BankerFix – The Brazilian Banker removal tool

BankerFix is a tool created and distributed by Linha Defensiva to remove infections of bank password stealers made in Brazil – which we call “Bankers”. Anti-virus software detects these infections under names like “Banhost”, “Banbra”, “Bancos” and sometimes “Delf”.

Instructions

  1. Download and run BankerFix (with admin rights):
    http://www.linhadefensiva.org/dl/bankerfix 
  2. After the first prompt, the tool should detect your system’s language and use only English.
  3. It might take a few minutes until a black window with text on it appears.
    Note: If you are running a 64-bit system, close this window. Go to C:\LinhaDefensiva and double-click Iniciar-Bankerfix there. The black window will appear again.
  4. Press any key. BankerFix will do its job.
  5. The window will tell you when everything’s done. Close the window.

BankerFix saves a report in relatorio.txt in the C:\LinhaDefensiva folder. To uninstall BankerFix, all you have to do is delete this folder.

Quarantined files are placed in a folder called “QUA” with a “.vir” extension.

Technical information

There’s a thread in our web forum discussing some technical aspects of the tool. Although the forum itself is in Portuguese, the discussion was entirely in English and our staff replied some questions about how the application works.

Go to the thread →