The malware comes from here: hxtp://classicomobile.com/shops/images/images/atual=iToken.php
Scanned against virustotal here: http://www.virustotal.com/url-scan/report.html?id=45c2bc4c591be6eb0f82c44bb4f51969-1300493926
Detection rate 13 /42 (31.0%): http://www.virustotal.com/file-scan/report.html?id=de7e311f1d0cf57b80cbb4baf07798e8587079d2a922f7dcc58d27e6380cb699-1300542572
W32SelfStarterInternetTrojan!Maximus
See: htxp://jsunpack.jeek.org/dec/go?report=98560bb42714e11e4e088ca4b2ffd9dd62b56b98
See malware download in malzilla attached:
Also see wepawet scan: http://wepawet.iseclab.org/view.php?hash=45c2bc4c591be6eb0f82c44bb4f51969&t=1300546154&type=js
Anubis report: http://anubis.iseclab.org/?action=result&task_id=1973aa51309f28124550db73888d67c74
detected is Trojan.Banker.Itau (Sig-Id:1468303), source: Ikarus
polonus
system
3
Polonus, can you help me?
I am having trouble with the Itau Bank virus. I like in Brazil and my computer was infected a few days ago.
Thank you!
Hi download DrWebCureIT to your desktop, do a full scan and report here what it found, download from here:
https://www.freedrweb.com/download+cureit+free/?lng=en
polonus
Hi zinck,
Missed your new topic started, so you are in good hands there,
polonus
system
6
I did as you suggested and downloaded Dr. Web. I ran the scan and it found nothing.
However I know I still have a problem. I still cannot access my bank. And Avast keeps giving me warnings.
Is there a way to remove this manually?
Thank you again for your help!
Larry