Page 1 of 4 1234 LastLast
Results 1 to 10 of 40

Thread: Banyan Malware can not be removed by system

  1. #1
    Member
    Join Date
    Mar 2014
    Posts
    32

    Default Banyan Malware can not be removed by system

    Spybot has tried 5 times..need help. Thank you.

  2. #2
    Member
    Join Date
    Mar 2014
    Posts
    32

    Default Here are the Farbar files

    Scan file and additional txt file
    Attached Files Attached Files

  3. #3
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Our recommendation is to remove this program.
    Yet Another Cleaner!
    Remove it using the Add/Remove programs

    Let me supply you with known good antivirus tools.


    As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.

    ~~~~~~~~~
    Please go to your downloads folder and locate Farbar Recovery Scan Tool, right click and select CUT
    Go to an open spot on your desktop and select PASTE
    Farbar Recovery Scan Tool should now be on your desktop.

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)




    start
    CloseProcesses:
    C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-1210306022-1181859764-3225192987-1001\...\Winlogon: [Shell] - <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1210306022-1181859764-3225192987-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\.DEFAULT -> {035707D0-FAF1-4D36-8C40-C6734EB967DF} URL =
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-28] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-28] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-10-28] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-28] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-28] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [51880 2014-10-26] (Elex do Brasil Participações Ltda)
    2015-01-21 09:04 - 2015-01-21 09:04 - 00001930 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk
    2015-01-21 09:04 - 2015-01-21 09:04 - 00001924 _____ () C:\Users\Public\Desktop\YAC.lnk
    2015-01-21 09:04 - 2015-01-21 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
    2015-01-21 09:04 - 2015-01-21 09:04 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
    2015-01-21 09:04 - 2014-10-28 06:31 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
    2015-01-21 09:04 - 2014-10-26 21:02 - 00051880 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2015-01-21 09:02 - 2015-01-21 09:02 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Elex-tech
    2015-01-21 09:01 - 2015-01-21 09:02 - 16474920 _____ (Elex do Brasil Participações Ltda) C:\Users\Tim\Downloads\yet_another_cleaner_cnt.exe
    C:\ProgramData\adwcleaner_4.106.exe
    C:\Users\Tim\AppData\Local\Temp\jre-8u31-windows-au.exe
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~``

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Member
    Join Date
    Mar 2014
    Posts
    32

    Talking

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/22/2015
    Scan Time: 4:45:38 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.22.11
    Rootkit Database: v2015.01.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Tim

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 415461
    Time Elapsed: 8 min, 0 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    Adware.Finix, C:\Users\Tim\Downloads\Comcast_Desktop_Software_1401.exe, , [6c0767938603cd69ccb54bc7e022f10f],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Fixlog.txt ?

    Since we have removed some malicious files, how's the computer?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Member
    Join Date
    Mar 2014
    Posts
    32

    Default Looking good. Banyan no longer found by SB scan or Avasti

    Attached Files Attached Files

  7. #7
    Member
    Join Date
    Mar 2014
    Posts
    32

    Cool Ty ty

    Thank you thank you very much! Sorry about the multiple posts, I have trouble focusing and with short term memory since stroke

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by katok View Post
    Thank you thank you very much! Sorry about the multiple posts, I have trouble focusing and with short term memory since stroke
    Your doing fine.

    How's your computer now?


    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Member
    Join Date
    Mar 2014
    Posts
    32

    Default ESET Scan logs

    I ran the scans, but I may have inadvertently taken some action. I may have been on a different menu then you were referring to, it did not have ticks for "take no action but instead had a slide scale action, no action, which I chose. Found variant of Win32/Elex.as. Software said it "cleaned file because it contained body of infection"? Since I am out of my arena, I will turn this over to you to determine how badly I performed. The Smartscan log is too big to upload
    Attached Files Attached Files

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    was the file you posted, come from the Eset Online scan?
    From what I can tell it actually found a quarantine folder which we will remove in the end.

    Tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •