win32 banker fs (problems with removal)

Discussion in 'Malware Help (A Specialist Will Reply)' started by Silver Trowel, Nov 13, 2008.

  1. Silver Trowel

    Silver Trowel Private E-2

    Hi, Appologies if my problem is an easily solved one but Im a computer newbie as far as these things go.
    I have to do things step by step and have then explained to me that way.

    I picked up the win32 banker fs trojan thingy and came here for a soloution. I quickly found it under Chaslangs Read and Run Malaware removal post.
    I completed every step in order until I got to the spybot search + destroy part.
    I installed the programme but every time i ran it (6 times so far) it tells me it recomends that I reboot (About 1/3rd the way thro the scan). This happens just as it identifies a problem ... virtumunde.dll ....
    I rebooted everytime and search+destroy starts up again (B4 my settings have loaded) but the same problem arises.

    Am i doing somtin wrong?
    What is virtumunde.dll?

    Thnx for any help in advance.
     
    Silver Trowel, Nov 13, 2008
    #1
  2. Silver Trowel

    Silver Trowel Private E-2

    just incase, thought i should show exactly what search+destroy finds b4 recomending a reboot,,,,,,

    Virtumunde.dll: [SBI $AAFAEA2E] Library
    C:\WINDOWS\system32\xrxqbskj.dll

    Virtumunde.dll: [SBI $AAFAEA2E] Library
    C:\WINDOWS\system32\xgsjuygp.dll

    Virtumunde.dll: [SBI $AAFAEA2E] Library
    C:\WINDOWS\system32\lyppjjqt.dll

    Virtumunde.dll: [SBI $AAFAEA2E] Library
    C:\WINDOWS\system32\wucjdaao.dll

    Virtumunde.dll: [SBI $AAFAEA2E] Library
    C:\WINDOWS\system32\aqfhbyrq.dll
     
    Silver Trowel, Nov 13, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Stop running spybot and instead try running and getting me the logs from:
    SuperAntispyware
    MalwareBytes
    ComboFix
    MGTools.exe ---> C:\MGLogs.zip

    In the meantime, download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the "Input script here:"
    part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Attach that log as well. :)
     
    TimW, Nov 14, 2008
    #3
  4. Silver Trowel

    Silver Trowel Private E-2

    Ty for taking the time to reply my friend, but I think Ive fixed the problem...
    Please dont ask me how,,, my head hurts :-o

    The only thing im having trouble with is setting my homepage... it just auto reverts to MSN homepage after every attempted change :confused
     
    Silver Trowel, Nov 17, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not seeing your logs it is hard to say whether you are clean or not. Your homepage is probably being blocked by one of your security programs.
     
    TimW, Nov 17, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds