latrrobe asked in Computers & InternetSecurity · 1 decade ago

Spybot search and destroy - banker trojan HELP?!?

I have the latest version of spybot search & destroy and it is updated, running on vista. My latest scan found 2 entries for a banker trojan and it's not letting me remove because spybot is giving me the following message:

"This action may not be performed completely since you are not an administrator. If you want this performed for all users, please run this application elevated as an administrator."

I am the administrator and it is the only user account i have created. Has anyone run across this problem or know how I can fix it? Also, it keeps asking me if I'd like to start spybot when i restart my computer and i've checked yes, restarted, and it doesn't run when it reboots.

6 Answers

Relevance
  • Anonymous
    1 decade ago
    Favorite Answer

    In order to fix this you need to right click on Spybot (Either in programs or on your desktop shortcut if you have one) and choose to run as administrator.

    Also, make sure that the program is configured properly:

    Launch the Spybot - Search & Destroy installer. At the select components windows, check in all the check boxes. At the select additional tasks, make sure that ONLY the Use Internet Explorer Protection box is checked in. DO NOT use tea timer! This program can go from great and amazing to horrible if you install tea timer, you have been warned. The program will then try to download updates (That's what the Ethernet cable was for). If for any reason you don't have one available, or it doesn't work, go back and uncheck Download updates.

    Once the program is installed launch it. The first time it will give you a warning about how some programs require that you keep spyware in order to work. I would check in the box so that you're never warned about this again. If the program needs spyware, you don't want it anyways. You will be given a short little introduction to the program at this point. This is not important at all. Click next over and over, and then on the last slide click start using the program.

    Now to configure it properly. Click on mode and choose advanced mode. Then click on settings, followed by the file sets tab. Make sure that they are all checked in. Then click on the settings tab... This one is a little complicated, so I'll just let you know which sections need to be changed. If a setting option is not listed, leave it the way it is:

    * Main settings (only the following should be checked in)

    o I do know about all that legal stuff

    o Save all settings

    * Automation (again, only these should be checked in)

    o Program start

    + Fix all problems on program start

    + Rerun checks after fixing problems

    + Immunize on program start if program has been updated

    + Don't ask for fixing confirmation

    + Wait a few seconds if something else than spies were found

    o System Start

    + Fix all problems on program start

    + Wait a few seconds if something else than spies were found

    + Close program if everything's O.K.

    o Web update

    + Search the web for new versions at each program start

    + Download updated include files if available online

    + Display available beta versions

    + Display updates for other languages

    + Display new and updates skins

    + Display PGP signature updates

    * Expert settings

    o Use shredder to remove usage tracks

    o Use shredder when purging recovery files

    o Show expert buttons in results list

    o Show expert buttons in recovery list

    Now click on the Directories tab, right click on the empty space, and add your desktop. Then click on ignore products, click on the empty space of the all products windows, and choose Deselect all. Then finally click on the Ignore System Internals tab, and remove all the entries.

    Then click on the tools tab on the bottom left hand corner, check in the "Hosts File" box, and then finally click on the Hosts File tab on the left. You will get a complete list of your host files. Select them all, and click on "Remove selected entries"

    Finally click on the Spybot-S&D tab, then Immunize, and make sure everything is Immunized. Then on the update tab, search for updates, and when you get the list, right click on the empty space and select them all. On occasion some of the updates may restart spybot. If this happens, make sure that all the above settings are still in place.

  • 4 years ago

    2

    Source(s): Amazing Protection Antivirus Software : http://moveantivirus.com/?GyIA
  • 1 decade ago

    I had the same problem with SpyBot i run a computer network and it always messed up the privledges and administrations and we had so many errors. I suggest you install a free anti-virus like avg to find and get rid of the trojans and then get rid of avg once the trojans have been healed.

  • 1 decade ago

    This is a bank info stealer.

    aka PWSteal.Banker.B

    Please run >>HijackThis! before moving on

    Hijackthis can be found for free at many sites

    I go here for it myself>>[Majorgeeks.com]

    [proceed with caution before doing what I suggest]

    PWSteal.Banker.B

    This hides in your system restore files and is hard to remove.

    To do this you must disable 'system restore' then reboot into safe mode.[f 8 as you are booting for most ?]

    Backup or save every file you cherish before doing this please.

    Do this while your computer is totally disconnected from the internet

    1. Click Start > Run.

    2. Type regedit

    Then click OK.

    3. Navigate to the key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MPRServices\

    TestService

    4. In the right pane, delete the values:

    "Dllname"="lsd_f3.dll"

    "EntryPoint"="LSD_F3"

    "StackSize"=0"

    Right click them and delete them,do not be afraid

    5. Navigate to the key:

    It's there,be patient.Find it

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\

    Winlogon\Notify\f3dsl

    6. In the right pane, delete the values:

    "DllName"="lsd_f3.dll"

    "Startup"="LSD_F3"

    "Impersonate"="1"

    "Asynchronous"="1"

    "MaxWait"="1"

    Right click them and delete them,do not be afraid

    7. Navigate to the key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control

    8. In the right pane, delete the value:

    "Impersonate"=""

    Right click them and delete them,do not be afraid

    9. Exit the Registry Editor.

    10. Restart the computer in Normal mode.

    I hope this can be of help to you

  • How do you think about the answers? You can sign in to vote the answer.
  • 1 decade ago

    Trojan.Banker Removal Guide Press here http://www.spywareremove.com/removeTrojanBanker.ht...

    http://www.2-spyware.com/remove-banker-d.html

    Use Super Anti-Spyware To Remove Spyware,adware, malware, Trojans, dialers, worms, keyloggers, and hijackers. Prevent potentially harmful to download Super Anti-Spyware Press here http://www.superantispyware.com/

    And Use Malwarebytes’ Anti-Malware is designed to quickly detect, destroy, and prevent malware, spyware, trojans. Can detect and remove malware that even the most well-known Anti-Virus and Anti-Malware applications on the market today cannot To Download Malwarebytes’ Anti-Malware Press herehttp://www.download.com/Malwarebytes-Anti-Malware/...

  • 1 decade ago

    With Vista, you have to run programs as Admin. There should be an easy way to do that. You may be able to right click and say Run As then select Admin, but I'm not too familiar with Vista, but that's what a friend of mine had to do was run it as Admin instead of just running it.

Still have questions? Get your answers by asking now.