mkaczowski
asked on
how do I remove a trojan called trojan-spy.banker.chc?
I have one PC on a microsoft network that has a trojan virus. Symantec antivirus 10.1.5 does not find it but PC tools spyware doctor finds it. It appears to remove it when it's disconnected from the network but as soon as I plug in the T/P cable it reappears. The only info I can find on the internet calls it "Trojan-Spy.Banker.CHC". It says that it was created in Brazil and is also known as Troj/Bancos-BBU. I really need info on how to remove this trojan.
Hello,
Connect with http://es.mcafee.com/root/mfs/default.asp, it's free scan from McAfee (in Spanish, but its the same result) CLICK ON "Analizar ahora" (Analize now), accept download from nai.com and follow instrucctions for removal.
remember: don't restore system to previous instant, do not use tape or cd or dvd backups for recover info without scan it.
Good luck
Connect with http://es.mcafee.com/root/mfs/default.asp, it's free scan from McAfee (in Spanish, but its the same result) CLICK ON "Analizar ahora" (Analize now), accept download from nai.com and follow instrucctions for removal.
remember: don't restore system to previous instant, do not use tape or cd or dvd backups for recover info without scan it.
Good luck
Bitdefender should get rid of it:
http://www.bitdefender.com/VIRUS-90747-en--Trojan.Spy.Banker.HQ.html
Free fully fuctional scan here:
http://www.bitdefender.com/VIRUS-90747-en--Trojan.Spy.Banker.HQ.html
If you still have problems, a Hijack This log would be helpful:
http://www.majorgeeks.com/download5554.html
Good luck!!!
http://www.bitdefender.com/VIRUS-90747-en--Trojan.Spy.Banker.HQ.html
Free fully fuctional scan here:
http://www.bitdefender.com/VIRUS-90747-en--Trojan.Spy.Banker.HQ.html
If you still have problems, a Hijack This log would be helpful:
http://www.majorgeeks.com/download5554.html
Good luck!!!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
So far running SpDoctor in safe mode with system restore disabled failed to remove the trojan.
Once you reboot in normal mode with internet access, it recreates a startt.job and a start.bat file in Windows and it reinfects the system.
The McAfee in spanish found two other cases of Banker.chc and said that it removed them but once again on bootup it became reinfected.
I will try Bitdefender and trendmicro next.
Does the bitdefender have to run in safe mode or can it run in normal mode with the network attached?
Super desperate,
Mark
Once you reboot in normal mode with internet access, it recreates a startt.job and a start.bat file in Windows and it reinfects the system.
The McAfee in spanish found two other cases of Banker.chc and said that it removed them but once again on bootup it became reinfected.
I will try Bitdefender and trendmicro next.
Does the bitdefender have to run in safe mode or can it run in normal mode with the network attached?
Super desperate,
Mark
Yes, Bitdefender will run in Safe Mode with Networking
Another tool to consider in getting rid of this thing is Combofix:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Double click combofix.exe & follow the prompts.
Another tool to consider in getting rid of this thing is Combofix:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Double click combofix.exe & follow the prompts.
If you know where all the files live related to this trojan, remove them manually. Check MSCONFIG and remove the call that reinfects the system.
I usually use Process Explorer to get the right information.
http://www.microsoft.com/technet/sysinternals/processesandthreads/processexplorer.mspx
I usually use Process Explorer to get the right information.
http://www.microsoft.com/technet/sysinternals/processesandthreads/processexplorer.mspx
Hi,
As already suggested,
Can you run Hijackthis and show us the log please?
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
As already suggested,
Can you run Hijackthis and show us the log please?
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
You can go into safe mode by pressing F5 during boot up and selecting safe mode.