2 Replies Latest reply on Jan 8, 2010 8:52 AM by dmeier

    How access Internet when Banker Fox won't let me out to download repair program?

      I tried to go online and download the XP siri.geekstogo.com/SmitfraudFix.php but Banker Fox blocks access to Internet.  Started in safe mode networking and blocked again.  In Safemode I opened McAfee for quick and full scan and no trojan discovery/fix.  Why isn't McAfee picking this up?

       

      Can I stop the Banker Fox program from running by start run msconfig and stopping it?  How do I stop it?

       

      Thanks, Al

        • 1. Re: How access Internet when Banker Fox won't let me out to download repair program?
          dmeier

          Taken from another post, the combination of these three tools, should clean you up.  You'll likely have to download these tools to a CD/flash drive, and copy to the infected system.

           

          "SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php
          Malwarebyte's Anti-Malware: http://www.malwarebytes.org/mbam.php
          SUPERAntiSpyware FREE: http://www.superantispyware.com/superantispywarefreevspro.html "

           

          A longer thread, that might have more details about the last two programs above:

           

          "

          Please try the steps below:

           

          Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

           

          First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
          There are 4 different versions. If one of them won't run then try to run the other one. Try running them in Safe Mode if "normal" Windows doesn't get it done..
          Vista and Win7 users need to right click and choose Run as Admin
          You only need to get one of them to run, not all of them.

           

          Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
          Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
          Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
          Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
          _____________________

           

          IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

           

          Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

           

          Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
          http://www.besttechie.net/tools/mbam-setup.exe

           

          Malwarebytes Manual Updater link
          http://www.malwarebytes.org/mbam/database/mbam-rules.exe

           

          Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

           

          SuperAntispyware
          http://www.superantispyware.com/

           

          SuperAntispyware Manual Updater
          http://www.superantispyware.com/definitions.html
          ____________

           

          In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
          _____________________

           

          And because this particular variant tends to tinker with your internet settings, open "Control Panel/Internet Options", then click on the "Connections tab/LAN Settings button and UNCHECK the box next to "Use proxy server for your LAN". Perform this step in Safe Mode."

           

          Thanks Grif :-D

          • 2. Re: How access Internet when Banker Fox won't let me out to download repair program?
            dmeier

            Hello Al, I got your voicemail.  While I'm glad you have your system running properly, You've peaked my curiosity as to what the removal service did, that was so different than what I proposed.

             

            The tools I mentioned, don't only go after viruses, in fact they primarily go after adware types of programs, which Banker.fox is a variant.

             

            I'm not sure if we really know if the tools I proposed would have helped or not, since you didn't try them.  BUT, again, I'm glad you went with the paid service, and I'm glad it only took an hour, and I'm especially pleased that your computer is up and running again.

             

            Just remember, forums such as this, are to help nudge you into the right direction. Should you ever have an urgent issue, it should most certainly be taken up with McAfee support, and properly handled.

             

            Thanks for the feedback as well.

             

            - David