8 Replies Latest reply on Feb 15, 2010 5:38 PM by Danii

    bankerfox.a in only one user id in vista 32

    Danii

      Hi Folks,

       

      I have McAfee through Comcast and it has worked great for over a year. Yesterday Feb 9th I got the bankerfox.a malware with the pop

      ups for the fake Spyware Protect. Its really nasty.

       

      NOTE: There are four user ID's on this computer and this bankerfox thing is only on one of them. The other three including the admin user ID work fine.

      I haven't opened the infected ID after I found out what it was that was doing this.

       

      Is this odd for the other three to be working fine?

       

      In any case I need to get rid of this. I searched here for bankerfox and tried to download the fixes but it said access denied (by McAfee on my system), when I comanded McAfee to trust the fix program it  said denied access on the program itself (smitfraud.exe)

       

      I'm ok but not great with tech stuff. Can anyone help guide me to a current up to date fix for this that someone other than an IT head can use??

       

      Can it indeed be fixed from another user ID on the same computer, as when opening the infected user ID bankerfox closes all programs.

       

      I'm worried about what program  to trust to download as well.

       

      Many Thanks for input

        • 1. Re: bankerfox.a in only one user id in vista 32
          Peter M

          If this is an XP or Windows 2000 machine use this tool: SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php

          If any other operating system then use the free version of this tool, update it before running and let it remove everything it finds and reboot immediately if asked to.
          Malwarebyte's  Anti-Malware: http://www.malwarebytes.org/mbam.php

           

          Infections can spread from one user to another but tools such as these will clean the entire machine, not just that user.

           

           

          Message was edited by: Ex_Brit on 10/02/10 5:11:43 EST PM
          • 2. Re: bankerfox.a in only one user id in vista 32
            dmeier

            We should really run the FakeAlert stinger first.

             

            Download it here: http://community.mcafee.com/message/110862#110862

             

            And when you run it, go to "Preferences" and change the "On Virus Detection" section to "Report only". (this is just on the first run, to make sure we don't detect any system files)

             

            Then set the "Heuristic network check for suspicious files", to "VeryHigh".

             

            Let that scan the entire system, and let's see what is detected.

             

            Please post back to us, and we'll take it from there.

             

            - David

            1 of 1 people found this helpful
            • 3. Re: bankerfox.a in only one user id in vista 32
              Danii

              Hi David, I did as you said for "report only" and "very high" and it came up with 8 Artemis! trojans from the total scan.

               

              they are listed on the scan as as...

               

              Artemis!2E6B15A8F687 trojan

              Artemis!AFDE1883C8E4 trojan

              Artemis!6B85B2FF78FE trojan

              Artemis!8D3F1E06ED90 trojan

              Artemis!0D83C87A801A trojan

              Artemis!0D83C87A801A trojan

              Artemis!1D1247CE196B trojan

              Artemis!0D83C87A801A trojan

               

              In that order, some are the same in different places I guess.

               

              Please Advise, Thanks Very Much

              • 4. Re: bankerfox.a in only one user id in vista 32
                Danii

                Just wanted to say that about 4 hours after I ran the scan as advised..... my admin user id now has pop ups for false vista internet security

                so I stared running the scan again and saw other trojans so I just stopped it and I'll now log off my computer and disconnect my modem

                until tommorow. I will check back and see if there is anything I can do.

                 

                My McAfee is saying I'm protected and is up to date.

                 

                When this all started yesterday I ran a full scan and it said no threats.

                 

                Please help.

                • 5. Re: bankerfox.a in only one user id in vista 32

                  Please try the steps below:

                   

                  Download ALL of the tools below on a friend or family member's, CLEAN  computer and copy them to a CD or flash drive, then transfer them to the  problem machine. (Yes, it's OK to download and run them on the  "problem" machine but many times, the virus/malware will prevent such  from happening, therefore, you may need to use a separate, clean  computer to download the files..)

                   

                  First, please download and run  the following tool to help allow the removal programs below to run.  (courtesy of Grinler at BleepingComputer.com)
                  There are 4 different  versions. If one of them won't run then try to run the other one.
                  Vista  and Win7 users need to right click and choose Run as Admin
                  You only  need to get one of them to run, not all of them.

                   

                  Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
                  Rkill.com  http://download.bleepingcomputer.com/grinler/rkill.com
                  Rkill.scr  http://download.bleepingcomputer.com/grinler/rkill.scr
                  Rkill.pif  http://download.bleepingcomputer.com/grinler/rkill.pif
                  _____________________

                   

                  IMMEDIATELY  after running the "Rkill" tool above, run/install the Malwarebytes and  SuperAntispyware installer and update files from the links below which  you've also copied to a CD or flash drive, and transfered to the problem  machine. Do NOT restart the computer after running Rkill.

                   

                  Once  downloaded and before transferring Malwarebytes and SuperAntispyware to  the problem machine, rename the program installer "mbam-setup.exe" file  to something else like "Gogetum.exe", then copy the installer file and  the update file to a CD or flash drive.. Transfer the file to the  problem machine, then install the "Gogetum.exe" file, then run the  update to get the program current.. After that, run a full system scan  and delete anything it finds.

                   

                  Malwarebytes Installer Download  Link (Clicking on the links below will immediately start the download  dialogue window.)
                  http://www.besttechie.net/tools/mbam-setup.exe

                   

                  Malwarebytes  Manual Updater link
                  http://www.malwarebytes.org/mbam/database/mbam-rules.exe

                   

                  Next,  install and run a full system scan with the SuperAntispyware program  and the manual updater from the links below. As before, you may need to  rename the installer file to get the program to install.:

                   

                  SuperAntispyware
                  http://www.superantispyware.com/

                   

                  SuperAntispyware  Manual Updater
                  http://www.superantispyware.com/definitions.html
                  ____________

                   

                  In  a few situations, in order for the program to run, it was also  necessary to rename the main "mbam.exe" file also after installing it..  It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
                  _____________________

                   

                  Hope  this helps.

                   

                  Grif

                  • 6. Re: bankerfox.a in only one user id in vista 32
                    Danii

                    I coudn't run any of the four rkill programs for some reason, and I don't have access to another machine.

                     

                    I downloaded Malwarebytes free version ....updated.... then full scanned.

                     

                    It worked. All the bugs are gone (presumably) and the machine is running normal in all user id's

                     

                    My question is.. should I buy the Malwarebytes paid version for $24.99?

                     

                    Why does McAfee not have something like this??? Are they working on something like this?

                     

                    Thanks for reply

                    • 7. Re: bankerfox.a in only one user id in vista 32

                      Good job.. If you haven't already, make sure to run the other tool I mentioned.. It frequently finds objects the other doesn't fine.. In addition, McAfee has a new tool called FakeAlert Stinger.. Download it and run it as well. Clicking on the link below will immediately start the download dialogue window to download the file to your desktop.

                       

                      http://download.nai.com/products/mcafee-avert/fakealertstinger.exe

                       

                      Unfortunately, in the world we live in today, there is no "silver bullet" that will handle all types of malware.. The tools I suggested earlier are specialized spyware/trojan removal tools but they aren't any good at removing normal viruses and worms.. That's where McAfee excels.. In the current malware climate, you need both a number of tools to keep you computer clean and most importantly YOU are the best "preventer" of malware. Don't visit dodgy sites.. Don't open attachments in your email unless your SURE the attachment is legitimate.. A key step is to make sure you harden your browser.. If using Internet Explorer, make sure it's the most current and the security settings are set at Medium-high to High. You might even try a different browser for web surfing such as Firefox or Opera, or such.. They don't run ActiveX which is one of the key vulnerabilities to letting in malware.

                       

                      McAfee is indeed working on the spyware end of things and are constantly updating their antispyware scanner for both the retail and corporate products.. It's a great tool but at the same time, don't be afraid to get a "second opinion" once in a while.

                       

                      Hope this helps.

                       

                      Grif

                      • 8. Re: bankerfox.a in only one user id in vista 32
                        Danii

                        Thank You Grif,

                         

                        I run Firefox BTW