where exactly did AVG find the problem? Do you have a log? It is possible it removed whatever problems you had.

    There are many reasons why Windows Update can stop working. Sometime malware can be the root cause but many times it is not. It is typically best to work Windows Update problems in the Software Forum since most fixes have nothing to due with malware removal steps.

    I do recommend that you uninstall the CounterSpy trial now since we are finished with it.
     
    chaslang, Aug 12, 2007
    #3
  4. Hanoihancock

    Hanoihancock Private E-2

    Chaslang,

    The original infections were in the Program Files folder. I immediately zapped the directories in question. The Programs were ConvertXtoDVD and WINRAR.

    I'm starting to think AVG saved me right off the bat. It's just weird that the Windows Update site started malfunctioning at the same time. I'm going to devote some more time to troubleshooting the Windows Update issue as if it were not related to the PSW.Banker3 trojan.

    I'll post my findings...


    Hanoihancock
     
    Hanoihancock, Aug 13, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Were they legitimate licensed copies or crack/keygen versions?
     
    chaslang, Aug 13, 2007
    #5
  6. Hanoihancock

    Hanoihancock Private E-2

    Ahem...

    Do I sense a "what you reap is what you sew" coming? Or is there a different method of troubleshooting the latter?


    Hanoihancock
     
    Hanoihancock, Aug 13, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well yes this is true and since you did not answer I have to wonder.

    Yes this is true too.
     
    chaslang, Aug 13, 2007
    #7
  8. Hanoihancock

    Hanoihancock Private E-2

    Chaslang,

    When attempting to get windows updates through the MicrosoftUpdate site, I was not prompted to trust ActiveX controls and received Error #0x80428008 for which there was little support on the Windows site.

    http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

    However, I WAS prompted to trust ActiveX controls and WAS able to get Windows updates from the WindowsUpdateCatalog site!

    http://v4.windowsupdate.microsoft.com/catalog/en/default.asp?allowv4cat=true

    Since updating through the second link, I've been able to update through the first link. I'll post this jury rig on a more appropriate forum.

    Thanks for your patience!


    Hanoihancock
     
    Hanoihancock, Aug 13, 2007
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    2. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    3. After doing the above, you should work thru the below link:
     
    chaslang, Aug 13, 2007
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds