Results 1 to 6 of 6

Thread: need malware removal help

  1. #1
    arkeat Guest

    Default need malware removal help

    I have made many attempts with MalwareBytes and ZoneAlarm Extreme scans over the past few days (both in and out of Safe Mode) and am unable to rid my pc of these pests: Trojan-Banker.Win32.Banbra.advx ; HEUR:Exploit.Script.Generic ; and, also Google Redirect.

    Can you please help? Thanks very much.

    ZoneAlarm Extreme Security version:9.3.037.000
    TrueVector version:9.3.037.000
    Driver version:9.1.522.000
    Anti-virus engine version:8.0.2.48
    Anti-virus signature DAT file version:1044550400
    AntiSpam version:6.0.0.2383
    ZoneAlarm Browser Security 1.5.152.14
    ZoneAlarm ForceField Spyware Scanner 1.5.53.209
    ZoneAlarm ForceField Anti-Phishing Database 1.2.104.0
    ZoneAlarm ForceField Spyware Sites Database 04.130

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: need malware removal help

    Please Read and Follow all of the instructions at this Link..

    Malware Clean-up Guidance
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    arkeat Guest

    Unhappy Re: need malware removal help

    Update - so far not so good.
    Performed Superscan in Safe Mode which found the same nasty files
    HEUR:Exploit.Script.Generic was found in C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UYGQAV1U\sdad[2].htm on 2/2/2011 20:45:32
    HEUR:Exploit.Script.Generic was found in C:\WINDOWS\system32\345.js on 2/2/2011 21:30:12
    Trojan-Banker.Win32.Banbra.aedx was found in C:\Documents and Settings\NetworkService\Application Data\wrt7.exe on 2/2/2011 20:45:28
    Trojan-Banker.Win32.Banbra.aedx was found in C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UYGQAV1U\dm11[1].exe on 2/2/2011 20:45:32
    Deleted all quarantined files


    Also ran current MalwareBytes which found nothing.

    Rebooted in normal and ran ZAX scan - again - same files were found and quarantined
    HEUR:Exploit.Script.Generic was found in C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2JDPTQAR\sdad[1].htm on 2/2/2011 22:52:46
    HEUR:Exploit.Script.Generic was found in C:\WINDOWS\system32\345.js on 2/2/2011 23:22:28
    Trojan-Banker.Win32.Banbra.aedx was found in C:\Documents and Settings\NetworkService\Application Data\wrt7.exe on 2/2/2011 22:47:24
    Trojan-Banker.Win32.Banbra.aedx was found in C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UYGQAV1U\dm11[1].exe on 2/2/2011 22:47:24
    Deleted them again

    It is interesting that every time I check ZAX for update it finds something - even if it has only been 30 min. Is this possible or am I not really getting updated?

    It is late here in AZ so I will push on to next steps tomorrow.
    Thanks for helping get started, fax.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,285

    Default Re: need malware removal help

    Quote Originally Posted by arkeat View Post
    It is interesting that every time I check ZAX for update it finds something - even if it has only been 30 min. Is this possible or am I not really getting updated?
    Yes, it is possible. 30/60/120/200 minutes is on average the frenquency of updates.

    Try to fully empty your browser cache and also manually removing all those sub folders in the "Temporary Internet Files" folder.

    "NetworkService"? Is this some remote system? using any particular way to connect to internet or using IE?

    Also ensure that your Java is fully updated, we are at version 6, update 23.

    Try to follow all the suggestion in here to improve your protection:
    xyz was not detected. What I should do?

    Finally consider that some of the detections are based on the heuristic engine. You may be facing false positive.

    Its important you follow ALL steps as suggested in Malware Guidace and if you are not sure you are clean then, without hesitating, post your logs at spywarehammer or bleeping computer forums (links in the malware guidance).

    Cheers and good luck,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    arkeat Guest

    Unhappy Re: need malware removal help

    I connect to the internet as standalone pc using router and cable modem
    I do not know what this is
    C:\Documents and Settings\NetworkService\Local Settings]
    Is it unusual? I tried deleting the temporary files various temporary files

    Getting dizzy from running scans

    seems like I get reinfected every time I connect to internet
    could that google redirect virus be causing this?

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,285

    Default Re: need malware removal help

    Could be... Time to move to spywarehammer or bleepingcomputer to get it fixed...

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Malware Removal Tool Downloads Blocked
    By catholichome in forum Access Issues
    Replies: 1
    Last Post: April 17th, 2009, 08:50 AM
  2. Malware removal tool
    By grandmere in forum General - Questions that don't fit any other category
    Replies: 0
    Last Post: November 5th, 2008, 02:41 AM
  3. Malware Removal Helps Thread
    By oldsod in forum Malware Discussion
    Replies: 32
    Last Post: October 13th, 2008, 11:01 PM
  4. Replies: 9
    Last Post: September 10th, 2008, 02:58 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •