Bankerfox.a, wuauclt.exe and Antivirus Pro Help

View previous topic View next topic Go down

Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 7th December 2009, 3:15 am

I have got a computer infected with the bankerfox.a virus and need help getting it cleaned up. It will not let me open anything on the infected machine. How do I go about downloading the Hijack This program? Can I follow steps you have posted for others with this infection? Thanks for any help you can give me.

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by Dr Jay on 7th December 2009, 5:41 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 8th December 2009, 4:33 am

I can not get to the web page to do any downloading. When I try to change the web page it goes to this address [You must be registered and logged in to see this link.] There are 20 plus red shields with white x's in them across the bottom taskbar and a yellow one that jumps through the red ones one by one. I downloaded the commy.exe to a disk from a different computer and put it on the desktop of the infected one the "run" feature comes up with an error that it can't find the commy.exe. When I double click or select run on the commy icon a small box flashes and says Combofix but that is all it does.

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 8th December 2009, 4:35 am

I can not even get to geekpolice web site and if I let the computer set long enough porno pages come up.

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by Dr Jay on 8th December 2009, 4:45 am

Please download: [You must be registered and logged in to see this link.] to your Desktop.
  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    It will also create a shortcut on your Desktop.
  • Accept the license agreement.
  • Click Do a System Scan and Save a Logfile.
  • Please post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 8th December 2009, 5:06 am

yippe...I got the hijackthis to work, but it's on the other computer and I can't access any email nor can I get to this web page to post the results :-( any help?

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by Dr Jay on 8th December 2009, 6:03 am

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections tab and then the Lan Settings button
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.


Post the HijackThis log when ready.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 8th December 2009, 4:54 pm

last night nothing would work. I couldn't get the LAN setting to where you advised it kept resetting. I shut down and this morning I restarted avg picked up the antivirus program and I got rid of it through there. Why it didn't do it before?? I ran commy.exe and am including the log here. Let me know what you think...am I healed?

ComboFix 09-12-07.09 - Owner 12/08/2009 10:35.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.203 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\program files\Shared\lib.sig
c:\recycler\S-1-5-21-763046184-1108015167-220856613-1003
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-08 04:56 . 2009-12-08 04:56 -------- d-----w- c:\program files\Trend Micro
2009-12-08 02:55 . 2009-12-08 08:43 3585369 ----a-w- c:\documents and settings\commy.exe.exe
2009-12-08 02:39 . 2008-04-14 01:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-12-08 02:39 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-08 02:38 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-12-08 02:38 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-04 22:47 . 2009-12-08 15:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\fxgupx
2009-12-04 19:55 . 2009-12-04 19:55 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 16:09 . 2009-09-25 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-04 22:13 . 2009-04-26 22:23 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-12-02 22:41 . 2009-05-31 01:10 6588 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-12-01 03:13 . 2009-04-27 21:29 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-09-25 00:08 . 2009-09-25 00:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-25 00:08 . 2009-09-25 00:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-25 00:08 . 2009-09-25 00:08 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-25 00:08 . 2009-09-25 00:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-24 22:52 . 2009-04-26 21:04 38112 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 22:32 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-24 22:30 . 2009-09-24 22:30 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-08-24 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-08-24 2552320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"QuickCare2.2"="c:\program files\Qwest\QuickCare\bin\sprtcmd.exe" [2007-05-04 198184]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-08 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-25 00:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/24/2009 6:08 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/24/2009 6:08 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/24/2009 6:08 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/24/2009 6:08 PM 297752]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by Dr Jay on 8th December 2009, 11:18 pm

Please run a Full Scan with AVG - and post a log, if available.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 9th December 2009, 4:18 am

there is no log to post. No infections and some tracking cookies are all it found. So this must mean my machine is clean? AVG must have caught the antivirus virus this morning and cleaned it off. Thank you for being here and I have bookmarked the address. This is great!!! I definately will donate towards a great cause. Thanks for all the time you spend here. Hooray!

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by Dr Jay on 9th December 2009, 6:11 am

Let us do a final check then I will help you prevent malware in the future.

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 9th December 2009, 4:25 pm

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
``````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 6.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 9th December 2009, 4:53 pm

I updated Java and Adobe Reader then reran the SecurityCheck and here are the results:

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
``````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by hackrkillr1 on 9th December 2009, 5:21 pm

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. ~DragonMaster Jay


Last edited by DragonMaster Jay on 9th December 2009, 9:25 pm; edited 2 times in total

hackrkillr1
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-12-09
OS OS : xp
Points Points : 25585
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by Dr Jay on 9th December 2009, 9:26 pm

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here: [You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.a, wuauclt.exe and Antivirus Pro Help

Post by gadekm on 10th December 2009, 12:40 am

no more questions. I will be checking out all the information above. Thank you for your attention and help on this...couldn't have done it without your help. Can't praise you enough. Bow or Thanks

gadekm
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-12-06
Gender Gender : Female
OS OS : Vista
Points Points : 26286
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum