win32 nuqel.e and bankerfox

View previous topic View next topic Go down

win32 nuqel.e and bankerfox

Post by dmherre on 18th July 2009, 7:24 pm

i also need som assistance with removing this virus. its pretty much locking up the system. cant really surf webpages. Its keeps taking me to a "System pro

dmherre
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-07-18
OS OS : win xp
Points Points : 27023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e and bankerfox

Post by Origin on 18th July 2009, 9:29 pm

Hello dmherre,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e and bankerfox

Post by dmherre on 19th July 2009, 6:21 pm

it will not let me run this program. the virus keeps stopping me. What do i do?

dmherre
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-07-18
OS OS : win xp
Points Points : 27023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e and bankerfox

Post by dmherre on 19th July 2009, 6:35 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:43 AM, on 7/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
C:\Program Files\Blazent\BlazentAgent\bin\BZICU.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliADSIComm.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Autologon Client\EAHDCheckADAMSvr.exe
C:\WINNT\system32\ifxspmgt.exe
C:\WINNT\system32\ifxtcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Blazent\BlazentAgent\bin\BZController.exe
C:\WINNT\system32\IfxPsdSv.exe
C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\WINNT\system32\Qinst67.exe
C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINNT\System32\alg.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Blazent\BlazentAgent\bin\BZUtilizationCollector.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe
C:\WINNT\PixArt\PAC7302\Monitor.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
C:\WINNT\sysguard.exe
C:\WINNT\system32\wbem\unsecapp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Program Files\Blazent\BlazentAgent\bin\BZSoftwareInventoryCollector.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest Communications
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BHO - {CFA131B1-3A6E-4c4f-A0CC-4CC9D844B04C} - C:\WINNT\system32\iehelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINNT\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [BZUtilizationCollector] C:\Program Files\Blazent\BlazentAgent\bin\BZUtilizationCollector.exe
O4 - HKLM\..\Run: [BZEnvironmentVariableCollector] C:\Program Files\Blazent\BlazentAgent\bin\BZEnvironmentVariableCollector.exe
O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe /p
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINNT\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [EDFcsn] C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
O4 - HKLM\..\Run: [system tool] C:\WINNT\sysguard.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [system tool] C:\WINNT\sysguard.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: DOG_Config Utility.lnk = C:\Program Files\Qwest Browsers\ConfigLauncher.EXE
O4 - Global Startup: TunnelGuard Tray Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINNT\system32\cachepal.exe
O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINNT\system32\cachepal.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.confarchives.com
O15 - Trusted Zone: *.conferencing.com
O15 - Trusted Zone: *.directv.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: *.iconf.net
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: rio2ui2.prod.com
O15 - Trusted Zone: ad.qintra.com
O15 - Trusted Zone: dev.qintra.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: test.qintra.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AD.QINTRA.COM
O17 - HKLM\Software\..\Telephony: DomainName = AD.QINTRA.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F6D1068-2DE3-4F58-9E5C-2DA91B81A1E9}: Domain = AD.QINTRA.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AD.QINTRA.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad.qintra.com,qintra.com,uswc.uswest.com,qwest.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F6D1068-2DE3-4F58-9E5C-2DA91B81A1E9}: Domain = AD.QINTRA.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AD.QINTRA.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad.qintra.com,qintra.com,uswc.uswest.com,qwest.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F6D1068-2DE3-4F58-9E5C-2DA91B81A1E9}: Domain = AD.QINTRA.COM
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AD.QINTRA.COM
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ad.qintra.com,qintra.com,uswc.uswest.com,qwest.net
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F6D1068-2DE3-4F58-9E5C-2DA91B81A1E9}: Domain = AD.QINTRA.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad.qintra.com,qintra.com,uswc.uswest.com,qwest.net
O23 - Service: Blazent Agent - Blazent, Inc. - C:\Program Files\Blazent\BlazentAgent\bin\BZICU.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Qwest Virtual Remote Access\Extranet_serv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINNT\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINNT\system32\ifxtcs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINNT\system32\IfxPsdSv.exe
O23 - Service: HP DDMI Agent (prgnDiscAgent) - Unknown owner - C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
O23 - Service: Qinst67 - Unknown owner - C:\WINNT\system32\Qinst67.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - c:\progra~1\orl\vnc\Winvnc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 12516 bytes

dmherre
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-07-18
OS OS : win xp
Points Points : 27023
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32 nuqel.e and bankerfox

Post by Origin on 20th July 2009, 3:24 pm

Hello dmherre,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKLM\..\Run: [system tool] C:\WINNT\sysguard.exe
    O4 - HKCU\..\Run: [system tool] C:\WINNT\sysguard.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


  • Press "Fix Checked"
  • Close Hijack This.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum