Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Pictures.exe Continually Recreated ?virus Worm Trojan Psw.banker4.xlp


  • Please log in to reply
4 replies to this topic

#1 jonjof

jonjof

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 13 July 2008 - 06:38 AM

Kindly help!

I have searched the forums and many others forums and seem to be against a blank wall.

I have run many different spyware scanner and virus scanner my system seems free of spyware.

But I have a specific file which shows up as a virus by AVG 7.5 network version.
The reported virus is "PSW.BAnker4.XLP"
The file shows a My Pictures.exe and resides on a local data drive on my SBS 2003 server.

I am able to SH-Delete the file, but within second sit reappears.
I have also deleted under Safe Mode, but immediately it reappears. So it Is does not seem a network issue that it is being recreated.

I have also tried running SDFix under safe mode, but somehow cannot get this to run.
Running "Runthis.bat""SDFix does open the Command window under regular mode, and I get the various menus, and I did enter all the path fixes as explained in the tutorial.
But when I run "Runthis.bat" under safe mode, the Command window just pops up shortly and then disappears.
I have logged on with same user name ADMIN etc and aslo rebooted into Safe Mode, but no luck.

Does anyone have an answer on this issue!!. And perhaps also advise me why I cannot get SDFix to run??
Many thanks

JJ

Edited by garmanma, 13 July 2008 - 08:46 AM.
moved to appropiate forum-mark


BC AdBot (Login to Remove)

 


m

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:04:37 PM

Posted 13 July 2008 - 08:48 AM

Moving to Am I Infected?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:37 PM

Posted 13 July 2008 - 11:10 AM

SDFix will NOT run on Windows 2003 Server or Vista.

Please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "Safe Mode".
-- Post the log in your next reply and let me know how your computer is running.

Perform an Online Virus Scan like BitDefender.
(These require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 jonjof

jonjof
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 14 July 2008 - 04:02 AM

Thank you for your quick response on teh Dr Web Curit.
I later did a check on other computers on my network, and DID find one was infected by a Bancos type worm/virus.
This computer was generating the My Pictures.exe file via a network share.
I still can't explain how the file was being generated while I was in safe mode, but I do not detected any malware on the server.
As soon as I disinfected the Client, the problem stopped.

Thanks

JJ

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:37 PM

Posted 14 July 2008 - 11:37 AM

Good job. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users