Win32/Nuqel.E and BankerFox.A removal need help please

View previous topic View next topic Go down

Win32/Nuqel.E and BankerFox.A removal need help please

Post by butchieboss on Wed Dec 30, 2009 6:17 am

My laptop is not working right, I have a virus. I cannot connect to the internet using internet explorer, but I can connect using Firefox. I cannot run any apps, have pop ups, computer is freezing. I downloaded Avenger, but it will not let me run it. It says it's infected and cannot be ran. If I try to open any other programs like add/remove it says the same thing. Do not know what to do. PLEASE HELP!!!

butchieboss
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by Dr Jay on Wed Dec 30, 2009 6:27 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by butchieboss on Thu Dec 31, 2009 1:23 am

ComboFix 09-12-29.06 - davi2807 12/30/2009 19:54:34.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.670 [GMT -5:00]
Running from: c:\documents and settings\davi2807\Desktop\commy.exe
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\davi2807\Local Settings\Application Data\fouqxu
c:\documents and settings\davi2807\Local Settings\Application Data\fouqxu\egeesysguard.exe
c:\recycler\S-1-5-21-1453792206-2000060499-842820122-500
c:\recycler\S-1-5-21-2388196101-4162543526-2493488983-500
c:\recycler\S-1-5-21-3652250942-741021395-2200178515-500
c:\recycler\S-1-5-21-3726039340-1955672276-3039341588-500
c:\recycler\S-1-5-21-4240074935-2429360420-984205450-500
c:\recycler\S-1-5-21-4282068166-3347816414-3832364116-500
c:\recycler\S-1-5-21-909447240-978035807-2044221565-500
c:\windows\system32\Thumbs.db
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-29 05:20 . 2009-12-29 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-12-17 22:01 . 2009-12-17 22:01 -------- d-----w- c:\documents and settings\davi2807\Local Settings\Application Data\Temp
2009-12-10 18:58 . 2009-12-21 16:03 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-06 02:21 . 2009-12-06 02:21 -------- d-----w- c:\program files\Graboid
2009-12-04 14:19 . 2009-12-04 14:19 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-04 14:18 . 2009-12-04 14:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-04 14:09 . 2009-12-04 14:09 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-03 17:17 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 17:15 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-03 17:15 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-03 16:57 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-03 15:14 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-03 15:14 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 00:30 . 2008-08-12 18:35 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-12-31 00:28 . 2009-02-26 16:57 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-31 00:07 . 2008-08-12 18:51 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-12-31 00:07 . 2008-08-12 18:45 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-12-30 04:14 . 2009-09-19 15:40 70016 ----a-w- c:\documents and settings\davi2807\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 04:03 . 2008-08-12 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-30 00:36 . 2009-11-28 17:16 79488 ----a-w- c:\documents and settings\davi2807\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 05:57 . 2009-11-27 21:46 -------- d-----w- c:\program files\RealArcade
2009-12-09 14:47 . 2008-08-12 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 20:14 . 2008-08-12 18:54 -------- d-----w- c:\program files\Microsoft Works
2009-11-27 22:10 . 2009-11-27 22:10 -------- d-----w- c:\documents and settings\davi2807\Application Data\ElementalsTheMagicKey
2009-11-27 21:54 . 2009-11-27 21:54 -------- d-----w- c:\documents and settings\davi2807\Application Data\PlayFirst
2009-11-27 21:54 . 2009-11-27 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-11-27 21:53 . 2009-11-27 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-11-27 21:53 . 2008-08-12 18:40 -------- d-----w- c:\program files\Google
2009-11-22 23:13 . 2009-11-22 23:13 -------- d-----w- c:\program files\Unity
2009-11-15 20:50 . 2009-11-15 20:50 -------- d-----w- c:\program files\DivX
2009-11-15 20:50 . 2009-11-15 20:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-11 22:10 . 2009-09-08 19:40 -------- d-----w- c:\program files\SaversPlanet
2009-10-29 07:45 . 2006-06-22 21:07 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 16:45 . 2008-10-10 14:57 33792 ----a-w- c:\windows\system32\identprv.dll
2009-10-21 05:38 . 2006-06-22 21:06 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-06-22 21:06 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-06-22 21:06 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-06-22 21:06 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-06-22 21:06 79872 ----a-w- c:\windows\system32\raschap.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d930602d-a752-4287-828b-ef0b1f48825c}"= "c:\program files\SaversPlanet\tbSav1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{d930602d-a752-4287-828b-ef0b1f48825c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d930602d-a752-4287-828b-ef0b1f48825c}]
2009-11-11 22:10 2166296 ----a-w- c:\program files\SaversPlanet\tbSav1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d930602d-a752-4287-828b-ef0b1f48825c}"= "c:\program files\SaversPlanet\tbSav1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{d930602d-a752-4287-828b-ef0b1f48825c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D930602D-A752-4287-828B-EF0B1F48825C}"= "c:\program files\SaversPlanet\tbSav1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{d930602d-a752-4287-828b-ef0b1f48825c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-26 68296]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 138008]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-27 518488]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
1-Click Answers.lnk - c:\program files\1-Click Answers\answers.exe [2008-11-26 806912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonscripts"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-03 19:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 17:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-932917755-891632697-413896786-7379\scripts\Logon\0\0]
"script"=\\CRBC\SysVol\CRBC\Policies\{F9B93C00-7C81-49DC-AA28-CCD2129785B0}\User\scripts\Logon\NewJStudentHomeDirectory.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/12/2008 2:11 PM 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/26/2009 12:18 PM 64160]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/12/2008 2:11 PM 108552]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1005904]
R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\drivers\mstabbtn.sys [8/12/2008 1:24 PM 10496]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [8/12/2008 1:37 PM 14208]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/12/2008 2:11 PM 335240]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/26/2009 11:48 AM 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/26/2009 11:48 AM 297752]
S2 gupdate1ca66354569d406;Google Update Service (gupdate1ca66354569d406);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2009 3:50 PM 133104]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [8/12/2008 1:35 PM 17408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RPCNETP
.
Contents of the 'Scheduled Tasks' folder

2009-12-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:34]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:50]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:50]

2008-08-12 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]

2008-08-12 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]

2008-08-12 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\davi2807\Application Data\Mozilla\Firefox\Profiles\rkvi6x10.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-uwkpffel - c:\documents and settings\davi2807\Local Settings\Application Data\fouqxu\egeesysguard.exe
HKLM-Run-uwkpffel - c:\documents and settings\davi2807\Local Settings\Application Data\fouqxu\egeesysguard.exe
Notify-NavLogon - (no file)



**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-30 19:59:40
ComboFix-quarantined-files.txt 2009-12-31 00:59

Pre-Run: 58,179,448,832 bytes free
Post-Run: 58,469,175,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9D1809A1298A3CA3D5582DE5DC3C32B4

butchieboss
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by Dr Jay on Thu Dec 31, 2009 3:15 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by butchieboss on Mon Jan 04, 2010 7:53 pm

sorry it took me so long to reply was out of town didn't have access to laptop.Malwarebyte will not update error code 732(12029,0) contact support team.I scan anyway log below

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2010 2:43:37 PM
mbam-log-2010-01-04 (14-43-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 185715
Time elapsed: 42 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

butchieboss
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by Dr Jay on Mon Jan 04, 2010 7:54 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by butchieboss on Mon Jan 04, 2010 8:17 pm

internet explorer is not working im using firefox so i had to download it. i agreed to term then tries to download components and stop and says can't get update.tried several times.

butchieboss
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by Dr Jay on Mon Jan 04, 2010 8:23 pm

Use Firefox for a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Add-on install for Bitdefender QuickScanner for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by butchieboss on Mon Jan 04, 2010 8:40 pm

ran scan three time fail all three time at 90% here is the log of what it scanned

BitDefender QuickScan Beta 32-bit v0.9.8.9
------------------------------------------

Scan date: Mon Jan 04 15:29:51 2010
Machine ID: B017346F



Scan failed! Couldn't access QuickScan server.
------------------------------------------------


Processes
---------
Answers 752 C:\Program Files\1-Click Answers\answers.exe
Microsoft® Visual Studio .NET 644 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PowerDVD 3584 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PrismXL Software Family 872 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
ScreenScraper SDK 2128 C:\Program Files\1-Click Answers\agtserv.exe

Ad-Aware Service Application 1632 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Ad-Aware Tray Application 3964 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Agere Soft Modem Call Progress Service 428 C:\WINDOWS\system32\agrsmsvc.exe
Agere SoftModem Messaging Applet 3712 C:\WINDOWS\AGRSMMSG.exe
ATI External Event Utility for Windows 264 C:\WINDOWS\system32\Ati2evxx.exe
ATI External Event Utility for Windows 1144 C:\WINDOWS\system32\Ati2evxx.exe
AVG Internet Security 1364 C:\Program Files\AVG\AVG8\avgam.exe
AVG Internet Security 804 C:\Program Files\AVG\AVG8\avgcsrvx.exe
AVG Internet Security 1568 C:\Program Files\AVG\AVG8\avgemc.exe
AVG Internet Security 1460 C:\Program Files\AVG\AVG8\avgnsx.exe
AVG Internet Security 1408 C:\Program Files\AVG\AVG8\avgrsx.exe
AVG Internet Security 464 C:\Program Files\AVG\AVG8\avgwdsvc.exe
Firefox 2072 C:\Program Files\Mozilla Firefox\firefox.exe
Installation/Management Application 1340 C:\WINDOWS\system32\rpcnet.exe
Intel(R) Common User Interface 3664 C:\WINDOWS\system32\hkcmd.exe
Intel(R) Common User Interface 3672 C:\WINDOWS\system32\igfxpers.exe
Intel(R) Common User Interface 3692 C:\WINDOWS\system32\igfxsrvc.exe
Java(TM) Platform SE 6 U11 560 C:\Program Files\Java\jre6\bin\jqs.exe
Microsoft Distributed Transaction Coordinator 340 C:\WINDOWS\system32\msdtc.exe
Microsoft® Windows® Operating System 528 C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
Microsoft® Windows® Operating System 3600 C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
Microsoft® Windows® Operating System 3268 C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
Microsoft® Windows® Operating System 2848 C:\WINDOWS\Explorer.EXE
Microsoft® Windows® Operating System 2252 C:\WINDOWS\System32\alg.exe
Microsoft® Windows® Operating System 884 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 2924 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 964 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 3924 C:\WINDOWS\system32\rundll32.exe
Microsoft® Windows® Operating System 952 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 824 C:\WINDOWS\System32\smss.exe
Microsoft® Windows® Operating System 1696 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1424 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1392 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1276 C:\WINDOWS\System32\svchost.exe
Microsoft® Windows® Operating System 1236 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1164 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 256 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 480 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 2216 C:\WINDOWS\system32\wbem\unsecapp.exe
Microsoft® Windows® Operating System 2380 C:\WINDOWS\system32\wbem\wmiprvse.exe
Microsoft® Windows® Operating System 908 C:\WINDOWS\system32\winlogon.exe
Microsoft® Windows® Operating System 2580 C:\WINDOWS\SYSTEM32\WISPTIS.EXE
Synaptics Pointing Device Driver 3648 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Tablet PC 2768 C:\WINDOWS\System32\tabbtnu.exe


Network activity
----------------
Process avgnsx.exe (1460) connected on port 80 (HTTP) - a69-192-156-20.deploy.akamaitechnologies.com
Process avgnsx.exe (1460) connected on port 80 (HTTP) - vx-in-f101.1e100.net
Process avgnsx.exe (1460) connected on port 80 (HTTP) - vx-in-f101.1e100.net
Process avgnsx.exe (1460) connected on port 80 (HTTP) - vx-in-f101.1e100.net

Process svchost.exe (1236) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Answers C:\Program Files\1-Click Answers\answers.exe
PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE

Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Ad-Aware Tray Application C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Agere SoftModem Messaging Applet C:\WINDOWS\AGRSMMSG.exe
ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
AVG Internet Security C:\Program Files\AVG\AVG8\avgtray.exe
AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
Intel(R) Common User Interface C:\WINDOWS\system32\igfxpers.exe
Intel(R) Common User Interface C:\WINDOWS\system32\igfxtray.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft Snipping Tool C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
Microsoft Synchronization Manager C:\WINDOWS\system32\mobsync.exe
Microsoft® Windows® Operating System C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
Microsoft® Windows® Operating System C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
Microsoft® Windows® Operating System C:\WINDOWS\help\SplshWrp.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\bthprops.cpl
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\OOBE\oobebaln.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\tpgwlnot.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
Shockwave C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Tablet PC C:\WINDOWS\system32\tabbtnwl.dll
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AnswersInstaller.exe C:\WINDOWS\Downloaded Program Files\AnswersInstaller.exe
Browser Address Error Redirector c:\windows\system32\bae.dll
Java(TM) Platform SE 6 U11 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
Unity Player C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
AVG Internet Security c:\program files\avg\avg8\avgssie.dll
BitDefender QuickScan C:\Documents and Settings\davi2807\Application Data\Mozilla\Firefox\Profiles/rkvi6x10.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
BitDefender QuickScan C:\Documents and Settings\davi2807\Application Data\Mozilla\Firefox\Profiles/rkvi6x10.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Conduit Toolbar c:\program files\saversplanet\tbsav1.dll
DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
Java(TM) Platform SE 6 U11 c:\program files\java\jre6\bin\ssv.dll
Java(TM) Platform SE 6 U11 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\wshbth.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Spybot - Search & Destroy c:\program files\spybot - search & destroy\sdhelper.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Missing files
-------------
File not found: NA
referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Power2GoExpress"


Scan
----

Scan finished - communication took 2 sec
Total traffic - 0.00 MB sent, 0.00 KB recvd
Scanned 1163 files and modules - 69 seconds

butchieboss
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by Dr Jay on Mon Jan 04, 2010 11:07 pm

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections tab and then the Lan Settings button
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.


Let me know if you can use it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by butchieboss on Tue Jan 05, 2010 12:35 am

yes internet explorer is working now

butchieboss
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by Dr Jay on Tue Jan 05, 2010 1:22 am

Good.

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by butchieboss on Tue Jan 05, 2010 1:41 am

aAnti-Rogue v1.0.15
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Mon 01/04/2010 20:40:23.23


-- Known infection --



If objects found, full virus scan or anti-malware scan necessary


EOF

butchieboss
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-30
OS OS : Windows XP
Points Points : 25423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and BankerFox.A removal need help please

Post by Dr Jay on Tue Jan 05, 2010 3:50 am

Please run the [You must be registered and logged in to see this link.]

  • Follow the Instruction [You must be registered and logged in to see this link.] for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum