TechSpot

PSW.Banker.wqp is back....

By boblorenzen
Jun 25, 2007
Topic Status:
Not open for further replies.
  1. This trojan horse has raised it's head again. New variant reported/added to definitions by AVG June 22/23, 2007.

    Note that this was not detected by Symantec Corporate edition with latest updates. Was detected, but not cured by AVG. AVG also deleted sfc.dll in my Windoze/System32 directory.

    After many hours of searching the web and hair pulling, here's the best removal I was able to come up with.

    If you look at http://www.symantec.com/security_response/writeup.jsp?docid=2007-052710-0541-99&tabid=2
    you will get the removal hints for a prior variant. Good start to getting your registry cleaned up. In addition, look at your windoze folder (probably WinNT under W2K). You will see a hidden, system file called srvrmgr.exe with a June 2007 date. This be the malware in question. Rename it. It also appends itself to the registry entry HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/WinLogin Shell (should just read explorer.exe). AVG did clean up the rest of the problems, but until this guy gets blown away, this trojan will reinstall itself.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.