A few days ago I opened an email from a friend. It said click to open pictures but then I led me to an .exe file. Avast said I had the virus JS:Banker-l [Trj]

Today when I went to access my online bank I found out that this virus has changed that. Now I’m afraid they will get my bank information. But I changed my password there with my laptop.

Today Avast caught another virus: Win32:Trojan-gen

Avast knows the problems are there but somehow cannot remove them.

Today I tried System Restore to a point before this all started but that did not help either.

I feel stupid for having clicked on that link but it said it was a jpg file. It took me by surprise. Now it looks like I will have to reformat my machine.

Does anyone know how to remove this virus manually? Or is that impossible?

Thank you,
Larry

check your computer for malware with this

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update before you scan so you have the latest database
click on the remove selected button to quarantine anything found

post the scan log here

Thank you Pondus for the reply.

I will post the log below. It shows NO infections. However while scanning with Malewarebytes, AVAST added four more items to my Virus Chest. The original location was in C\System Volume Information_restore
The names are A0016534.exe; A0017160.exe; A0017161.exe; A0017162.exe

So I know I have a problem even though Malewarebytes did not fix it.
I just tried to access my Itau Bank account and again it is not working correctly, the virus is still active.

So I do not know what can be done to fix this problem. Thank you again for helping me!!!

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6341

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/04/2011 14:30:28
mbam-log-2011-04-12 (14-30-28).txt

Scan type: Full scan (C:|)
Objects scanned: 362827
Time elapsed: 3 hour(s), 14 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

C\System Volume Information\_restore

Turn off system restore, reboot and turn it on again
http://www.bleepingcomputer.com/tutorials/tutorial56.html

when you have done the above, you can have Essexboy check if he can see anything wrong

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the log here in this topic and not in the guide )

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log )

Essexboy will look at the logs when he arrive here…

I will have to reply later. I have to leave now. Thank you!!!

I just ran the Avast full system scan and it says NO threat. I cannot see any way to send you the log.

Now I just went to my bank site and it appears to be okay. But how did it get fixed? Nothing showed fixing a virus or removing a trojan. I am confused.

Well while Malware Bytes was running you did say Avast! found 4 items correct?
One of those four items could have been your problem, and it seems that when malware bytes was running Avast! scanned along with it and found four infections.

Well while Malware Bytes was running you did say Avast! found 4 items correct? One of those four items could have been your problem, and it seems that when malware bytes was running Avast! scanned along with it and found four infections.

Yes, but yesterday after AVAST found those four items I was still having trouble with the bank site. Yet when I tried it today it APPEARS to be okay. I’m still a little bit afraid of it.
When the bank site works normally my name appears on the screen after I type in my account number. With the virus my name had stopped appearing. Today when I put in my account number my name came up like old times.

I just ran the OTS program that essexboy suggests running in his 2010 post on cleaning malware.

I will attempt to attach the log to this reply.

I want to thank everyone who has joined in to help me with this. I’m am very grateful!!

Glad to have found this board and appreciate the friendly spirit!

Well I am unable to attach the OTS log as it is 491kb. So now what?

I divided the OTS log into 4 documents to see if I can send them here.

Here is the second part. I had to divide it even smaller.

Third part of OTS log.

Fourth part of OTS log.

Fifth and final part of OTS log.

Hi zinck,

I don’t read these logs, but for the one that does…

It seems as though the log is saved as unicode, which jumbles up the text. It needs to be saved in ANSI
Image here: http://forum.avast.com/index.php?topic=65104.msg554427#msg554427

I think this should also bring the filesize down…

Scott

Thank you, Scott. That helps! Now it fit in two files. (The 200kb limit seems to be rather low.)

I’m attaching the first file in ANSI.

Here is the second and final part of the OTS log in ANSI.

Thanks again!!

Have you recently re-installed windows ?

I would like to run Combofix - I do not feel it will find anything but it is better safe than sorry

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Yes, I reinstalled Windows just a few weeks ago. That’s what makes this so frustrating. It takes a while to get everything reinstalled and then I go and get another virus. That’s why I hope I can solve this without the need to reinstall Windows again.

Essexboy, I will download the program you suggested and follow your instructions. Thanks!

I got ComboFix and tried to run it. I disabled AVAST for 10 minutes.

But I still got a message from Combofix saying it cannot run with AVG is installed. (But I do NOT have AVG on my machine.)

I have the windows firewall and installed Malewarebytes. I don’t know what might be causing the problem.

Combofix says to uninstall AVG first but I have never had it since reinstalling windows a few weeks back. I decided to use AVAST instead.

Any suggestions?

Thank you!
Larry