Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bankers? Experts Please Help


  • Please log in to reply
3 replies to this topic

#1 xxxshiftxxx

xxxshiftxxx

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 01 July 2008 - 04:57 AM

long story short: wife got email from a cousin in brazil, had a attachment she opened.... when i then started my computer there were two task running in the task manager: mx.exe and mxsystem.exe I thought this was odd so I found the files were in my system 32 folder...

note: system is XP Pro. and live update is not working either....

I have McAfee, Spybot S&D, Comodo, and spyware blaster... none of these are picking up these two files on a scan...

ran the files at Vir Scan.org and this is what i came up with...

mxsystem.exe

Trojan.Spy.Banker.DS
TR/Spy.Banker.DS.655872
Win32:Trojan-gen {Other}
SHeur.BRHN
Troj.Spy.W32.Banker.ciy
Generic.Banker.OT



mx.exe

Win32:Spyware-gen [Trj]
SHeur.BSOL
Trojan-Banker.Win32.Bancos.byf [AVP]
Trojan-Banker.Win32.Bancos.byf
Trojan-Banker.Win32.Bancos.byf


someone please help!!!

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:51 AM

Posted 01 July 2008 - 09:25 AM

The banker trojan is hidden by a powerful rootkit, but then again a lot of newer malware is too

The real problem is this trojan was designed to specifically steal passwords and confidental financial information

http://www.bleepingcomputer.com/forums/ind...st&p=866604

this should be your first concern

If yopu choose to try and clean the computer run MBAM

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062
Chewy

No. Try not. Do... or do not. There is no try.

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:51 AM

Posted 01 July 2008 - 09:39 AM

Google shows this as a brand new variant out of Brazil,



http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Chewy

No. Try not. Do... or do not. There is no try.

#4 xxxshiftxxx

xxxshiftxxx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 01 July 2008 - 05:00 PM

Thanks for the info. I have changed all my logon info for finances on my other "non infected comp".. I have decided to reformat and re install XP.

after this reformat... what are some good protection devices??

Should I re install Spybot S&D and Spyware blaster? or do you recommend some otherS?

I was using Comodo for my firewall, is that ok? or is the Firewall from McAffee good enough??

what other utilities might i need to help detect anything in the future... I will do more in the future to prevent this...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users