Jump to content

Trojan.Banker help


azhang24
 Share

Recommended Posts

I found it very odd that Malwarebytes detected a trojan on my computer, especially since it's in the Lenovo Client Security Solution folder.

I always use a standard user account and need a admin password to install something. Furthermore, nothing was detected last night and didn't use this computer to visit/do anything risky. 

 

What should my next steps be?

I want to make sure that I don't have a false positive here (or that there isn't something that Malwarebytes is missing).

 

Here is my log:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 02/09/2015
Scan Time: 02:07
Logfile: Malwarebytes.txt
Administrator: No
 
Version: 2.1.8.1057
Malware Database: v2015.09.02.01
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AARON
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296139
Time Elapsed: 8 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 31
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{288130EC-1476-4B64-8C56-9390BC361168}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\INTERFACE\{288130EC-1476-4B64-8C56-9390BC361168}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{288130EC-1476-4B64-8C56-9390BC361168}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{288130EC-1476-4B64-8C56-9390BC361168}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{288130EC-1476-4B64-8C56-9390BC361168}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\TYPELIB\{8843E999-F434-428E-ADF9-EA3A88C3E199}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\INTERFACE\{685B63F0-BA47-487E-9A2D-3461CCB0FB27}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{685B63F0-BA47-487E-9A2D-3461CCB0FB27}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{685B63F0-BA47-487E-9A2D-3461CCB0FB27}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8843E999-F434-428E-ADF9-EA3A88C3E199}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{8843E999-F434-428E-ADF9-EA3A88C3E199}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\tvtpwm_ie_com.IePasswordManagerMenu.1, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\tvtpwm_ie_com.IePasswordManagerMenu, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\tvtpwm_ie_com.IePasswordManagerMenu, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\tvtpwm_ie_com.IePasswordManagerMenu, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\tvtpwm_ie_com.IePasswordManagerMenu.1, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\tvtpwm_ie_com.IePasswordManagerMenu.1, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\IePasswordManager.IePasswordManagerHelper.1, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\IePasswordManager.IePasswordManagerHelper, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IePasswordManager.IePasswordManagerHelper, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IePasswordManager.IePasswordManagerHelper, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IePasswordManager.IePasswordManagerHelper.1, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IePasswordManager.IePasswordManagerHelper.1, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}, , [e831ee3d76153bfbf8604e90976bf709], 
Trojan.Banker, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}, , [e831ee3d76153bfbf8604e90976bf709], 
 
Registry Values: 1
Trojan.Banker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\LENOVO\CLIENT SECURITY SOLUTION\TVTPWM_IE_COM.DLL, 1, , [e831ee3d76153bfbf8604e90976bf709]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Banker, C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll, , [e831ee3d76153bfbf8604e90976bf709], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • 3 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.