Trojan.Downloader.Banload.5506

Clamwin was the only antivirus program to pick this up, but it has no removal utility. I have disabled System Restore, deleted Restore folder, enabled System Restore, rebooted in Safe Mode, ran Avast, SpyBot, Clamwin and still, only Clamwin detects. What to do next???

Here is some info. I gathered:

Submission notes: Already detected as Trojan.Downloader.Banload-5506
Added: No
Virus name alias: Trojan.MulDrop.323 (Drweb), Trojan.Muldrop.323 (Bitdefender)

Please advise! Thanks.
Joyce

Hi joyuss1,

Other Files Created

35257a2ccabc479cc9f6c???94d80f8e.exe

4a6c939???a61b2aff5f7711cd48fa61.exe

6f1ba610e700f57b???40ab7cd572f10.exe

819edb5e10995af5cf???9f59bc7d524.exe

a57a170a68f4987???ac61503748100a.exe

ac1faa4???ad2ff9c534b2bf23e0fa27.exe

c7519c5256c6a18d2???5b5b41527dd0.exe

c75fd88175b9754322255944be???baa.exe

d8b9b33fa0a???d4998de98edc7a9a14.exe

e586a213bf582426187695db9110???7.exe

e598d44b259???303ba740fc82de2519.exe

Note: Md5Hash is shown for some files instead of file name as they are created with random name on the user’s pc.

These are the registry entries which are created or modified when Trojan-Downloader.Banload.uk is resident in your system.

Run a free DrWebCureIt scan now to check if your system is infected.

Registry entries created or modified
S. NO 1

Registry Key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run

Value Name

aprox

Value Data

%SYSTEMDRIVE%\aprox.exe

polonus

If specific help of Polonus failed, I suggest:

  1. Disable System Restore and then reenable it again.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.