I only seem to be able to remove Banker.Fat when I run Spybot on start-up but it comes right back. I can't get rid of it. Any clues? Thanks.
I only seem to be able to remove Banker.Fat when I run Spybot on start-up but it comes right back. I can't get rid of it. Any clues? Thanks.
How do I send a scan report? Thank you.
I have this same problem.
Hi
I have this problem too. How can I remove banker.fat?
ThxGoldemar
Please post a log of the actual detections you are getting. To do that:
- Run another scan.
- When the scan completes, right click on the results list, select "Copy results to clipboard".
- Then paste (Ctrl+V) those results to a new post in this thread.
Thanks
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
I also am having this problem. And my computer keeps getting popunders (which i'm assuming is because of the Banker.fat problem) Here is my log:
Banker.FAT: Data (File, nothing done)
C:\WINDOWS\SYSTEM32\cookie.dat
Banker.FAT: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Helper
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
--- Spybot - Search && Destroy version: 1.3 ---
2007-05-23 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-05-23 Includes\DialerC.sbi
2007-04-04 Includes\Hijackers.sbi
2007-05-23 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-05-23 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-05-16 Includes\Malware.sbi
2007-05-23 Includes\MalwareC.sbi
2003-04-28 Includes\plugin-ignore.ini
2007-03-21 Includes\PUPS.sbi
2007-05-23 Includes\PUPSC.sbi
2007-05-23 Includes\Revision.sbi
2007-05-24 Includes\Security.sbi
2007-05-23 Includes\SecurityC.sbi
2007-05-23 Includes\Spybots.sbi
2007-05-23 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi
2007-05-23 Includes\TrojansC.sbi
Any suggestions would help. Thanks!!!
Hello.
Unless your operating system is Win 95, please upgrade to Spybot-S&D version 1.4.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
i'm having the same problem--here's the report--:
--- Search result list ---
Banker.FAT: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Helper
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-13 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-13 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-13 Includes\DialerC.sbi (*)
2007-06-13 Includes\Hijackers.sbi (*)
2007-06-13 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-06-13 Includes\KeyloggersC.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-06-13 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-13 Includes\PUPSC.sbi (*)
2007-06-13 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-13 Includes\SecurityC.sbi (*)
2007-06-06 Includes\Spybots.sbi (*)
2007-06-13 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi (*)
2007-06-13 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 1...
then there's all the "Service (registry key)" stuff which i assume you don't need and which won't fit in a post anyway.
Last edited by MarkusPFrancisco; 2007-06-13 at 19:50. Reason: i made a mstake
Ok, re-try, I posted this log after more explicitly following the posting instructions in the sticky for this forum:
--- Search result list ---
Banker.FAT: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Helper
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-13 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-13 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-13 Includes\DialerC.sbi (*)
2007-06-13 Includes\Hijackers.sbi (*)
2007-06-13 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-06-13 Includes\KeyloggersC.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-06-13 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-13 Includes\PUPSC.sbi (*)
2007-06-13 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-13 Includes\SecurityC.sbi (*)
2007-06-06 Includes\Spybots.sbi (*)
2007-06-13 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi (*)
2007-06-13 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 1
--- Startup entries list ---
Located: HK_LM:Run, ADUserMon
command: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
file: C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
size: 147456
MD5: d6e82206798f57521805bbb46d79c3a8
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200c98c049de1a7638ea0edba1c8882
Located: HK_LM:Run, ccApp
command: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 50880
MD5: 0a0acc6852a00997987fdf8a914755a5
Located: HK_LM:Run, ccRegVfy
command: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
file: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
size: 34504
MD5: b3847ac31520a40d3ff96a9bfcc066c0
Located: HK_LM:Run, Deskup
command: C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
file:
Located: HK_LM:Run, Iomega Automatic Backup 1.0.1
command: C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
file: C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
size: 3014656
MD5: d0f49b4fd9605ef89b93cd1c44f06764
Located: HK_LM:Run, Iomega Drive Icons
command: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
file: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 86016
MD5: 8bb8b8d1150c344586c46752953c2da6
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 9216
MD5: 62dd404c8e46b76089a3d1fa6bd96739
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9c1c80bbf8e6044980890e2d2d91091c
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5
Located: HK_LM:Run, UninstalTime
command: chkdisk.exe
file: C:\WINDOWS\system32\chkdisk.exe
size: 25241
MD5: 1713142fd81971da1177cb371ec3b302
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414de7cf9d3f19c3ea902f1bb38ec116
Located: HK_CU:Run, RealPlayer
command: "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
file: C:\Program Files\Real\RealPlayer\realplay.exe
size: 995328
MD5: 55ed5fae663ffaf2785769af69e5ebf6
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{38847C4B-1AB1-4A47-9026-9A6CF7B43D31} (msdn_lib.msdn_hlp)
BHO name:
CLSID name: msdn_lib.msdn_hlp
Path: C:\WINDOWS\System32\
Long name: msdn_lib.dll
{581C9855-AEE4-4446-B759-907A2F6E0C17} (H)
BHO name:
CLSID name: H
Path: C:\WINDOWS\System32\
Long name: coq.dll
Short name:
Date (created): 6/13/2003 12:36:50 AM
Date (last access): 6/13/2007 1:23:30 PM
Date (last write): 6/13/2003 12:36:50 AM
Filesize: 42552
Attributes: archive
MD5: D10CD0CA7CFB066C255A92CFBBBE7D6D
CRC32: FDEE5674
Version: 0.1.0.1
--- ActiveX list ---
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} ()
DPF name:
CLSID name:
Installer:
Codebase: http://software-dl.real.com/0264963b...p/RdxIE601.cab
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 6/13/2007 1:23:32 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6
--- Process list ---
PID: 0 ( 0) [System]
PID: 436 ( 4) \SystemRoot\System32\smss.exe
PID: 492 ( 436) \??\C:\WINDOWS\system32\csrss.exe
PID: 516 ( 436) \??\C:\WINDOWS\system32\winlogon.exe
PID: 560 ( 516) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 572 ( 516) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 736 ( 560) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 788 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 936 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 952 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1220 (1196) C:\WINDOWS\Explorer.EXE
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 1240 ( 560) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 308936
MD5: BA2FEB4DE7146B972FFBFD5D48F3FC90
PID: 1560 ( 560) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1756 (1220) C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
size: 147456
MD5: D6E82206798F57521805BBB46D79C3A8
PID: 1768 (1220) C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 86016
MD5: 8BB8B8D1150C344586C46752953C2DA6
PID: 1808 (1220) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 50880
MD5: 0A0ACC6852A00997987FDF8A914755A5
PID: 1868 (1220) C:\WINDOWS\System32\chkdisk.exe
size: 25241
MD5: 1713142FD81971DA1177CB371EC3B302
PID: 1900 (1220) C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200C98C049DE1A7638EA0EDBA1C8882
PID: 1908 (1220) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C
PID: 1932 (1220) C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414DE7CF9D3F19C3EA902F1BB38EC116
PID: 2004 ( 560) C:\WINDOWS\System32\alg.exe
size: 41984
MD5: 497AEAD5ECEF9512F6B364977A5308EE
PID: 2020 ( 560) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 353280
MD5: 5F4ED1DBA7E1EAECBA443A53DA176485
PID: 160 (1220) C:\WINDOWS\System32\devldr32.exe
size: 24064
MD5: E96B10537EB5024273480554BFFFE23D
PID: 148 ( 560) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 232 ( 560) C:\PROGRA~1\Iomega\System32\AppServices.exe
size: 73728
MD5: 19EF7FB809D3073EE60F85464E9C4C51
PID: 252 ( 560) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 3A86FB5FDF6575568B5F1A694186E45E
PID: 372 ( 560) C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
size: 116336
MD5: C313B28853F53818B7AB4698FBB9E911
PID: 112 ( 560) C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
size: 135168
MD5: 4914A155F9B73317B14F94BBA4A79639
PID: 1156 ( 560) C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
size: 172065
MD5: 305365A42F7D38D8D10B233ECE1C84C6
PID: 1248 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1324 ( 560) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1388 ( 560) C:\Program Files\Iomega\AutoDisk\ADService.exe
size: 151552
MD5: B624180218BB196AD9869D5D6B454318
PID: 2436 ( 788) C:\WINDOWS\System32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 1040 (1220) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
size: 10577312
MD5: CF5FAAE47BD45081EBD2B4732A866B64
PID: 1200 (1220) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3648 ( 736) C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1E455B08870D4AC3BB6AB5968603E8AF
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/13/2007 2:59:17 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://login.passport.net/uilogin.srf?lc=1033&id=2
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---