BankerFox.A and Win32/Nuqel.E

View previous topic View next topic Go down

BankerFox.A and Win32/Nuqel.E

Post by ccrawford on 19th January 2010, 6:09 am

I see multiple ppl are having the same issue... but I thought I'd get my own individual diagnosis. I already have RegCure, Malwarebytes', and Avast on my computer. Ran all 3. They keep finding and fixing/deleting errors...but the problem still occurs.

This SPyware Alert! bright red box pops up. Small one in corner names the 2 "password-stealing attack" viruses. Porn, Viagra, and other sites keep popping up in Explorer in the background even though Explorer isn't working when I try to find sites on it (Only Firefox).

Also get Security Warning popups (over 50, i'm sure and still popping) that say "Application cannot be executed. The file wscntfy.exe (or whatever other exe files i try to open) is infected. Do you want to activate your antivirus software now?"

Help me. Please. I have a workathome project that's been at a standstill for 24 hrs. Whoa!

ccrawford
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-01-19
OS OS : Windows XP
Points Points : 25218
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuqel.E

Post by Dr Jay on 19th January 2010, 10:15 am

Hello.

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

ComboFix Log

Post by ccrawford on 19th January 2010, 7:53 pm

ComboFix 10-01-18.03 - Owner 01/19/2010 14:39:01.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1016.552 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.ISIS\Application Data\Sskuknwrd.dll
c:\documents and settings\Owner\Local Settings\Application Data\fxrdoi
c:\documents and settings\Owner\Local Settings\Application Data\fxrdoi\tcvjsysguard.exe
C:\LOG.TXT
c:\recycler\S-1-5-21-3085445630-1322540077-3812663451-1003
c:\recycler\S-1-5-21-3796250262-3948793719-2514017877-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\desktop
c:\windows\pi.exe
c:\windows\sv.dat
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat
c:\windows\viassary-hp.reg
c:\windows\xobglu16.dll
D:\Autorun.inf

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 19:45 . 2004-08-04 07:56 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-01-19 19:26 . 2010-01-19 19:26 -------- d-----w- c:\program files\Common Files\Ektron
2010-01-19 05:50 . 2010-01-19 05:50 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2010-01-19 01:41 . 2010-01-19 01:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2010-01-19 00:37 . 2010-01-19 04:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-18 19:14 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-18 19:14 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-18 19:14 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-18 19:14 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-18 19:14 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-18 19:14 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-18 19:14 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-18 19:14 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-18 19:14 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-18 19:14 . 2010-01-18 19:14 -------- d-----w- c:\program files\Alwil Software
2010-01-18 18:25 . 2010-01-18 18:25 -------- d-sh--w- c:\documents and settings\Administrator.ISIS\IECompatCache
2010-01-18 18:25 . 2010-01-18 18:25 -------- d-sh--w- c:\documents and settings\Administrator.ISIS\PrivacIE
2010-01-18 18:23 . 2003-10-11 05:31 128 ----a-w- c:\documents and settings\Administrator.ISIS\Local Settings\Application Data\fusioncache.dat
2009-12-31 00:49 . 2009-12-31 00:49 -------- d-----w- c:\program files\MyDSC2
2009-12-31 00:49 . 2009-12-31 00:49 -------- d-----w- c:\program files\JL2005C
2009-12-31 00:49 . 2009-12-31 00:49 -------- d-----w- c:\program files\JL2005B
2009-12-31 00:48 . 2006-04-11 08:49 118784 ------w- c:\windows\system32\PTTreeIcons.dll
2009-12-31 00:47 . 2009-12-31 01:02 -------- d-----w- c:\program files\Kids Cam Show and Share Creativity Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 19:26 . 2009-09-22 23:45 -------- d-----w- c:\program files\Ektron
2010-01-19 05:37 . 2004-03-25 01:45 -------- d-----w- c:\program files\Common Files\AOL
2010-01-19 05:37 . 2005-12-18 05:07 -------- d-----w- c:\program files\Pure Networks
2010-01-19 02:14 . 2004-03-25 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-19 02:11 . 2004-04-19 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
2010-01-18 20:33 . 2005-04-09 22:20 -------- d-----w- c:\program files\ype7gqlz
2010-01-10 19:43 . 2009-06-22 18:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Smilebox
2010-01-10 05:19 . 2010-01-10 05:20 2772480 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-12-25 21:04 . 2009-07-07 17:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Video Converter
2009-12-16 21:21 . 2009-11-21 06:38 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-15 21:11 . 2005-06-15 01:55 30672 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-09 01:52 . 2009-12-09 01:52 766 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{6D4047C2-6DD2-489D-ACA4-07729ED84318}\ARPPRODUCTICON.exe
2009-12-07 09:22 . 2009-06-08 11:08 373384 ----a-w- c:\documents and settings\Owner\Application Data\Smilebox\SmileboxStarter.exe
2009-12-07 09:22 . 2009-06-08 10:45 168584 ----a-w- c:\documents and settings\Owner\Application Data\Smilebox\SmileboxBrowserEngine.dll
2009-12-07 09:22 . 2009-06-08 08:15 266888 ----a-w- c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe
2009-12-07 09:22 . 2009-06-08 08:15 205448 ----a-w- c:\documents and settings\Owner\Application Data\Smilebox\SmileboxDvd.exe
2009-12-07 09:14 . 2009-12-07 09:14 1593992 ----a-w- c:\documents and settings\Owner\Application Data\Smilebox\SmileboxClient.exe
2009-12-07 08:39 . 2009-12-07 08:39 344712 ----a-w- c:\documents and settings\Owner\Application Data\Smilebox\SmileboxDvdEngine.dll
2009-12-07 08:39 . 2009-12-07 08:39 123528 ----a-w- c:\documents and settings\Owner\Application Data\Smilebox\SmileboxUpdater.exe
2009-12-06 14:50 . 2009-12-06 14:50 -------- d-----w- c:\program files\MSBuild
2009-12-06 14:49 . 2009-12-06 14:49 -------- d-----w- c:\program files\Reference Assemblies
2009-12-06 14:30 . 2009-12-06 14:30 -------- d-----w- c:\program files\MSXML 6.0
2009-12-03 13:14 . 2009-12-03 13:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-21 16:36 . 2003-11-06 00:03 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 06:36 . 2009-11-21 06:36 -------- d-----w- c:\program files\LimeWire
2009-11-02 19:21 . 2009-11-04 19:39 66048 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-11-02 17:17 . 2009-11-02 16:26 2648576 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-11-02 16:31 . 2009-11-02 16:31 106602 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_02_11_29_47_small.dmp.zip
2009-11-02 16:29 . 2009-11-02 16:31 15872 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-10-29 07:45 . 2005-02-18 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-07-07 17:02 . 2009-07-07 17:02 15490972 ----a-w- c:\program files\avc-free.exe
2009-06-22 18:58 . 2009-06-22 18:57 350928 ----a-w- c:\program files\SmileboxInstaller.exe
2009-05-04 20:28 . 2009-05-04 20:28 23510720 ----a-w- c:\program files\dotnetfx.exe
2009-05-04 20:24 . 2009-05-04 20:24 370688 ----a-w- c:\program files\FreeImageConverter.msi
2009-04-23 13:58 . 2009-04-23 13:58 1431504 ----a-w- c:\program files\RegCureSetup_RW.exe
2004-05-10 21:43 . 2004-05-10 21:43 1582 -c--a-w- c:\program files\DeIsL2.isu
2004-05-10 21:40 . 2004-05-10 21:40 1789 -c--a-w- c:\program files\DeIsL1.isu
2004-05-10 21:31 . 2004-05-10 21:29 48537 -c--a-w- c:\program files\Uninst.isu
1999-08-31 14:29 . 2004-05-10 21:29 17713 -c----w- c:\program files\readme.txt
1999-08-31 14:28 . 2004-05-10 21:29 31436 -c----w- c:\program files\useman.txt
1999-08-16 08:33 . 2004-05-10 21:29 1086 -c----w- c:\program files\ctw32u1.ico
1997-07-03 12:54 . 2004-05-10 21:40 766 -c--a-w- c:\program files\NOTEPAD.ICO
.

