Trogen HorsePSW Banker Q.........

Hi, Does anyone know anything about this as I surf safely. Computer clean now with the good help of your"stickeys" Quarentied and deleted. As I do some banking on the net. I would like to know where and how this comes in.
Specs.Wins XP2 Home Ed. IE6, AVG Free Virus Scanner, Zone Alarm Firewall, SpywareGuard, On Guard, Weekly maintainance and cleaning schedule, with CCleaner, Adware, Spybot, 2mthly schedule with, Defrag, RegSeeker, Checkdsk. All program versions and definitions up to date. Thank You very much.

Boneyeye

 

Hi Chaslang,
TY for answering. Did as you advised. Avg picked it up and quarentined it . Then I deleted it. Please bear with me as I am a Senior Citizen and we do have our senior moments. 3logs requested enclosed . I hope. Boneyeye

 

Hi Chaslang,
I have done my genuine best in all this, so please be patient with me.
Online scans were in normel boot mode. Could not connect to net. in "safe mode". I have"Dial Up". I could not remove the 1spyware in Panda unless I pay a fee, Which I can ill afford , being an OAP. TY For your patience. Hope the logs are ok.
Boneyeye

 

Sorry failed in previous post

 

and these. There has been No trace of any PSWBanker unless it is hidden somewhere, and I cannot recognise it.
Boneyeye

 

Hi, 2By the way, I have uninstalled Java5 and installed Java 6, since posting the files. I can send you screenshot of it, if you require same.
B.

 

Download
- Pocket Killbox
- ExplorerXP

You are using MsConfig to prevent several items from loading at Windows start. MsConfig is a diagnostic tool, and not intended to be used in the manner you are using MsConfig.

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post the following logs:
1. ShowNew
2. GetRunKey
3. HijackThis

 

Hi Shadow Puter Dude,
TY for replying I have the 3Keys copied to Notepad and will continue with same after you answer this for me. Ialways like to show file extensions as it has learned and helped me to remember file pathways. Please let me know if this is wrong or rightI gather by some of the 2nd Key that some of this merged with the registry would change that. TY again for your help and clear directions.
Boneyeye

 

The second reg key will make everything show on the system including file extensions.

 

Hi,
TY again. WhenI click "yes" when asked if I want to merge with the registry I get an error saying"cannot importC;\Documents and Settings\Windows User\Desktop\FixReg.reg. The specified file is not a registry script. You can only import bianry registry files from within the registry editor." Is there an alternative way of completing this. Hijack this has worked out OK .This is as far as I have got. TY Boneyeye

 

Hi, I am able to edit the registry and I could change the values on those 3Keys to what you have said for notepad, with care of course if you approve. Boneyeye.

 

Run Regedit and try importing the patch.

 

Hi,
Sorry, but, you will have to tell me step by step how to complete that. Thanx. Boneyeye.

 

Start -> Run
type regedit
click 'OK'

Click-on Registry in the Menu
Select Import Registry File...
Navigate to FixReg.Reg and import the file.

 

Hi,
Sorry again. Same error as in Post 12. Would you look at Post 13 and give your opinion on it as I am familiar with carrying out this . TYagain for your time and patience. boneyeye

 

Hi,
Have eventually got all Registry Keys as you described. Got all other files deleted I hope in safe mode and normal mode as you described. Did not need to use ExplorerXP as the files were deleted. Please find enclosed new logs.
Boneyeye

 

Hi Chaslang,
TY for coming back again and for spending so much time on my problem. The fixme.zip worked and was succesful. I got the success message. I uninstalled Counterspy via Add/Remove in Control Panel since it does not have its own uninstall file. But I am left with the last folder.C:\Program Files\Sunbelt Software. I was able to remove it from Add/Remove in Control Panel, rebooted and it was gone. What I cannot do is remove it from Program Files. I get an error saying" cannot delete SBAP.dll. Access is denied. Make sure the disk is not full or write protected and that the file is not currentlyin use" Hope you can help here. The disk is not full or half full .Thanx again.
Boneyeye.

 

Hi,
See new scans below. I hope. Boneyeye.

 

Hi Chaslang,
I have explained in Post 20 exactly how . Boneyeye.

 

Hi Chaslang,
REinstalled CounterSpy, rebooted, uninstalled via add/remove in Control Panel. Sucessful this time, all is gone. New scans included. Boneyeye

 

Hi,
TY again Chaslang, I dont seem to be having any malware problems at all. Evarything seemes quicker starting off Programs/Int Sites,, but Internet Sites seem to take longer to finish loading. Boneyeye

 

Hi Chaslang/Shadow Puter Dude,
I want to thank you both specially, but as I am not able to afford a donation I will say a special prayer for you all at Mass on Sunday and light some candles for my friends in MG. By the way Chas. I completed all as advised in post 27 with no probs. Bye for now. Boneyeye