HijackThis Log - after Win32:Banker-EPP[Trj] detected and moved to virus chest

Hi,

A few days ago, Avast detected the Banker trojan on my laptop - here is the original post:

http://forum.avast.com/index.php?topic=37046.msg310252#msg310252

All the latest scans don’t detect anything, so I’m hoping my system is fully clean now. I have attached a HijackThis log, as part of Deckard’s System Scanner Log. Could you please help me to check this?

Thanks - Peter

To be sure you’re clean, I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

Hi Tech,

I am carrying out the tasks as instructed, but step 6 states: “Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.”

That’s why I have attached the log.

The log looks OK.

Your Sun Java application is one version behind. Scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.

Thanks very much FreewheelinFrank. It’s good to hear that :slight_smile:

I will update Sun Java so. By the way, last time I ran Secunia it keeps picking up old versions of Sun Java on my machine, even though they do not show in Control Panel Add/Remove Program list. I have posted this here before in the following thread: http://forum.avast.com/index.php?topic=36177.msg304290#msg304290.

Even though I have uninstalled all old versions, Sun doesn’t remove all the old files & folders automatically. Should I just manually delete the old version folders/files in C:\Program Files\Java?

It should be OK to delete the old files and folders if there are no corresponding Java applications installed.

Thanks FreewheelinFrank. I’ll go ahead and do that so.

Cheers - Peter

JavaRa removes old Java versions.
http://fileforum.betanews.com/detail/JavaRa/1207335071/1

Thanks Tech, but even this new version of JavaRa doesn’t remove all the old version Java files on my system. I found the best thing to do is use Revo Uninstaller. This gets rid of most old files and all the registry entries, but still leaves behind the main C:\Program Files\Java\jdk1.6.0_06 folder - so I just deleted this folder manually and now Secunia says everything is up-to-date.

Thanks for your help guys :slight_smile:

Indeed, I was forgetting Revo Uninstaller… very good tool indeed.