system
January 30, 2016, 8:34pm
1
Avast has found the virus Threat:VBS:Banker-EA [Trj] on my computer and after extensive searches and forums I can’t remove this on my own and need help. Avast keeps telling me it will delete after a reboot but after rebooting the virus is still there with an error message “Error:Access Denied (5)”
How can I get avast to delete the virus and all known infections of it?
Asyn
January 30, 2016, 8:35pm
2
Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0
system
January 30, 2016, 9:11pm
5
here is the aswMBR.txt
also sorry for the mutliple posts…just saw the add more attachments
You need to run FRST as administrator as that will show the correct data
system
January 30, 2016, 10:42pm
7
attached is the frst.txt run as administrator, is this what you need?
Pondus
January 31, 2016, 12:09am
8
Malware team is in bed now, check back tomorrow
Eddy
January 31, 2016, 12:16am
9
Addition.txt is still missing
What file is Avast reporting as infected ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2015-01-18 02:07 - 2014-03-25 20:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that