Banker.fat + Virtumonde
Both of these trojans were regenerating themselves in my hard drive... everytime spybot removed them they came back on the next reboot. I finally found that they were coming out of the recovery file within spybot. Once I purged the file they did not come back... DOES THAT MAKE SENSE TO ANYONE ELSE?
Last edited by Richard L.; 2010-01-17 at 21:05.
hello,
this kind of behaviour has not been observed with any kind of malware yet.
Usually a Virtumonde infection requires a reboot the same may apply to some Banker variants.
Please create a full Spybot S&D report file and send it to detections@spybot.info with a reference to this thread. With this report file we will be able to take a look at the most common starting places for the named malware above.
To make a full report do the following:
- start Spybot S&D
- do a scan
- right click the scan results screen and choose to save a full report to your desktop
Do you want me to reintroduce banker.fat into my hard drive first and have spybot s&d remove it before I do the report. If so, I believe the introduction/infection point is within 'facebook.' I do not no where I can find virtumonde at this point. I had removed it from my hard drive before trying to track its origin.
no, I wanted to take a look at the full Spybot S&D report since it is possible that there are some traces of the malware you described are still left on your computer.
Since we are at it, it might also be helpful if you send in a Spybot S&D fix report, Spybot S&D stores the information about what it checks and fixes (or tries to fix). These reports can be found this way:
- start Spybot S&D
- switch to advanced mode
- navigate to tools - view reports
- now click on view previous reports
- select the latest fixes report file, the name contains the date and time in this manner YYMMDD-hhmm
edit: just saw that you sent us a mail with the full Spybot S&D report, I will keep you updated about what I find
Posting Permissions
Reply With Quote