bankerfox.a++++++++++

View previous topic View next topic Go down

bankerfox.a++++++++++

Post by ADSz on Tue Sep 08, 2009 5:29 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:27 on 08/09/2009 by Summer Spencer (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--- 180224 bytes [17:37 15/11/2005] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [20:53 03/02/2009] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [18:29 03/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [18:51 10/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--- 407040 bytes [17:35 15/11/2005] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [20:53 03/02/2009] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [18:29 03/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [18:51 10/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--- 55808 bytes [17:34 15/11/2005] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [20:54 03/02/2009] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [18:28 03/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [18:51 10/08/2004] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Tue Sep 08, 2009 5:34 pm

can not do much- pop ups bankerfox.a - win32...
can not download hijack
pop ups driving me crazy- 10 min for these few lines

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by Dr Jay on Tue Sep 08, 2009 6:48 pm

Hi

Please download ComboFix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective
    programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Tue Sep 08, 2009 7:08 pm

can not get it to open, downloaded fine then the following - aopplication cannot be executed. The file combofix is infected.

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by Dr Jay on Tue Sep 08, 2009 7:13 pm

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Tue Sep 08, 2009 8:04 pm

ERROR Scanning could not be started [0x80004005]

Retried 4 more times

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Tue Sep 08, 2009 8:26 pm

Just tried again- now Java appears to be infected

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Tue Sep 08, 2009 8:28 pm

PackageManager.loadConfig: Update configuration saved.
MainApplet.loadNativeInterface: Load library
MainApplet.loadNativeInterface: Initialize library
=> MainApplet.kosUpdate <=
!!!!! formatDateTime=hh.mm.yyyy HH:MM:SS
Update.run: Prepare update
PackageConfig.loadUpdateConfig: packages/kos-extras.jar,./,0,0
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt.jar,binaries,308627,1221471011000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-redist.jar,binaries,591080,1221471011000
PackageConfig.loadUpdateConfig: packages/kos-bin-winnt-engine.jar,binaries,2110095,1221471011000
=> ReportApplet.stop <=
=> ReportApplet.destroy <=
=> MainApplet.stop <=
=> MainApplet.destroy <=
cb_error: 268 19
java.lang.RuntimeException: Update failed!
at com.kaspersky.kosp.update.Update.runner(Update.java:96)
at com.kaspersky.kosp.common.PrivilegedThread$1.run(PrivilegedThread.java:27)
at com.kaspersky.kosp.common.PrivilegedThread$1.run(PrivilegedThread.java:26)
at java.security.AccessController.doPrivileged(Native Method)
at com.kaspersky.kosp.common.PrivilegedThread.run(PrivilegedThread.java:26)

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by Dr Jay on Tue Sep 08, 2009 10:28 pm

Hi

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Tue Sep 08, 2009 11:17 pm

same. infected

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by Dr Jay on Tue Sep 08, 2009 11:28 pm

Hi

I have some bad news. It appears a file infector called Virut has compromised your machine.

Please read [You must be registered and logged in to see this link.] by me. If you decide to do as instructed, please reply back and tell me. If you would like to clean the computer instead, I can try really hard, but I will promise you it may not be clean even after I try.

Thank you.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Tue Sep 08, 2009 11:44 pm

which is better for me? Recommendations?

I guess really only a few pics involved- Little of anything else thats not replaceable.
\

How do I go about- errrr killing it and then restart it again?

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by Dr Jay on Tue Sep 08, 2009 11:52 pm

As it says in the article, reformat and reinstall. I cannot stress this enough.

If you need help on getting the resources, please let me know.

When you have decided, please let me know that, as well.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Wed Sep 09, 2009 12:21 am

yes I need help on getting the resources.

sooner is better for me.

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by Dr Jay on Wed Sep 09, 2009 12:45 am

Please answer the following questions:

What type of computer do you have? (Manufacturer, Model, date purchased)

Do you currently have a Windows XP install disk, or full version?

====

Please do the following, if possible:

Find any document on your system that is important. (Like a Microsoft Word document).
  • Please go to [You must be registered and logged in to see this link.]

  • Browse for the file of choice (a document), and enter it in to the field.

  • Click on the submit button

  • Please post the url of the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Wed Sep 09, 2009 2:14 am

Dell DIM 3000 11/05

no xp disk do have dell drivers and and utility cd

I'm ready to loose all data on that computer.

there is a microsoft windows system restore, but have no owner's manual icon nor could I find it with a search.

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by Dr Jay on Wed Sep 09, 2009 2:40 am

Do you have the Dell Operating System disc?

If you do not, try to borrow an XP disc from a friend.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Wed Sep 09, 2009 12:15 pm

checking on xp.

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by ADSz on Thu Sep 10, 2009 8:20 pm

Ok Got xp. what next?

ADSz
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-09-08
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: bankerfox.a++++++++++

Post by Dr Jay on Fri Sep 11, 2009 1:50 am

Right here is an excellent tutorial on reformatting and reinstalling your operating system: [You must be registered and logged in to see this link.] Smile

Do you have any more questions? If not, this topic will still remain open, just in case.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum