Pwsteal.banker.b virus - how do I remove it?

Discussion in 'Trojan Defence Suite' started by volvo264, Jul 19, 2004.

Thread Status:
Not open for further replies.
  1. volvo264

    volvo264 Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    2
    Location:
    Cheshire, England
    Hello,



    Can someone tell me whether the tds software is capable of removing the pwsteal.banker.b virus (which steals sensitive financial information) .




    regards,



    volvo
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello volvo264, PWSTEAL is in TDS3's primary list although I do not know what other refs are included.
    Download the trial and then the latest radius file from here:
    http://tds.diamondcs.com.au/index.php?page=download
    Follow the instructions.
    Once rebooted and the latest radius file added to your TDS3 folder - In Scan control, tick all the boxes, double click "Scan all drives" this should now show in the right hand panel, click start scanning. Have a nice long drink as the scan is very deep and takes a while. :)

    HTH Pilli
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    PSW.Banker is a generic name for bank trojans, there are many variants under various names :( keeping track of trojans by name will never happen it seems ;)

    Can you send a copy of the file to submit@diamondcs.com.au ? it might be a new one

    You should use the tools we have available, ASViewer especially. Nearly all trojans can be found and removed just with ASViewer ! (excepting rootkits, browser helper objects and a few others)

    http://www.diamondcs.com.au/index.php?page=asviewer

    Run ASViewer, then turn on the options to show all autostarts by going to the menu and tick the 3 top options (or press F2 F3 F4 once each)
    Then SAVE and email the text file to me, at submit@diamondcs.com.au
    I will look for suspicious startups :) send the file if you can please
    Do not make any changes with ASViewer until advised
     
  4. volvo264

    volvo264 Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    2
    Location:
    Cheshire, England
    Thanks for the helpful replies above which are very reassuring. I feel a bit happier now.


    I will enact the suggestions later this afternoon.

    Many thanks for the feedback.
     
Thread Status:
Not open for further replies.