Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Banker.FAT

  1. #1
    Junior Member
    Join Date
    Apr 2007
    Posts
    2

    Default Banker.FAT

    I only seem to be able to remove Banker.Fat when I run Spybot on start-up but it comes right back. I can't get rid of it. Any clues? Thanks.

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    this may be a false positive, please submit a scan report so we can determine what is being found
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Apr 2007
    Posts
    2

    Default Banker.FAT

    How do I send a scan report? Thank you.

  4. #4
    Junior Member
    Join Date
    May 2007
    Posts
    1

    Default

    I have this same problem.

  5. #5
    Junior Member
    Join Date
    May 2007
    Posts
    1

    Default

    Hi

    I have this problem too. How can I remove banker.fat?

    ThxGoldemar

  6. #6
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Please post a log of the actual detections you are getting. To do that:
    • Run another scan.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Then paste (Ctrl+V) those results to a new post in this thread.

    Thanks

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  7. #7
    Junior Member
    Join Date
    May 2007
    Posts
    1

    Unhappy Banker.FAT

    I also am having this problem. And my computer keeps getting popunders (which i'm assuming is because of the Banker.fat problem) Here is my log:


    Banker.FAT: Data (File, nothing done)
    C:\WINDOWS\SYSTEM32\cookie.dat

    Banker.FAT: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Helper

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


    --- Spybot - Search && Destroy version: 1.3 ---
    2007-05-23 Includes\Cookies.sbi
    2006-12-08 Includes\Dialer.sbi
    2007-05-23 Includes\DialerC.sbi
    2007-04-04 Includes\Hijackers.sbi
    2007-05-23 Includes\HijackersC.sbi
    2006-10-27 Includes\Keyloggers.sbi
    2007-05-23 Includes\KeyloggersC.sbi
    2004-11-29 Includes\LSP.sbi
    2007-05-16 Includes\Malware.sbi
    2007-05-23 Includes\MalwareC.sbi
    2003-04-28 Includes\plugin-ignore.ini
    2007-03-21 Includes\PUPS.sbi
    2007-05-23 Includes\PUPSC.sbi
    2007-05-23 Includes\Revision.sbi
    2007-05-24 Includes\Security.sbi
    2007-05-23 Includes\SecurityC.sbi
    2007-05-23 Includes\Spybots.sbi
    2007-05-23 Includes\SpybotsC.sbi
    2005-02-17 Includes\Tracks.uti
    2007-05-16 Includes\Trojans.sbi
    2007-05-23 Includes\TrojansC.sbi

    Any suggestions would help. Thanks!!!

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello.

    Unless your operating system is Win 95, please upgrade to Spybot-S&D version 1.4.




    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Junior Member
    Join Date
    Jun 2007
    Posts
    2

    Default

    i'm having the same problem--here's the report--:


    --- Search result list ---
    Banker.FAT: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Helper


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-06-13 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-05-23 advcheck.dll (1.5.3.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-06-13 Includes\Cookies.sbi (*)
    2007-05-30 Includes\Dialer.sbi (*)
    2007-06-13 Includes\DialerC.sbi (*)
    2007-06-13 Includes\Hijackers.sbi (*)
    2007-06-13 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-06-13 Includes\KeyloggersC.sbi (*)
    2007-05-30 Includes\Malware.sbi (*)
    2007-06-13 Includes\MalwareC.sbi (*)
    2007-03-21 Includes\PUPS.sbi (*)
    2007-06-13 Includes\PUPSC.sbi (*)
    2007-06-13 Includes\Revision.sbi (*)
    2007-05-30 Includes\Security.sbi (*)
    2007-06-13 Includes\SecurityC.sbi (*)
    2007-06-06 Includes\Spybots.sbi (*)
    2007-06-13 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2007-05-16 Includes\Trojans.sbi (*)
    2007-06-13 Includes\TrojansC.sbi (*)
    2007-06-06 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 1...

    then there's all the "Service (registry key)" stuff which i assume you don't need and which won't fit in a post anyway.
    Last edited by MarkusPFrancisco; 2007-06-13 at 20:50. Reason: i made a mstake

  10. #10
    Junior Member
    Join Date
    Jun 2007
    Posts
    2

    Default

    Ok, re-try, I posted this log after more explicitly following the posting instructions in the sticky for this forum:

    --- Search result list ---
    Banker.FAT: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Helper


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-06-13 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-05-23 advcheck.dll (1.5.3.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-06-13 Includes\Cookies.sbi (*)
    2007-05-30 Includes\Dialer.sbi (*)
    2007-06-13 Includes\DialerC.sbi (*)
    2007-06-13 Includes\Hijackers.sbi (*)
    2007-06-13 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-06-13 Includes\KeyloggersC.sbi (*)
    2007-05-30 Includes\Malware.sbi (*)
    2007-06-13 Includes\MalwareC.sbi (*)
    2007-03-21 Includes\PUPS.sbi (*)
    2007-06-13 Includes\PUPSC.sbi (*)
    2007-06-13 Includes\Revision.sbi (*)
    2007-05-30 Includes\Security.sbi (*)
    2007-06-13 Includes\SecurityC.sbi (*)
    2007-06-06 Includes\Spybots.sbi (*)
    2007-06-13 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2007-05-16 Includes\Trojans.sbi (*)
    2007-06-13 Includes\TrojansC.sbi (*)
    2007-06-06 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 1


    --- Startup entries list ---
    Located: HK_LM:Run, ADUserMon
    command: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    file: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    size: 147456
    MD5: d6e82206798f57521805bbb46d79c3a8

    Located: HK_LM:Run, AVG7_CC
    command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    size: 416256
    MD5: 2200c98c049de1a7638ea0edba1c8882

    Located: HK_LM:Run, ccApp
    command: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 50880
    MD5: 0a0acc6852a00997987fdf8a914755a5

    Located: HK_LM:Run, ccRegVfy
    command: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    file: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    size: 34504
    MD5: b3847ac31520a40d3ff96a9bfcc066c0

    Located: HK_LM:Run, Deskup
    command: C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    file:

    Located: HK_LM:Run, Iomega Automatic Backup 1.0.1
    command: C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
    file: C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
    size: 3014656
    MD5: d0f49b4fd9605ef89b93cd1c44f06764

    Located: HK_LM:Run, Iomega Drive Icons
    command: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    file: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    size: 86016
    MD5: 8bb8b8d1150c344586c46752953c2da6

    Located: HK_LM:Run, KernelFaultCheck
    command: %systemroot%\system32\dumprep 0 -k
    file: C:\WINDOWS\system32\dumprep.exe
    size: 9216
    MD5: 62dd404c8e46b76089a3d1fa6bd96739

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    size: 83608
    MD5: 9c1c80bbf8e6044980890e2d2d91091c

    Located: HK_LM:Run, Symantec NetDriver Monitor
    command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
    size: 100056
    MD5: f9418981ee4d7e995d359833adab59d5

    Located: HK_LM:Run, UninstalTime
    command: chkdisk.exe
    file: C:\WINDOWS\system32\chkdisk.exe
    size: 25241
    MD5: 1713142fd81971da1177cb371ec3b302

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\System32\ctfmon.exe
    file: C:\WINDOWS\System32\ctfmon.exe
    size: 13312
    MD5: 414de7cf9d3f19c3ea902f1bb38ec116

    Located: HK_CU:Run, RealPlayer
    command: "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    file: C:\Program Files\Real\RealPlayer\realplay.exe
    size: 995328
    MD5: 55ed5fae663ffaf2785769af69e5ebf6

    Located: HK_CU:Run, SpybotSD TeaTimer
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1415824
    MD5: 70496eee0ddbe485f658693826f44d38

    Located: Startup (common), Microsoft Office.lnk
    command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
    file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
    size: 83360
    MD5: 5bc65464354a9fd3beaa28e18839734a

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll



    --- Browser helper object list ---
    {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} (msdn_lib.msdn_hlp)
    BHO name:
    CLSID name: msdn_lib.msdn_hlp
    Path: C:\WINDOWS\System32\
    Long name: msdn_lib.dll

    {581C9855-AEE4-4446-B759-907A2F6E0C17} (H)
    BHO name:
    CLSID name: H
    Path: C:\WINDOWS\System32\
    Long name: coq.dll
    Short name:
    Date (created): 6/13/2003 12:36:50 AM
    Date (last access): 6/13/2007 1:23:30 PM
    Date (last write): 6/13/2003 12:36:50 AM
    Filesize: 42552
    Attributes: archive
    MD5: D10CD0CA7CFB066C255A92CFBBBE7D6D
    CRC32: FDEE5674
    Version: 0.1.0.1



    --- ActiveX list ---
    {56336BCB-3D8A-11D6-A00B-0050DA18DE71} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase: http://software-dl.real.com/0264963b...p/RdxIE601.cab
    description: Netster
    classification: Confirmed as malware
    known filename:
    info link:
    info source:

    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_01
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_01\bin\
    Long name: npjpi160_01.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/14/2007 2:04:46 AM
    Date (last access): 6/13/2007 1:23:32 PM
    Date (last write): 3/14/2007 3:43:42 AM
    Filesize: 132760
    Attributes: archive
    MD5: F112FB2FD2EF66D439799E3F834DF000
    CRC32: D2B09219
    Version: 6.0.0.6



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 436 ( 4) \SystemRoot\System32\smss.exe
    PID: 492 ( 436) \??\C:\WINDOWS\system32\csrss.exe
    PID: 516 ( 436) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 560 ( 516) C:\WINDOWS\system32\services.exe
    size: 101376
    MD5: E3DF4A0252D287C44606EE55355E1623
    PID: 572 ( 516) C:\WINDOWS\system32\lsass.exe
    size: 11776
    MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
    PID: 736 ( 560) C:\WINDOWS\system32\svchost.exe
    size: 12800
    MD5: 0F7D9C87B0CE1FA520473119752C6F79
    PID: 788 ( 560) C:\WINDOWS\System32\svchost.exe
    size: 12800
    MD5: 0F7D9C87B0CE1FA520473119752C6F79
    PID: 936 ( 560) C:\WINDOWS\System32\svchost.exe
    size: 12800
    MD5: 0F7D9C87B0CE1FA520473119752C6F79
    PID: 952 ( 560) C:\WINDOWS\System32\svchost.exe
    size: 12800
    MD5: 0F7D9C87B0CE1FA520473119752C6F79
    PID: 1220 (1196) C:\WINDOWS\Explorer.EXE
    size: 1004032
    MD5: A82B28BFC2E4455FE43022A498C0EF0A
    PID: 1240 ( 560) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    size: 308936
    MD5: BA2FEB4DE7146B972FFBFD5D48F3FC90
    PID: 1560 ( 560) C:\WINDOWS\system32\spoolsv.exe
    size: 51200
    MD5: 9B4155BA58192D4073082B8FC5D42612
    PID: 1756 (1220) C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    size: 147456
    MD5: D6E82206798F57521805BBB46D79C3A8
    PID: 1768 (1220) C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    size: 86016
    MD5: 8BB8B8D1150C344586C46752953C2DA6
    PID: 1808 (1220) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 50880
    MD5: 0A0ACC6852A00997987FDF8A914755A5
    PID: 1868 (1220) C:\WINDOWS\System32\chkdisk.exe
    size: 25241
    MD5: 1713142FD81971DA1177CB371EC3B302
    PID: 1900 (1220) C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    size: 416256
    MD5: 2200C98C049DE1A7638EA0EDBA1C8882
    PID: 1908 (1220) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    size: 83608
    MD5: 9C1C80BBF8E6044980890E2D2D91091C
    PID: 1932 (1220) C:\WINDOWS\System32\ctfmon.exe
    size: 13312
    MD5: 414DE7CF9D3F19C3EA902F1BB38EC116
    PID: 2004 ( 560) C:\WINDOWS\System32\alg.exe
    size: 41984
    MD5: 497AEAD5ECEF9512F6B364977A5308EE
    PID: 2020 ( 560) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    size: 353280
    MD5: 5F4ED1DBA7E1EAECBA443A53DA176485
    PID: 160 (1220) C:\WINDOWS\System32\devldr32.exe
    size: 24064
    MD5: E96B10537EB5024273480554BFFFE23D
    PID: 148 ( 560) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    size: 49664
    MD5: 30A14F65DB477DC00A64A5A24E96919C
    PID: 232 ( 560) C:\PROGRA~1\Iomega\System32\AppServices.exe
    size: 73728
    MD5: 19EF7FB809D3073EE60F85464E9C4C51
    PID: 252 ( 560) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    size: 270336
    MD5: 3A86FB5FDF6575568B5F1A694186E45E
    PID: 372 ( 560) C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    size: 116336
    MD5: C313B28853F53818B7AB4698FBB9E911
    PID: 112 ( 560) C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    size: 135168
    MD5: 4914A155F9B73317B14F94BBA4A79639
    PID: 1156 ( 560) C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    size: 172065
    MD5: 305365A42F7D38D8D10B233ECE1C84C6
    PID: 1248 ( 560) C:\WINDOWS\System32\svchost.exe
    size: 12800
    MD5: 0F7D9C87B0CE1FA520473119752C6F79
    PID: 1324 ( 560) C:\WINDOWS\System32\wdfmgr.exe
    size: 38912
    MD5: C81B8635DEE0D3EF5F64B3DD643023A5
    PID: 1388 ( 560) C:\Program Files\Iomega\AutoDisk\ADService.exe
    size: 151552
    MD5: B624180218BB196AD9869D5D6B454318
    PID: 2436 ( 788) C:\WINDOWS\System32\wuauclt.exe
    size: 124184
    MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
    PID: 1040 (1220) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    size: 10577312
    MD5: CF5FAAE47BD45081EBD2B4732A866B64
    PID: 1200 (1220) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 3648 ( 736) C:\Program Files\Messenger\msmsgs.exe
    size: 1511453
    MD5: 1E455B08870D4AC3BB6AB5968603E8AF
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 6/13/2007 2:59:17 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\System32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://login.passport.net/uilogin.srf?lc=1033&id=2
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •