I would strongly recommend not logging into your banking information on the suspected infected computer until your confident of its cleanliness. Log on using an alternate computer or use telephone banking. Better to be safe, than sorry.
until your confident of its cleanliness.
And how can I be sure? That’s the question.
Essexboy with notify you, combofix will not run with avg running you said?
Uninstall AVG, you should only ever have one Anti-virus program installed in your computer as they will conflict with each other.
Control panel/ add remove programs and uninstall it, the site below will direct you to avg’s site for there removal tool. Tell me how uninstalling goes
http://www.avg.com/us-en/download-tools
I do NOT have AVG on this machine. I had it a few months ago before I reformatted. Now my only anti-virus program is AVAST. I can’t understand why combofix gave me that message.
Have you tried it since that message? Might as well disable Avast until restart when you decide to retry combo fix, make sure you run as administer.
Run the AVG removal tool as there will be a fair few drivers left from AVG that a normal uninstal does not get
I do not have the AVG removal tool.
I have not had AVG on this machine since my most recent installation of Windows XP.
Did you overinstall over the old version or did you backup any documents and settings profiles
Download and run the tool - it will only take a few minutes and then combofix will run
http://www.avg.com/us-en/download-tools
I am running Windows XP Home Version 5.1 Service Pack 3.
I did a total install, I saved my documents on an external HD. I did NOT do a reinstall or overinstall. I started from scratch.
I will attach the log from the AVG uninstall. I got the 32 bit remover.
However the combo fix still says I have AVG on my machine. I can’t imagine why!
Nor can I - so lets try a different tool to look at the system - but as I say I do not feel that there is any malware left
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users[i]your name[/i]\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
http://i1224.photobucket.com/albums/ee362/Essexboy3/avpmanual.jpg
essexboy,
Thank you for your continued help. This time everything went well until I tried attaching a zip file to this post. It says zips are not permitted.
Now what?
I have bad news.
I just went to my bank site to see if it is working properly and saw that the virus is still there. My name does not show up when I log in. That’s how I knew I had this Trojan banker in the first place. So now I know that it is still there. What a mess!!!
Hate to have friends like you who send me viruses. Try running a scan with Hitman Pro. be sure to empty all your cookies,cache and temp files also. Does this happen only on IE or Firefox also?
I have been accessing my Itau bank site with Firefox. It appeared to have been fixed a few days ago but it is certainly infected again today.
Just for good measure I did a full scan with AVAST once again and it still did NOT find anything. I also ran Malwarebytes and it also said zero infected objects. I don’t understand how these trojan viruses can slip past everything.
You might have a rootkit calling home which downloads the malware to your pc.
You might have a rootkit calling home which downloads the malware to your pc.
What is a “rootkit calling home”? How can I fix it?
Download Hitman Pro which I provide a link to. See what it finds other then cookies. Download TDDSkiller and Gmer also.
http://support.kaspersky.com/viruses/solutions?qid=208280684
upload to Mediafire and post the sharing link.
http://www.mediafire.com/file/bfnhsaccst7aekr/avptool_sysinfo.zip
Here it is Essexboy. Once again, thanks for the help! I guess you saw where I said that the Itau bank trojan is still at work on my machine.
Do you suggest running the Hitman, TDDSkiller and Gmer programs as well?
Thank you!
Yes do those things please.