win32/nuqel.e and bankerfox virus

View previous topic View next topic Go down

win32/nuqel.e and bankerfox virus

Post by sbemis1 on 27th December 2009, 5:06 pm

I aminfected with the win32/nuqel.e and bankerfox virus. I cannot access the internet to download new software and I cannot run anything on my desktop - I get message saying that xyz file is infected do I want to activate antivirus software which of course is Antivirus Pro. I tried downloading another antivirus software to usb drive and could not run it from there also...told me file was infected. I think you are proposing that I download Avenger to a usb drive and run it - is tthat correct. I cannot download any software either - can you help?

sbemis1
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-27
OS OS : windows xp
Points Points : 25467
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by Belahzur on 27th December 2009, 5:32 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by sbemis1 on 28th December 2009, 2:49 pm

i dowloaded hijqack this installer to my net book...moved it to a thumb drive...when I try to click on it from my desktop that is infected - I get a message saying that application cannot be executed that the prograam msiexec is infected and do I want to activate my anti virus software now. I cannot execute any program on the desktop without getting that message.

sbemis1
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-27
OS OS : windows xp
Points Points : 25467
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by Belahzur on 28th December 2009, 3:25 pm

Okay, lets drop the Hijack This idea for now, IceSword will do the trick here.

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Now, on the left hand side tool, hit the Process button at the top of the list.
  4. Just above the list, there is a log button, press that and save the log to your Desktop.
  5. Next, hit the Startup on the left side list.
  6. Press the log button again.
  7. Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by sbemis1 on 28th December 2009, 4:02 pm

first log
Process:

System Idle Process
System
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\IceSword122en\IceSword122en\IceSword.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\dmxrlx\hdswsysguard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2nd log
Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxpers
C:\WINDOWS\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP
C:\Program Files\Analog Devices\Core\smax4pnp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Intuit SyncManager
C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mcagent_exe
"C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Nikon Transfer Monitor
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
indbxplw
C:\Documents and Settings\Administrator\Local Settings\Application Data\dmxrlx\hdswsysguard.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DriverCure
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Aim
"C:\Program Files\AIM\aim.exe" /d locale=en-US

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
indbxplw
C:\Documents and Settings\Administrator\Local Settings\Application Data\dmxrlx\hdswsysguard.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BIT.vbs


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HDTune.exe


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
QuickBooks Update Agent.lnk
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Remark£ºQuickBooks Update Agent)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Snagit 9.lnk
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (Remark£º)

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
LimeWire On Startup.lnk
C:\Program Files\LimeWire\LimeWire.exe (Remark£ºLimeWire 5.2.13)

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk
C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (Remark£º)

sbemis1
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-27
OS OS : windows xp
Points Points : 25467
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by Belahzur on 28th December 2009, 4:32 pm

Good work. Go back into IceSword, open the Process list again. Find this filename: hdswsysguard.exe, right click and select Terminate Process.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by sbemis1 on 28th December 2009, 5:27 pm

here are the results - seems to have removed infected files without a problem...restarted pc - I had disconnected the desktop from my wireless router since it was accessing the internet and displaying page after page of porn sites...due to my son and probably how we got infected to begin with. Now I cannot access the internet but think that may be a different problem..

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 11:06:14 AM
mbam-log-2009-12-28 (11-06-14).txt

Scan type: Quick Scan
Objects scanned: 107711
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\indbxplw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\indbxplw (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Application Data\dmxrlx\hdswsysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

sbemis1
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-27
OS OS : windows xp
Points Points : 25467
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by Belahzur on 28th December 2009, 5:40 pm

Figures, just make sure there is no proxy set by this infection.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

If there was a proxy set and removed, see if you can access the internet now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by sbemis1 on 28th December 2009, 5:58 pm

that was it - seems that I am back in business...I cannot thank you enough!!!

sbemis1
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-27
OS OS : windows xp
Points Points : 25467
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by Belahzur on 28th December 2009, 6:01 pm

Good, lets make sure there's no leftovers.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

attach log

Post by sbemis1 on 29th December 2009, 4:20 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/23/2009 4:21:02 PM
System Uptime: 12/28/2009 11:51:52 AM (11 hours ago)

Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 196.508 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP50: 9/30/2009 12:11:52 PM - System Checkpoint
RP51: 10/1/2009 12:27:45 PM - System Checkpoint
RP52: 10/2/2009 1:04:20 PM - System Checkpoint
RP53: 10/3/2009 1:31:46 PM - System Checkpoint
RP54: 10/4/2009 3:22:24 PM - System Checkpoint
RP55: 10/5/2009 3:38:53 PM - System Checkpoint
RP56: 10/6/2009 4:19:40 PM - System Checkpoint
RP57: 10/7/2009 5:14:22 PM - System Checkpoint
RP58: 10/8/2009 5:59:04 PM - System Checkpoint
RP59: 10/9/2009 6:23:05 PM - System Checkpoint
RP60: 10/10/2009 11:28:43 PM - System Checkpoint
RP61: 10/11/2009 11:59:04 PM - System Checkpoint
RP62: 10/13/2009 10:35:28 AM - System Checkpoint
RP63: 10/14/2009 11:33:25 AM - System Checkpoint
RP64: 10/15/2009 11:56:55 AM - System Checkpoint
RP65: 10/16/2009 3:00:18 AM - Software Distribution Service 3.0
RP66: 10/17/2009 2:07:54 PM - System Checkpoint
RP67: 10/18/2009 2:19:53 PM - System Checkpoint
RP68: 10/19/2009 4:07:53 PM - System Checkpoint
RP69: 10/20/2009 5:50:30 PM - System Checkpoint
RP70: 10/21/2009 9:12:06 PM - System Checkpoint
RP71: 10/22/2009 9:30:03 PM - System Checkpoint
RP72: 10/23/2009 10:30:04 PM - System Checkpoint
RP73: 10/25/2009 12:52:20 AM - System Checkpoint
RP74: 10/26/2009 1:30:14 AM - System Checkpoint
RP75: 10/27/2009 2:30:05 AM - System Checkpoint
RP76: 10/28/2009 3:30:05 AM - System Checkpoint
RP77: 10/29/2009 4:30:06 AM - System Checkpoint
RP78: 10/30/2009 5:29:40 AM - System Checkpoint
RP79: 10/31/2009 5:34:46 AM - System Checkpoint
RP80: 11/1/2009 6:34:45 AM - System Checkpoint
RP81: 11/2/2009 8:09:00 AM - System Checkpoint
RP82: 11/3/2009 9:07:29 AM - System Checkpoint
RP83: 11/3/2009 9:54:29 AM - Installed W Photo Studio
RP84: 11/4/2009 10:45:50 AM - Installed Microsoft Office Small Business 2007 Trial
RP85: 11/5/2009 4:00:44 AM - Software Distribution Service 3.0
RP86: 11/6/2009 4:01:24 AM - Software Distribution Service 3.0
RP87: 11/7/2009 4:00:43 AM - Software Distribution Service 3.0
RP88: 11/8/2009 3:01:02 AM - Software Distribution Service 3.0
RP89: 11/8/2009 9:41:57 PM - Removed Ask Toolbar.
RP90: 11/9/2009 9:59:15 PM - System Checkpoint
RP91: 11/10/2009 3:00:27 AM - Software Distribution Service 3.0
RP92: 11/11/2009 3:00:21 AM - Software Distribution Service 3.0
RP93: 11/11/2009 1:31:35 PM - Printer Driver Lexmark 510 Series Installed
RP94: 11/11/2009 1:41:48 PM - Printer Driver Lexmark 510 Series Installed
RP95: 11/12/2009 2:41:23 PM - System Checkpoint
RP96: 11/13/2009 3:13:48 PM - System Checkpoint
RP97: 11/14/2009 5:16:07 PM - System Checkpoint
RP98: 11/15/2009 5:40:08 PM - System Checkpoint
RP99: 11/16/2009 9:33:30 PM - System Checkpoint
RP100: 11/17/2009 11:34:36 PM - System Checkpoint
RP101: 11/19/2009 12:11:21 AM - System Checkpoint
RP102: 11/20/2009 12:48:28 AM - System Checkpoint
RP103: 11/21/2009 1:48:27 AM - System Checkpoint
RP104: 11/22/2009 2:19:31 AM - System Checkpoint
RP105: 11/23/2009 2:48:14 AM - System Checkpoint
RP106: 11/24/2009 3:48:14 AM - System Checkpoint
RP107: 11/25/2009 4:37:14 AM - System Checkpoint
RP108: 11/26/2009 3:00:16 AM - Software Distribution Service 3.0
RP109: 11/27/2009 3:26:00 AM - System Checkpoint
RP110: 11/28/2009 4:22:08 AM - System Checkpoint
RP111: 11/29/2009 4:46:07 AM - System Checkpoint
RP112: 11/30/2009 5:34:08 AM - System Checkpoint
RP113: 12/1/2009 8:29:45 AM - System Checkpoint
RP114: 12/2/2009 8:42:06 AM - System Checkpoint
RP115: 12/3/2009 2:18:46 PM - System Checkpoint
RP116: 12/7/2009 8:00:08 PM - System Checkpoint
RP117: 12/8/2009 4:48:53 PM - Installed Panorama Maker
RP118: 12/8/2009 5:05:39 PM - Installed Nikon Transfer
RP119: 12/8/2009 5:09:26 PM - Installed Nikon Message Center
RP120: 12/9/2009 5:53:26 PM - System Checkpoint
RP121: 12/10/2009 3:00:24 AM - Software Distribution Service 3.0
RP122: 12/11/2009 3:17:42 AM - System Checkpoint
RP123: 12/13/2009 1:42:29 PM - System Checkpoint
RP124: 12/14/2009 5:59:36 PM - System Checkpoint
RP125: 12/15/2009 6:54:53 PM - System Checkpoint
RP126: 12/16/2009 7:41:55 PM - System Checkpoint
RP127: 12/17/2009 8:16:21 PM - System Checkpoint
RP128: 12/18/2009 9:29:05 PM - System Checkpoint
RP129: 12/20/2009 8:45:15 PM - System Checkpoint
RP130: 12/21/2009 1:56:22 PM - Installed WolfQuest
RP131: 12/22/2009 3:55:05 PM - System Checkpoint
RP132: 12/23/2009 5:04:21 PM - System Checkpoint
RP133: 12/24/2009 5:46:43 PM - System Checkpoint
RP134: 12/25/2009 6:47:47 PM - System Checkpoint
RP135: 12/28/2009 9:28:24 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AIM 7
AIM Toolbar
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CDBurnerXP
CoolChaser Layout Auto Insert
Coupon Printer for Windows
Download Updater (AOL LLC)
EasyCapture 1.2.0.0
File Uploader
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Lexmark 510 Series
LimeWire 5.2.13
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007 Trial
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
My.Freeze.com NetAssistant
Nikon Message Center
Nikon Transfer
OpenOffice.org 2.4
ParetoLogic DriverCure
QuickBooks
QuickBooks Pro 2009
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SiteRanker
Snagit 9.1.2
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SupportSoft Assisted Service
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
W Photo Studio
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WolfQuest

==== Event Viewer Messages From Past Week ========

12/28/2009 11:08:17 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

sbemis1
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-27
OS OS : windows xp
Points Points : 25467
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by sbemis1 on 29th December 2009, 4:21 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 22:15:49.51 on Mon 12/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.975 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aim toolbar\aimtbServer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
mSearchAssistant = [You must be registered and logged in to see this link.]
mCustomizeSearch = [You must be registered and logged in to see this link.]
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {5aa14397-d310-447d-8548-2dd90218a07d} - c:\program files\coolchaser layout auto insert\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Freecause Toolbar BHO: {fc78e410-0efa-4bec-b283-d1db1922f420} - c:\program files\coolchaser layout auto insert\Toolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: CoolChaser Layout Auto Insert: {b0208007-27c1-4bcd-93ef-eff5db61fc22} - c:\program files\coolchaser layout auto insert\Toolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\BIT.vbs
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HDTune.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\Snagit32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-6 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-6 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-6 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-6 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-6 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-6 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-6 34248]

=============== Created Last 30 ================

2009-12-29 04:13:15 524288 ----a-w- C:\dds.scr
2009-12-28 16:56:34 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-12-28 16:56:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 16:56:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-28 16:56:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 16:56:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 15:56:44 0 d-----w- C:\IceSword122en
2009-12-28 15:56:30 2205157 ----a-w- C:\IceSword122en.zip
2009-12-26 16:43:06 1622 ----a-w- C:\pcinfo.html
2009-12-26 16:26:40 0 d-----w- c:\windows\pss
2009-12-21 19:56:23 0 d-----w- c:\program files\WolfQuest
2009-12-13 20:57:58 0 d-----w- c:\docume~1\admini~1\applic~1\FCTB000060531
2009-12-13 20:51:44 0 d-----w- c:\program files\CoolChaser Layout Auto Insert
2009-12-08 23:05:54 0 d-----w- c:\program files\common files\muvee Technologies
2009-12-08 23:05:48 0 d-----w- c:\program files\common files\Nikon
2009-12-08 23:05:41 0 d-----w- c:\program files\Nikon
2009-12-08 23:03:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Analog Pad
2009-12-08 23:03:55 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-11-30 01:22:07 0 d-----w- c:\program files\AIM Toolbar
2009-11-30 01:22:07 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-11-30 01:22:03 0 d-----w- c:\program files\common files\Software Update Utility
2009-11-30 01:21:49 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2009-11-30 01:21:40 0 d-----w- c:\program files\AIM
2009-11-30 01:21:34 0 d-----w- c:\program files\common files\AOL
2009-11-30 01:21:28 463 ---ha-w- C:\IPH.PH

==================== Find3M ====================

2009-12-08 23:03:49 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 22:16:34.25 ===============

sbemis1
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-12-27
OS OS : windows xp
Points Points : 25467
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nuqel.e and bankerfox virus

Post by Belahzur on 29th December 2009, 5:58 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    LimeWire 5.2.13
    My.Freeze.com NetAssistant

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum