bancos virus

Your mac is un able to get a virus.

The only Bancos virus I've ever heard of is a Windows 32bit trojan - your Mac cannot possible be infected with it unless you are also running windows on that same machine.

Hello everybody,

I am having the exact same problem. Time Warner Cable Road Runner (RR) has quarntined my modem and WILL NOT allow me to reconnect because they detect a "bancos virus" activity signature comming from my modem.

RR expects me to format my harddrive otherwise they will NOT reconnect me AT ALL if they detect any activity again. They ONLY way they will reconnect me is if I show them proof that a computer perfesional (any guy with a basic A+ cert) was payed way too much money to do a job any joe can do.

Also, RR claimed that the "bancos" signature is not nessisarlly THE actual bancos virus, bancos is just the generic name for the signature.

RR would not offer any detailed information to assist me in fixing the problem other than a round-about time stamp of the last known signature activity.

None of the handfull of antivirus, antimalware, firewall softwares I used detected any foulplay on my small home network computers.

If I dont snuff out this problem RR will expect me to dish out the HUNDREDS of $$ it will cost me to hire some lame A+ fresh out of highschool to format ALL of my 6 computers.

If anybody can help me, please do before RR cuts me off. I am getting a little desperate now. If you have any ideas or solutions, please email.

<Email Edited by Host>

I have this same issue with Time Warner.

Same virus they say, same issue. Cannot find a solution though I see this posted out online more than once so there are people being impacted like us.

Nobody seems to have an answer yet on what scan software can resolve?

What I did was take the Mac offline -- left it offline for 4 days (actually 2 Mac's - Desktop and laptop) and reconnected Saturday. Sure enough here Monday I get the message of doom and they call me back and give me a time stamp that does line up with when I reconnected to the Mac to the network (that day) so it seems like that's the culprit.

Any advice on how to get this cleaned would be great -- or is it a full reset of the system?

Thanks.

There is nothing to clean nor remove from your Mac. The Bancos virus family is entirely a Windows virus family - no known variants are known that could possible run on a Mac with OS X.

Bancos is a win-32 trojan horse rootkit - it is unable to infect OS X. Your Mac cannot possibly have nor run this virus.

The only way you could be infected is if you have windows installed on your Mac and that copy of windows has become infected. If so, then you must not be running any AV software on your windows boxes, as the Bancos virus is an old, old, virus and any decent AV software has had protection against it, and tools to remove it, for years.

If you have an infected windows machine, then check the web site of your AV software as they should have removal and disinfection instructions - this is a well known and documented virus, for example, see Symantecs information about it (including removal) at http://www.symantec.com/security_response/writeup.jsp?docid=2003-071710-2826-99

But again, if you are using an Apple computer running OS X, you do not, nor cannot have, the Bancos virus as it is entirely incapable of executing its own code on your machine.

I did call time Warner and they referred me to a security and abuse line which pinpointed the time and day the virus/computer that accessed the router and it infact happen to be my Mac because it is the only computer I use. The lady on the phone told me that the virus happened to be a key logging virus and she referred me to three anti virus programs for Mac which were free and would do the job. I ran SOPHOS and it did infact find an infected file that it referred to as a trojan so I removed the file and than proceeded to rescan. No infected files were found. I then uninstalled the first program and the. dlEd the second program clamx. (( please note to complete disable all anti virus or delete previous ones because multiple running at one time could cause a system crash )) I am in the process of scanning and it found 2 malware files which I have since removed. These programs do take awhile to scan. The myth that macs are virus free are just that. Apple released an update to fix a known virus for Mac systems so I also updated my software. I do intend to run all three anti virus softwares before entering any valuable information into my computer.

I never said that it was impossible to have a virus on a Mac. But not the bancos virus - that is specific to windows and simply cannot even run in OS X.

Also, any of the known Mac viruses to date, in order to have infected your OS X system outside of the user directory, have required you to have manually entered your admin password in a dialogue box (albeit one that may have been obfuscated enough that you thought it was a legitimate installer). The reason is simply that OS X does not allow an installer to write outside of the user's home directory without that user explicitly typing in their admin password and granting the installer permission to write to the system directories.

So, if you had a keylogger that was found somewhere in your system folders, then you had to have installed it (perhaps not realizing just what you were granting admin permission to at the time).

The recent virus crisis could be simply avoided by disabling Java in your web browser(s). You should also disable the automatic running of downloaded files. And then finally, anytime a dialogue pops up asking for your admin password, be absolutely sure of what is asking for it - if you did not just execute the app or installer asking for it, then DO NOT type it in.

Believe what you like, but it really is still very simple to keep a Mac completely free of malicious virus, trojan and malware files. And in every single case to date where a Mac has been compromised beyond some limited installation in a user home directory (ie. a system wide installation) it has only been possible by the direct manual entering of an admin password.

Thanks for the info and time to reply.

From what I have found out the "name" of the virus is secondary with Time Warner. It really doesn't necessarily mean it's that virus - they get very cagey with how they know and what it is. Anyway, after running Sophos and it finding nothing I did run ClamX and it found two files it considered malware. I removed both and just decided to wipe the hard drive and reinstall the OS just to basically start over. My thinking was just removing the offending files might not be good enough. This is my daughters system so I cannot be sure how it got there though it's easy enough to see someone just thinking they are downloading or installing something legit and turns out it's not.

TIme Warner was basically not going to turn the 'net back on so had to go for the extreme solution - wiping it out and starting over.

ajacobs wrote:

Apple released an update to fix a known virus for Mac systems so I also updated my software.

Technically the update was for a different kind of malwarre called a "Backdoor" named Flashback (some still mistakenly call it a "Trojan") but there are currently no known "Viruses" that impact a fully updated OS X 10.6.8 and above.

Hi,

Did cleaning the machines with the softwares you mentioned worked? Please keep me updated. I'm having the same problems, and I dont want to wipe out my hard drive unless really necessary.

Thanks!

Hi,

I never thought it was necessary to get an anti-virus or internet proterction software for my mac.. Until now that I encounter this Bancos problem. I had my computer for almost 3 years. Do you recommend to buy an anti-virus or other type of protection for a mac computer?

Do you recommend to wipe out (as Time Warner/Road Runner suggests) to get rid of this and other malware?

I apoligize before hand for my ignorance on this subject, but does anyone know if this malware can affect Ipad/Iphone. I'm pretty sure the problems comes from my mac, but my Ipad is acting a little funny as well, and I don't know if Ipad can carry something like this or is it just because it shares the same wireless internet.

Any advise will be really appreciated!

Thanks

I ended up deleting the files it found and then decided it was best just to wipeout (backup first of course) and start over - that process wasn't that painful - fairly easy.

My thought was sure, I found the potential virus problems -- and despite all the talk here about what is technically a virus and what is not the reality is Time Warner doesn't care. It's not like you can show them some statements on a forum that says it doesn't exist and they'll reactivate you. So you have a choice, find the files, delete them and hope that does it -- but I wasn't sure just deleting would work. And, considering that I work from home I can't risk getting shut down completely. So a full restore was my solution - for now I haven't been shutdown since by Time Warner. It has been several days since the restore.

Like I mentioned, I tried several anti-virus for Mac and nothing found anything until that ClamX thing.

But, I have this issue on Windows as well -- each scanner isn't as effective as the next necessarily.

One final quick comment - Time Warner told me the same - they have seen this issue even coming from iPads, etc... To me that sounded ridiculous but again - how do I know for sure? That's a tough one to battle with them -- they swear by their data they are seeing on their end. And the person I spoke to was resolute that they've had issues with iPads. Who knows.