 Banker Trojan (unsrvc.exe), How to remove properly? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT post a ComboFix log unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 19 2008, 03:54 PM
Post
#16
|
|
 Forum Addict  Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052  |
On the Desktop, right-click My Computer, then click Properties. Click the System Restore tab near the top of the window. Check Turn off System Restore, click Apply, and then click OK. More information on how to disable your system restore can be found here. We want to create a new, clean restore point. Please first reboot your computer. On the Desktop, right-click My Computer, then click Properties. Click the System Restore tab near the top of the window. Uncheck "Turn off System Restore", click Apply, and then click OK. Click Start | All Programs | Accessories | System Tools, and select System Restore. In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button. Type a description for your new restore point - Something like "After trojan/spyware cleanup". Click Create, and after it has created the restore point, click "Close". Further instructions on creating a restore point can be found here You can now delete all of the tools we have been using to get you cleaned up. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.   |
 |
 
|
|
Jan 20 2008, 09:02 AM
Post
#17
|
|
|
Forum Regular Group: Members Posts: 185 Joined: 5-May 06 Member No.: 66,788 |
Regarding the laptop: System Restore reset now. (Ran an additional scan with Kaspersky, following to that, just to double check, and it came all clean.) I've so now as well deleted all tools we used, along with the related folders and respective contents. Also, I've deleted all quarantine backups that had been made along the cleaning process, namely Avast's and AVG Anti-Spyware's.
Just really wondering about those 2 entries in HJT's log, as mentioned in my previous post: QUOTE(DeLuk @ Jan 18 2008, 02:06 PM)  (Out of the infection "realm", only wondering, still, about the line O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing). Seen that no iPod program is currently no longer installed on the computer, could/should this line be set to be fixed then? Also, the line O4 - HKLM\..\Run: [PelSetupRun] E:\setup.exe, I had actually been told already on a previous occasion that this entry might be fixed as well. I only just hadn't done so by then cos by then I didn't have the laptop back with me anytime again. Seen, though, that I have the chance to do it now, I'd only ask you to please confirm, whether also this line may be set to be fixed now? Note that E:\ is the DVD drive.) Could/should these be fixed at all, or?... I'd most appreciate your advice/confirmation. And then, so I'm wondering what to do next, back about the PC stuck in that login/logoff loop?... (Would you recommend that I'd go for any of those solution options as referred in my initiall post? Solution 2? 4? 1? 3? Or would you actually recommend yet any other alternative procedure?) I'd truly very much appreciate your guidance with regards to this matter. (Or should I actually request for guidance regarding this particular issue in any other eventually most appropriate section of the forum, or?... Please do advise.) Thanks again, for all and any help concerning this case. |
|
|
|
|
Jan 22 2008, 12:20 PM
Post
#18
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
To be completely honest, fix the two entries you mentioned is entirely up to you, they are doing no harm at the moment. I like to take the view of "if it's not broken, don't fix it," this is the reason I didn't request you to fix them, but like I said, you can if you want to.
With regards to your other computer, I think that it would be best to firstly post the login issue in our Windows XP Forum, I'm not really an expert in that kind of field so the help you receive there will be much better. Once that has been solved and the computer is operable, start a new topic in this forum and someone - possibly myself - will help you to clean it up. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Jan 23 2008, 02:01 PM
Post
#19
|
|
|
Forum Regular Group: Members Posts: 185 Joined: 5-May 06 Member No.: 66,788 |
Ok, will leave the decision to the laptop's owner then, whether to fix those two entries or not. Thanks for the confirmation nonetheless. And thanks, overall, for all help, getting the laptop cleaned.
As for our home PC, certainly, I will then rather post for help concerning the login/logoff loop issue in the Windows XP Forum. (Would I have known earlier and I would have done so at once already.  ) And certainly, as soon as that is solved and the computer is functional again, will so continue back here, to rid of any remainder of the trojan infection, yes of course. (Perhaps it is even best to just re-open this topic by then, instead of starting another one, in order to, so to speak, "keep the whole process sequence in chain", no?... Or?...)Thank you greatly, once more, Charles, for your time and assistance. P.S. I'm adding here the link to my post in the Windows XP Forum just in case it may be of help to any other user reading this topic in the future. This post has been edited by DeLuk: Jan 24 2008, 07:34 AM |
|
|
|
|
Feb 10 2008, 11:24 AM
Post
#20
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Link to other topic: http://www.bleepingcomputer.com/forums/topic129256.html
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 16th March 2010 - 08:43 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.