help with Trj/Banker.MGF post after first Manual disinfection

Printable View

12.05.2010, 06:37
crisaven

help with Trj/Banker.MGF

I have kaspersky 2010, this say i don't have problems, but panda antivirus say i have troyan Trj/Banker.MGF but I canґt remove.

I use kaspersky virus removal tools, but this don't clean:rtfm:, don't detect nothing, please help me
12.05.2010, 13:58
Rene-gad

Hello,

pls. run AVPTool AS ADMINISTRATOR (mouse right click/Run as administrator)

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
TerminateProcessByName('c:\users\familia castillo\appdata\roaming\driver\winlogon');
QuarantineFile('c:\users\familia castillo\appdata\roaming\driver\winlogon','');
QuarantineFile('c:\users\familia castillo\appdata\roaming\driver\services','');
TerminateProcessByName('c:\users\familia castillo\appdata\roaming\driver\services');
QuarantineFile('c:\users\famili~1\appdata\local\temp\service','');
TerminateProcessByName('c:\users\famili~1\appdata\local\temp\service');
DeleteFile('c:\users\famili~1\appdata\local\temp\service');
DeleteFile('c:\users\familia castillo\appdata\roaming\driver\services');
DeleteFile('c:\users\familia castillo\appdata\roaming\driver\winlogon');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]

After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual disinfection
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]and upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.

- Repeat a log file of AVPTool.
- Attach a log to your new post..
12.05.2010, 22:36
crisaven

I do the first box, and appear... error code 99C63001.

this attached include log file of AVPTool after first manual clean with this scriptwhat do I need to do now?, thanks for help
13.05.2010, 11:02
Rene-gad

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
RegKeyParamDel('HKEY_USERS','S-1-5-21-3610472547-483685952-2812402817-1000\Software\Microsoft\Windows\CurrentVersion\Run','MicrosoftWinUpdate');
DeleteFile('C:\Users\FAMILI~1\AppData\Roaming\spoolsv.exe');
DeleteFileMask('c:\users\famili~1\appdata\local\temp\','*.*',true);
DeleteFileMask('c:\users\familia castillo\appdata\roaming\driver\','*.*',true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]

- Repeat a log file of AVPTool.
- Attach a log to your new post..
15.05.2010, 23:27
crisaven

ok, I do your advice again,

please tell me what i need to do now???

are we finish?, thanks a lot
16.05.2010, 11:01
Rene-gad

[QUOTE=crisaven;637517]
are we finish?[/QUOTE]Are you in hurry? Reinstall your OS - it will be faster.

I see nothing suspicious in the last log.
16.05.2010, 23:26
crisaven

OK, thanks Rene-gad, i really apreciated your advice...

my native language is spanish, i try to explain in english the better way posible. my question about if i finish? it is because i don't know about my PC its clean.

thank you very much. then, now i could say my PC itґs clean?