Results 1 to 10 of 10

Thread: Banker trojan

  1. #1
    Junior Member
    Join Date
    Mar 2010
    Posts
    5

    Default Banker trojan

    Hi everybody,

    I need some help with the Banker trojan. I always run a Spybot scan every Sunday. This Sunday, it came back telling me that I have the Banker trojan in 2 locations. This has me pretty concerned about the security of my system although I have McAfee that's constantly updated. I've done several deep scans with McAfee and nothing comes up with that.

    The 2 registries are:
    (SBl $EBFB4022) Browser Helper Object
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}

    (SBl $7F6039C1) CLASS ID
    HKEY_CLASSES_ROOT\CLSlD\{8CA5ED52-F3FB-4414-A105-2E3491156990}

    I hope I copied all this right. I don't even use Explorer as my browser. I use Firefox.

    I hope somebody can help me. I stopped at the bank to see if I need to change my accounts and they say their High Risk IT Dept hasn't sent any messages out about this and they hadn't heard of it at the bank at all.

    Thanks for your help.

    Splat Cat Too

  2. #2
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    Sorry, but this does not look like a false positive to me. If you should experience any problems fixing this BHO for the Internet Explorer please visit our malware removal subforum. If you're only using Firefox for your banking stuff, you don't have to worry about your banking details. Anyway this BHO should be removed as soon as possible. Did you install any new game like iWinGames lately?

    best,
    buster!
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi SplatCatToo,

    This CLSID is "bad" and should be removed. It seems to be an orphan from an previous adware infection you had. See here.
    Last edited by Matt; 2010-03-17 at 23:43.
    Best regards - Beste Grüße,

    Matt

  4. #4
    Junior Member
    Join Date
    Mar 2010
    Posts
    5

    Default Banker Trojan

    Thanks Buster. I do only use Firefox for looking at my banking stuff. I have IE, but rarely go into it. I think Firefox is safer and better.
    And, YES, I did download from iWin, unfortunately. I also bought the game Gardenscapes from them and ordered a backup CD. Will the CD be safe to use? Or, should I just eat the loss of the money and consider it a lesson learned. I had a feeling the problem had something to do with iWin from some of the other crap I was able to clean off with Spybot and the names that came up were related to iWin. I never had problems like this before I downloaded the game from them.
    Is there an easy way to get rid of this problem or should I use my last advanced tech call to Dell and ask them to get rid of it?
    I just learned a hard lesson trying to save a few bucks and because I liked the game. I can order it from another site I know is good like PopCap instead. It will cost more, but at this point, it's worth it.
    Thanks for your help!

    Splat Cat Too

  5. #5
    Junior Member
    Join Date
    Mar 2010
    Posts
    5

    Default Banker Trojan

    Thank you too Matt,

    Is there an easy way to remove this part? Like I just said to Buster, I learned a hard lesson on this. From now on, I'll stick to sites I know like PopCap, Pogo and Big Fish.
    Again, do you think the CD I ordered from iWin is safe to install? I also have a laptop but have not installed anything from iWin on that and won't either!

    Thanks again.

    Splat Cat Too

  6. #6
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi Splat Cat Too,

    Quote Originally Posted by SplatCatToo View Post
    Is there an easy way to remove this part? Like I just said to Buster, I learned a hard lesson on this.
    Does Spybot still find the following two entries?

    (SBl $EBFB4022) Browser Helper Object
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}

    (SBl $7F6039C1) CLASS ID
    HKEY_CLASSES_ROOT\CLSlD\{8CA5ED52-F3FB-4414-A105-2E3491156990}
    You can let Spybot fix these two problems. Shouldn't be a problem I think.

    Quote Originally Posted by SplatCatToo View Post
    Thank you too Matt
    You're welcome.
    Best regards - Beste Grüße,

    Matt

  7. #7
    Junior Member
    Join Date
    Mar 2010
    Posts
    5

    Default Banker Trojan

    Hi Matt,

    It's still listed when I run Spybot. It won't still won't let me remove it. When I go into the "recovery" section, it tells me I have 20 listed under the Banker. I wasn't sure whether or not I need to get rid of it from here or from somewhere else. I just don't know enough about the registries to even have an idea what I'm doing. Under the Recovery section, it also tells me I have a lot of other stuff too, that's all been backed up. I don't want to lose anything or delete something I shouldn't but if I'm reading this correctly, it backed the bad stuff up at this point.

    Thanks again for your help.
    SplatCatToo

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello SplatCatToo,

    Please follow the instructions in this link to produce a HJT log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start your own thread in the Malware Removal Forum where an analyst will take a look at the system and advise you as soon as available.

    It would be helpful if in your new topic you provide a link back to this one.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi SplatCatToo,

    Quote Originally Posted by tashi View Post
    Please follow the instructions in this link to produce a HJT log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start your own thread in the Malware Removal Forum where an analyst will take a look at the system and advise you as soon as available.

    It would be helpful if in your new topic you provide a link back to this one.
    Tashi has already given you all important information.

    I hope you can get rid of the Malware with the help of the analyst as soon as possible.

    Take care
    Best regards - Beste Grüße,

    Matt

  10. #10
    Junior Member
    Join Date
    Mar 2010
    Posts
    5

    Default Banker Trojan

    Thanks Tashi and Matt,

    I took a brief look at the instructions and since I have tomorrow off, that would be a good time to work with this so I get it right rather than trying to do it tonight after a long day of work.
    I appreciate your help!

    SplatCatToo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •