PSW.Banker.wqp is back....

By boblorenzen
Jun 25, 2007
  1. This trojan horse has raised it's head again. New variant reported/added to definitions by AVG June 22/23, 2007.

    Note that this was not detected by Symantec Corporate edition with latest updates. Was detected, but not cured by AVG. AVG also deleted sfc.dll in my Windoze/System32 directory.

    After many hours of searching the web and hair pulling, here's the best removal I was able to come up with.

    If you look at
    you will get the removal hints for a prior variant. Good start to getting your registry cleaned up. In addition, look at your windoze folder (probably WinNT under W2K). You will see a hidden, system file called srvrmgr.exe with a June 2007 date. This be the malware in question. Rename it. It also appends itself to the registry entry HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/WinLogin Shell (should just read explorer.exe). AVG did clean up the rest of the problems, but until this guy gets blown away, this trojan will reinstall itself.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...