BankerFox.A Virus Help

I am not sure if this is the proper place to ask for help but it seemed like the right place to go. If I am wrong please let me know, direct me and I will ask my question there.

Hi Guys, I need some help and don’t know where to turn. ‘My son came home from school and was using my computer and I ended up with the “BankerFox.A Spyware Protect 2009” and I can’t seem to get rid of it.

Using my wife’s computer I got on some websites, primarily McAfee because that is the protection we use that we get from Comcast Cable which is my internet.

I have followed all the instructions but nothing seems to work, here are the steps that I have taken so far.

I have launched my computer (windows XP media Center) in safe mode and have run the add/remove program looking for the BankerFox.A but it is not found so I can’t delete it that way. I then rand the Task Manager program to try and stop the process but again there is no BankerFox.A program to stop, in fact with I launch the Task Manager there are no task running which does not make sense.

Someone suggested that I hold down my shift key when the Windows window launches because that stops the BankerFox.A program from running but that does not work.

I cannot get on the internet via Safe Mode or regular mode; I just keep getting directed to the “Spyware Protect 2009” website so that I can buy their program.

I am not a computer guy; I just enjoy playing the game which I have not done since this virus hit me.

Any help would be greatly appreciated. Thank you one and all.

PEACE

WEll, i'm not a techie geek,but plenty here that are. I'd try,even though u can still navigate around the virus apparently,is download a couple of spyware/malware removal programs. I personally like Spybot,SUPERANTIspyware, and malwarebytes. They're free and pretty easy to use. Just be sure to update them b4 using them.

HijackThis has always worked for me, if you cannot navigate to their page I PM'd you direct links to their DL.

Otherwise, one of the local tech guru's like Zombie_Man will be pop in eventually and get you the help you need.

Try to get to the HijackThis site listed above or here:

www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

When you install HijackThis do not install it in a directory called 'HijackThis' -- modern viruses look for that and disable anything in that directory. Rename it. Also, when it starts up, do *not* run a report. Back out of the program and rename the HijackThis.exe file to something else (I renamed mine to Love.exe ) -- again, to fool the modern viruses that would stop it from running.

If you can't download it on the affected computer, download it to some other computer. You can use a home network to transfer it to the infected computer, or use a thumb drive to transfer it. Or even burn it to a CD-ROM.

Go to the forums of Malwarebytes and follow these directions and post your HijackThis log in the HijackThis forum and those more knowledgeable than me will help you from there.

Malwarebytes was able to get rid of what Spybot, Adaware, and AVG couldn't on my machine.

If you're being redirected to a specific site for all internet access, then you've probably had your HOSTS file rewritten, or your DNS addresses have been rewritten. These are both methods of "address resolution" much like a phone book - when you type in www.website.com, the system looks that address up (first in HOSTS, then using Domain Name Resolution or DNS). Then it sends the page request to the IP address that was returned from the lookup, just as you dial the telephone number in someone's phone book listing.

Now, imagine someone coming along and putting in the SAME PHONE NUMBER for every listing in the phone book. That's a HOSTS file hack - your system is told everything can be found at a specific IP.

Or, imagine someone impersonating the directory assistance, and giving you a bogus number when you call. That's a DNS redirect hack.

What you need to do is, call your internet provider (or look this info up on your wife's comp) and get the DNS Resolver Addresses (usually two addresses) for your internet service. If they have a guide on resetting your DNS addresses, save it locally (thumb drive) or print it. Then use that guide to go onto your system, and reset your DNS addresses.

As for the HOSTS file, HiJackThis can fix it. It can also install a service that will block any attempt to change your HOSTS file.

That's name resolution hacks and fixes in general. Not sure how this malware pre-empts your connection, but in most cases, it'll be a variant of these two methods.

Ran into some nasty ones at work recently and they are getting really good at keeping you from installing and running programs such as Malwarebytes Antimalware and possibly others. I only use Malwarebytes since it has gotten rid of everything so far.

What was happening was that it would let me install the program but it was deleting the executable for the program as soon as the install finished. So of course I couldn't launch the program. What I wound up doing was going to another computer that had it installed and copying the entire directory from Program Files onto my flash drive. I renamed the mbam.exe file to fyou.exe and then copied that renamed executable to the infected computer and started the program by running that file directly.

I had to run it twice to get everything, with a reboot between passes. I ran Full Scan mode both times, so it took a while. Also, after the first scan and reboot I was able to get the Update to run so I got the latest updates for the second scan.

As a general practice, I download Malwarebytes Antimalware from www.majorgeeks.com since many of the nasty ones don't seem to block that site yet, and also because I can download their database updates at the same time since most of them block the updates. I haven't tried the manual database updates with the renamed executable since I figure it may fail.

My problems have been fixed... I would like to thank one and all for the advise and support that I was shown.

It was a little bit of this and a little bit of that and all my problems have been solved.

It great to know that there is a place to turn to when you need help where help is given in a friendly easy to understand manner.

Peace to one and all