Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems after removing Win32.Banker.fgv

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Problems after removing Win32.Banker.fgv

Unread postby askey127 » February 22nd, 2010, 4:14 pm

OK. Let me know.
I hope it works, but...
If it fails to complete, I do already have a plan.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Problems after removing Win32.Banker.fgv

Unread postby Frehley » February 23rd, 2010, 12:08 pm

Second time was a charm. Here we go. Sorry about the delay, I was sleeping at the wheel, I accidentally posted it as a reply to last post.


Avira AntiVir Personal
Report file date: Monday, February 22, 2010 13:47

Scanning for 1783685 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JUDY-5A1OOROSGK

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:10:25
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 19:24:34
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 19:28:24
VBASE004.VDF : 7.10.3.76 2048 Bytes 1/26/2010 19:28:25
VBASE005.VDF : 7.10.3.77 2048 Bytes 1/26/2010 19:28:26
VBASE006.VDF : 7.10.3.78 2048 Bytes 1/26/2010 19:28:27
VBASE007.VDF : 7.10.3.79 2048 Bytes 1/26/2010 19:28:28
VBASE008.VDF : 7.10.3.80 2048 Bytes 1/26/2010 19:28:29
VBASE009.VDF : 7.10.3.81 2048 Bytes 1/26/2010 19:28:30
VBASE010.VDF : 7.10.3.82 2048 Bytes 1/26/2010 19:28:30
VBASE011.VDF : 7.10.3.83 2048 Bytes 1/26/2010 19:28:31
VBASE012.VDF : 7.10.3.84 2048 Bytes 1/26/2010 19:28:32
VBASE013.VDF : 7.10.3.85 2048 Bytes 1/26/2010 19:28:33
VBASE014.VDF : 7.10.3.122 172544 Bytes 1/29/2010 19:29:13
VBASE015.VDF : 7.10.3.149 79872 Bytes 2/1/2010 19:29:35
VBASE016.VDF : 7.10.3.174 68608 Bytes 2/3/2010 19:29:53
VBASE017.VDF : 7.10.3.199 76800 Bytes 2/4/2010 19:30:11
VBASE018.VDF : 7.10.3.222 64512 Bytes 2/5/2010 19:30:28
VBASE019.VDF : 7.10.3.243 75776 Bytes 2/8/2010 19:30:46
VBASE020.VDF : 7.10.4.6 81920 Bytes 2/9/2010 19:31:05
VBASE021.VDF : 7.10.4.30 78848 Bytes 2/11/2010 19:31:25
VBASE022.VDF : 7.10.4.50 107520 Bytes 2/15/2010 19:31:51
VBASE023.VDF : 7.10.4.62 105472 Bytes 2/15/2010 19:32:15
VBASE024.VDF : 7.10.4.85 111616 Bytes 2/17/2010 19:32:42
VBASE025.VDF : 7.10.4.109 122368 Bytes 2/21/2010 19:33:10
VBASE026.VDF : 7.10.4.110 2048 Bytes 2/21/2010 19:33:12
VBASE027.VDF : 7.10.4.111 2048 Bytes 2/21/2010 19:33:13
VBASE028.VDF : 7.10.4.112 2048 Bytes 2/21/2010 19:33:14
VBASE029.VDF : 7.10.4.113 2048 Bytes 2/21/2010 19:33:15
VBASE030.VDF : 7.10.4.114 2048 Bytes 2/21/2010 19:33:16
VBASE031.VDF : 7.10.4.122 95744 Bytes 2/22/2010 19:33:39
Engineversion : 8.2.1.172
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/22/2010 19:43:04
AESCRIPT.DLL : 8.1.3.16 827771 Bytes 2/22/2010 19:42:51
AESCN.DLL : 8.1.4.0 127348 Bytes 2/22/2010 19:41:43
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44
AERDL.DLL : 8.1.4.2 479602 Bytes 2/22/2010 19:41:28
AEPACK.DLL : 8.2.0.8 426357 Bytes 2/22/2010 19:40:25
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 2/22/2010 19:39:31
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 2/22/2010 19:39:07
AEHELP.DLL : 8.1.10.0 237942 Bytes 2/22/2010 19:35:12
AEGEN.DLL : 8.1.1.87 369013 Bytes 2/22/2010 19:34:46
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26
AECORE.DLL : 8.1.11.1 184694 Bytes 2/22/2010 19:34:02
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 2/22/2010 19:43:19
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+SPR,

Start of the scan: Monday, February 22, 2010 13:47

Starting search for hidden objects.
'42414' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'ltmsg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4bf0e957.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a8e81b8.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a8f99f0.qua'!


End of the scan: Monday, February 22, 2010 14:28
Used time: 39:29 Minute(s)

The scan has been done completely.

3163 Scanned directories
121141 Files were scanned
0 Viruses and/or unwanted programs were found
3 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
121137 Files not concerned
581 Archives were scanned
1 Warnings
4 Notes
42414 Objects were scanned with rootkit scan
0 Hidden objects were found
Frehley
Regular Member
 
Posts: 26
Joined: February 10th, 2010, 4:28 pm

Re: Problems after removing Win32.Banker.fgv

Unread postby askey127 » February 23rd, 2010, 12:57 pm

Frehley,
Looks good.
I would suggest keeping Avira Antivir, and Malwarebytes Anti-Malware. Those two should be sufficient, along with the programs below.
Antivir will give you one popup nag screen (Click OK) each day if you don't want the paid version, but the paid version is relatively cheap and gives automatic two-way e-mail scan.
Either version has excellent detections.
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
  • In the bottom half of the left pane, click on File Handling
  • If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
  • Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
  • Click on the top button labeled MVPs Hosts and choose Replace
  • When asked to verify if you want to Replace present Hosts file, click OK.
  • When it finishes , click on File Handling again.
  • Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
  • Hit the X in the upper right corner to exit HostsXpert
If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

You should be good to go.
Let me know if any additional questions.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems after removing Win32.Banker.fgv

Unread postby Frehley » February 23rd, 2010, 4:30 pm

I most certainly will. Actually I have already. Thanks so much for your abundance of patience, help and goodwill. Right now I am in between jobs, when I am able I will find a way to donate or buy something through this site. Thanks so much for your help.
Frehley
Regular Member
 
Posts: 26
Joined: February 10th, 2010, 4:28 pm

Re: Problems after removing Win32.Banker.fgv

Unread postby askey127 » February 23rd, 2010, 4:48 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware