Pwsteal.banker.b virus - how do I remove it?

Discussion in 'Trojan Defence Suite' started by volvo264, Jul 19, 2004.

Thread Status:
Not open for further replies.
  1. volvo264

    volvo264 Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    2
    Location:
    Cheshire, England
    Hello,



    Can someone tell me whether the tds software is capable of removing the pwsteal.banker.b virus (which steals sensitive financial information) .




    regards,



    volvo
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello volvo264, PWSTEAL is in TDS3's primary list although I do not know what other refs are included.
    Download the trial and then the latest radius file from here:
    http://tds.diamondcs.com.au/index.php?page=download
    Follow the instructions.
    Once rebooted and the latest radius file added to your TDS3 folder - In Scan control, tick all the boxes, double click "Scan all drives" this should now show in the right hand panel, click start scanning. Have a nice long drink as the scan is very deep and takes a while. :)

    HTH Pilli
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    PSW.Banker is a generic name for bank trojans, there are many variants under various names :( keeping track of trojans by name will never happen it seems ;)

    Can you send a copy of the file to submit@diamondcs.com.au ? it might be a new one

    You should use the tools we have available, ASViewer especially. Nearly all trojans can be found and removed just with ASViewer ! (excepting rootkits, browser helper objects and a few others)

    http://www.diamondcs.com.au/index.php?page=asviewer

    Run ASViewer, then turn on the options to show all autostarts by going to the menu and tick the 3 top options (or press F2 F3 F4 once each)
    Then SAVE and email the text file to me, at submit@diamondcs.com.au
    I will look for suspicious startups :) send the file if you can please
    Do not make any changes with ASViewer until advised
     
  4. volvo264

    volvo264 Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    2
    Location:
    Cheshire, England
    Thanks for the helpful replies above which are very reassuring. I feel a bit happier now.


    I will enact the suggestions later this afternoon.

    Many thanks for the feedback.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.