Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Bancos


  • Please log in to reply
3 replies to this topic

#1 j in rio

j in rio

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 30 September 2006 - 09:17 PM

FYI: this thing is nasty. My computer was infected with the Trojan bancos virus. It key-logged my online bank account info and the SOB's successfully got into my bank account.

It seems to be hiding itself in the imgpaint.exe file in my system32 registry (XP), and I have tried to get rid of it with Avast, Ad-aware, Spybot, F-secure, and Windows defender. Only Avast found it, on a deep scan, but can't seem to delete it. If anybody knows, my questions are:

1) Is imgpaint.exe a valid windows process or program? Or can I just zap it with killbox?

2) Will killbox get rid of the whole thing?

3) Is anybody aware of how this thing gets into my registry, and what programs to prevent it in the future?

4) Any other places where this thing might be hiding?

Thanks,

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:44 PM

Posted 01 October 2006 - 06:07 AM

Hello j in rio

Try performing your scans in "SAFE MODE".

If your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".
Be sure to print out the Ewido Install and Scan Instructions.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately. They should be changed by using a different computer and not the infected one. Banking and credit card institutions should be notified of the possible security breech. Because your computer was compromised please read How to report ID theft, fraud, drive-by installs, hijacking and malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 j in rio

j in rio
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 01 October 2006 - 03:00 PM

Thanks for the advice Ewido caught it on the deep scan in safe mode.

As for the reporting issue, if only there was somebody to report it to in this country. I read somewhere that Brazil has a huge internet fraud problem, and living here for only 3 months I am now a victim. The banks suffer huge losses from this sort of problem, and there doesn't seem to be any government entity that actually tracks these things or does anything about it.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:44 PM

Posted 02 October 2006 - 06:12 AM

Your welcome.

At least report the matter to your local bank. They may have more information on filing a report with the government or some other agency.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users