VBS BANKER EA TRJ

Avast has found the virus Threat:VBS:Banker-EA [Trj] on my computer and after extensive searches and forums I can’t remove this on my own and need help. Avast keeps telling me it will delete after a reboot but after rebooting the virus is still there with an error message “Error:Access Denied (5)”

How can I get avast to delete the virus and all known infections of it?

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

This is the mbam

this is the frst.txt

here is the aswMBR.txt

also sorry for the mutliple posts…just saw the add more attachments

You need to run FRST as administrator as that will show the correct data

attached is the frst.txt run as administrator, is this what you need?

Malware team is in bed now, check back tomorrow :wink:

Addition.txt is still missing

What file is Avast reporting as infected ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: 2015-01-18 02:07 - 2014-03-25 20:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that