Avast moved Win32:Banker-BHS [Trj] to the chest during my morning boot time scan today. Thank you.
Mine is the only machine in the office affected. Is it safe for me to access my bank online now? Should I delete my restore points and start over?
How does this Trojan generally get into a machine?
Avast: would you like me to email it to you? It resided in:
C:\ system volume information_restore{DFC2681-5971-4EDD-8DEO-3A7F799D8CA5}RP399
C:\ Program Files\ Blaze Media Pro
C:\ Docs and Sets\all users\app data{CFE49F60…
Thanks for responding. Yes, maybe I should wait more than one day, however, the company that I work for would fail if we waited more than one day to respond to our clients. That is why I made the comment. I guess I shouldn’t judge other companies by the expectations of our clients, but the issue was serious enough to affect business and so the boss wanted some action and was unhappy that the entire business day went by without any answers from me. Also, the last time we had an issue I received great service from avast only after I made a snide comment on the forum. Unfortunately oftentimes it’s the squeeky wheel that gets the grease.
re: not yet. when?
re: run a boot time scan. Yes, that is how avast intercepted Banker. I run a boot time scan on all the office machines every morning at 6 before anyone comes in.
re: google it. yes i have but not much there as to point of entry and i am reticent to click on some of the results.
re: send it. will do. thank you.
Welcome to the Forum
Maybe you should wait more then one day :o
Can you larify what you are saying ?
What files where infected ?
What actions did you take ?
What is you Operating Systam ?
re: welcome. thank you. i was here some months ago but i am not a prodigious poster so i understand your sentiment although i’m not certain that is wholehearted considering the next comment in the post.
re: “larification.” can you be more specific? maybe i was too succinct.
re: what files. please see first post.
re: what actions. none; have been waiting for a reply. i really need to go to our online banking site asap. i have just left the files in the chest. i ran another boot time scan and it has not reappeared.
XP Pro SP2. Auto updates. Windows Defender and a router on the T1 line.
I’m glad this thread was posted. I use the Home Edition of Avast. I had this same virus show up two days ago on a full system scan. Four instances of the virus were found. Two in app data, one in the system restore volume, and one infecting bmp.exe (Blaze Media Pro). Sounds just like jonthepain’s posting. Because of the type of Trojan, I became quickly concerned. Thinking the virus was new in the last two days, I did a system restore from 9 November 2006 using Acronis. I re-scanned and Avast again found the infected files in the same locations. I am also a licensed Ewido user, now AVG Anti-spyware. Ewido could not find the infection. I’m wondering if this is just not a false positive. If not, then it must be lag in the signature updates. This virus is not new, but the variant might be. I have already deleted the files and repaired the damage. I am most interested in the outcome. Thank you.
Yes that is a good suggestion. Can you recommend one?
Thank you.
Jon
I'm glad this thread was posted.
my pleasure. sort of. :-\
p.s. I would recommend upgrading to avast pro. great product. I have switched most of my business associates, friends and family to avast and firefox, which i dont do lightly because i am the first to hear it when any tech issues come up.
I know what you mean by “my pleasure, sort of”. After I did the system restore and the virus was found again, I started thinking about all the on line transactions I completed in the last five weeks. It couldn’t be some other virus Avast found, it had to be a keylogger Trojan. A lot of damage can occur in five weeks. Maybe tech support will find it was just a false positive. I run Ewido resident as a backup so I thought it would have caught anything Avast missed. Wrong! According to AVG tech support, Avast blocks access to the files so ewido reports them as clean. AVG’s recommendation was to disable Avast and then do the scan. If AVG tech support is correct and I have to disable Avast for ewido to work, ewido is really doing nothing for me. So much for compatibility. I use Opera as my primary browser and IE only when I have to.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner This multi-engine scanner is I believe better than Jotti for the following reasons, 1) it uses the windows version of avast (what you are using), 2) it has far more AV scanners to check against 29 at this time.