[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

how do I remove a trojan called trojan-spy.banker.chc?

Posted on 2007-10-03
8
Medium Priority
?
1,956 Views
Last Modified: 2013-12-09
I have one PC on a microsoft network that has a trojan virus. Symantec antivirus 10.1.5 does not find it but PC tools spyware doctor finds it. It appears to remove it when it's disconnected from the network but as soon as I plug in the T/P cable it reappears. The only info I can find on the internet calls it "Trojan-Spy.Banker.CHC". It says that it was created in Brazil and is also known as Troj/Bancos-BBU. I really need info on how to remove this trojan.
0
Comment
Question by:mkaczowski
8 Comments
 
LVL 3

Expert Comment

by:jkpc21
ID: 20010398
Go into safe mode, and then run pctools spyware doctor. Once detected, remove it and restart your computer in normal mode and check to see if the problem has been solved.

You can go into safe mode by pressing F5 during boot up and selecting safe mode.
0
 
LVL 4

Expert Comment

by:jordibartrina
ID: 20010522
Hello,

Connect with http://es.mcafee.com/root/mfs/default.asp, it's free scan from McAfee (in Spanish, but its the same result) CLICK ON "Analizar ahora" (Analize now), accept download from nai.com and follow instrucctions for removal.
remember: don't restore system to previous instant, do not use tape or cd or dvd backups for recover info without scan it.

Good luck
0
 
LVL 23

Expert Comment

by:phototropic
ID: 20012210
Bitdefender should get rid of it:

http://www.bitdefender.com/VIRUS-90747-en--Trojan.Spy.Banker.HQ.html

Free fully fuctional scan here:

http://www.bitdefender.com/VIRUS-90747-en--Trojan.Spy.Banker.HQ.html

If you still have problems, a Hijack This log would be helpful:

http://www.majorgeeks.com/download5554.html

Good luck!!!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 1500 total points
ID: 20012758
boot into safemode with networking.....it should't load under safemode and then run the online virus scanner to get it rmeoved
http://housecall.trendmicro.com/
0
 

Author Comment

by:mkaczowski
ID: 20019225
So far running SpDoctor in safe mode with system restore disabled failed to remove the trojan.
Once you reboot in normal mode with internet access, it recreates a startt.job and a start.bat file in Windows and it reinfects the system.

The McAfee in spanish found two other cases of Banker.chc and said that it removed them but once again on bootup it became reinfected.

I will try Bitdefender and trendmicro next.

Does the bitdefender have to run in safe mode or can it run in normal mode with the network attached?

Super desperate,
Mark
0
 
LVL 23

Expert Comment

by:phototropic
ID: 20019944
Yes, Bitdefender will run in Safe Mode with Networking

Another tool to consider in getting rid of this thing is Combofix:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Double click combofix.exe & follow the prompts.

0
 
LVL 1

Expert Comment

by:Tyrannus
ID: 20025543
If you know where all the files live related to this trojan, remove them manually. Check MSCONFIG and remove the call that reinfects the system.

I usually use Process Explorer to get the right information.

http://www.microsoft.com/technet/sysinternals/processesandthreads/processexplorer.mspx
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20027334
Hi,
As already suggested,
Can you run Hijackthis and show us the log please?
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
If you are like me and like multiple layers of protection, read on!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question