GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

WIN32/Nuqel.E and BankFox.A Removal Help

View previous topic View next topic Go down

WIN32/Nuqel.E and BankFox.A Removal Help

Post by skip on Sat Jul 11, 2009 6:17 pm

Need help removing WIN32/Nuqel.E and BankerFox.A
Thanks Thank You!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:07, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\winupdate.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Skip\Local Settings\Temporary Internet Files\Content.IE5\6E7DCEAP\winlogon[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
O4 - HKCU\..\Run: [lfxc7a135e4j7wvvr49] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\X7NB5HCE.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\WNXZ6MRL.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\LW8NPTSH.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\AD7K903I.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\8XA78DYJ.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\83Y1QTGL.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\4HQ789YV.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\0TMV016F.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1.SH!
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Sissy')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Brother')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - S-1-5-21-1439906313-1815002781-3652652152-1007 Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE (User 'Carol')
O4 - S-1-5-21-1439906313-1815002781-3652652152-1007 User Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE (User 'Carol')
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\SYSTEM32\windialup\3080[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\SYSTEM32\windialup\3080[1]\windialup.exe (file missing)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - [You must be registered and logged in to see this link.]
O16 - DPF: {5274A4E6-90C9-11D5-903D-00105AABADD3} (Seagull Web-to-Host Control Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - [You must be registered and logged in to see this link.]
O16 - DPF: {A81B6F25-EDDA-11D3-85B6-006097109C81} (Ez3d Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A81B6F35-EDDA-11D3-85B6-006097109C81} (Ez3p Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - [You must be registered and logged in to see this link.]
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c9ae63bb926f42) (gupdate1c9ae63bb926f42) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 14370 bytes

skip
Beginner
Beginner

Status :
Online
Offline

Posts : 2
Joined : 2009-07-11
OS : xp
Points : 27014
# Likes : 0

View user profile

Back to top Go down

Re: WIN32/Nuqel.E and BankFox.A Removal Help

Post by Belahzur on Sat Jul 11, 2009 7:37 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - (no file)
    O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
    O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
    O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
    O4 - HKCU\..\Run: [] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
    O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
    O4 - HKCU\..\Run: [lfxc7a135e4j7wvvr49] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
    O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\X7NB5HCE.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\WNXZ6MRL.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\LW8NPTSH.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\AD7K903I.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\8XA78DYJ.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\83Y1QTGL.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\4HQ789YV.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\0TMV016F.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1.SH!
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\SYSTEM32\windialup\3080[1]\windialup.exe (file missing)
    O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\SYSTEM32\windialup\3080[1]\windialup.exe (file missing)
    O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

It worked

Post by skip on Sun Jul 12, 2009 11:55 am

Thanks. I followed the instructions and the BankerFox is dead. :Clapping:

skip
Beginner
Beginner

Status :
Online
Offline

Posts : 2
Joined : 2009-07-11
OS : xp
Points : 27014
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum