i know guys this maynot be the forum or website to ask this question so im sorry but i have Trojan Spy HTML Bankfraud IX on my computer i have trojen remover and spyware doctor on my computer and nothing can kill this thing can some1 please help i have credit card info on my computer i dont want to do a factory reset please help also i have googled this and cannot find nothing to kill it
Do this! 1. In your computer's start menu, click My computer. 2. Right click on whatever hard drive(or drives) you are using. 3. click on format on the drop down menu. 4. Check the Quick format box. 5. Click start 6. Say yes to the question it asks you. 7. Repeat for all drives.
NO dont do that, we dont have to format it yet. This is what we'll do for now, send in a HJT log and we'll find the b****** and delete it, heres how. http://www.download.com/HijackThis/3000-8022_4-10227353.html (usefull for finding problems) Heres how to use it, btw thanks to axxxel for posting this info. -> download -> Unzip to C:\HJT-> Press Ok and Close window Make sure that you actually extract HijackThis to its own folder: C:\HJT. DO NOT run it from within a zip manager (Winzip), or Desktop as no backups will be saved. ---------------------------------------------------------------------- Step 4: Scan your computer Now Open Hijackthis -> Click "Do a system scan and save log file" Hjt will scan your computer for about 15 sec. -> Log file will pop up. Most items are perfectly fine. You should not remove them. Never remove everything by yourself. This forum will now help you work with the Experts to clean up your system. -> Copy and paste the contents of the HijackThis log into your post. Make new thread for your own log Post full log, begins with: Logfile of HijackThis v1.99.1... etc
Well I guess either his computer crashed or he forgot about this thread. If he'd had listen to mee his computer would have been fine.
yep it woudlve worked but you cant format while in windows, it has to be done in DOS and then youd have to get him the disk for it,that info you put there would most likely not do anything at all,it would come up saying "cannot format disk is in use"as your in windows,if you did it right it would work sure but he would have lost all his data over somthing that could have been fixed easily.. But some people do kinda do this, they ask the qeustion on like 10 sites and just go to the one that gives you the fastest fix..
HELP!!! I also have the Bankfraud.IX trojan and can't get rid of it. I've never seen anything like it. Spyware Doctor logs 188 infections! I clear them but they keep coming back. Here is Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 1:14:29 AM, on 2/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\System32\nvsvc32.exe c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Spyware Doctor\sdhelp.exe c:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\BRORON~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [1ClickSweep] C:\Program Files\Secure PC Solutions\1ClickSweep\1ClickSweep.exe O4 - HKLM\..\Run: [rscn] C:\DOCUME~1\BRORON~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4X2JSLUV\svchost[1].exe ymmud O4 - HKLM\..\Run: [0162e2f42bc] C:\WINDOWS\System32\0162e2f42bc.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [0162e2f42bc] C:\WINDOWS\System32\0162e2f42bc.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup160.cab O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
@ibkwaazi First, move HjT int its own folder -> c:\hjt Fix with HjT (do a system scan only, checkmark these and press fix checked): R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [rscn] C:\DOCUME~1\BRORON~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4X2JSLUV\svchost[1].exe ymmud O4 - HKLM\..\Run: [0162e2f42bc] C:\WINDOWS\System32\0162e2f42bc.exe O4 - HKCU\..\Run: [0162e2f42bc] C:\WINDOWS\System32\0162e2f42bc.exe Download ewido -> http://www.ewido.net/en/download and update it Boot in safe mode (tap F8 while booting) Delete this, if found: C:\WINDOWS\System32\0162e2f42bc.exe Delete all files this directory: C:\DOCUME~1\BRORON~1\LOCALS~1\Temp Scan with ewido and save report. Reboot normally, send a fresh HjT log and ewido's report.
boot to safemode under administrator if the program will not uninstall with the internet running.Run hijack this to delete it out of the registry or run ccleaner to remove activeX and other installers out of the registy.Run ad-aware pro or other ad remover program and update your ant-virus protection.And don't put credit card information on a computer it's not a smart to do that when people can look at you computer with spyware.
If necesary use my above instructions to re-format your computer. WARNING IMPORTANT: re-formatiing will delete all of your files only re-format if necesary.