------- Sigcheck -------


[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\qmgr.dll
[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\bits\qmgr.dll
[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\dllcache\qmgr.dll
[-] 2007-03-29 . 65E23953D337574E549B1EF34FE0B1DA . 409600 . . [6.7.2600.3109] . . c:\windows\$hf_mig$\KB923845\SP2QFE\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtUninstallKB923845$\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2002-08-29 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2009-12-07 266888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SecureClean4RegManager"="c:\program files\WhiteCanyon\SecureClean 4\scregmanager4.exe" [2004-05-07 1253376]
"SecureClean4Tray"="c:\program files\WhiteCanyon\SecureClean 4\sctray4.exe" [2004-05-25 1568768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-18 98304]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-25 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-10-11 28672]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\Administrator.ISIS\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-10-11 28672]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-10-11 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/18/2010 2:14 PM 114768]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [7/26/2009 6:53 PM 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/18/2010 2:14 PM 20560]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [3/18/2005 11:02 AM 15576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2010-01-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {5F738800-9D2F-48CE-999B-B3D66C7E8D24} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B40B74C9-C9B3-445C-9397-EC8285292947} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\d15goudb.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Real\RealOne Player\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\d15goudb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np72esk32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPeWebEditPro.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebClient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWebImageFX.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-knktkclk - c:\documents and settings\Owner\Local Settings\Application Data\fxrdoi\tcvjsysguard.exe
HKLM-Run-knktkclk - c:\documents and settings\Owner\Local Settings\Application Data\fxrdoi\tcvjsysguard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-19 14:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1688763140-4064683507-1161176718-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-01-19 14:50:12
ComboFix-quarantined-files.txt 2010-01-19 19:49

Pre-Run: 72,291,704,832 bytes free
Post-Run: 73,852,706,816 bytes free

- - End Of File - - 00ADAC91A9F48BC8318177B2BEFCCCC4

ccrawford
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-01-19
OS OS : Windows XP
Points Points : 25218
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuqel.E

Post by Dr Jay on 20th January 2010, 3:16 am

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on vtool.zip, and extract the file to your Desktop.
  • Double-click on vtool.cmd to start.
  • !! IMPORTANT !!::: At each prompt ("Press any key to continue..."), wait 10 seconds before pressing a key. This tool needs time to process each prompt.
  • It will finish eventually and launch a log. Do NOT exit the tool. Allow it to finish. (vtool.txt)
  • Post the contents of it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuqel.E

Post by ccrawford on 20th January 2010, 4:38 am

V-Tool by DragonMaster Jay

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1016.401 [GMT -5:00]

Username: Owner - Date: 01/19/2010 - Time: 23:36:54 - Number of processors: 1 - Arch.: x86 SF:


((((( Security Software information )))))

AV: avast! antivirus 4.8.1368 [VPS 100119-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

((((( System File Verify )))))

c:\windows\system32\cngaudit.dll is missing! (If Vista/7)
c:\windows\system32\drivers\beep.sys is missing!

((((( System File Enumeration )))))

Volume in drive C is HP_PAVILION
Volume Serial Number is 20DD-FB92

Directory of C:\WINDOWS\$hf_mig$\KB968389\SP2QFE

netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\$hf_mig$\KB975467\SP2QFE

netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

scecli.dll atapi.sys netlogon.dll eventlog.dll
4 File(s) 710,144 bytes

Directory of C:\WINDOWS\$NtUninstallQ331958$

atapi.sys
1 File(s) 86,912 bytes

Directory of C:\WINDOWS\ERDNT\cache

scecli.dll atapi.sys netlogon.dll eventlog.dll
4 File(s) 738,432 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

scecli.dll atapi.sys netlogon.dll eventlog.dll
4 File(s) 738,432 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e

scecli.dll atapi.sys netlogon.dll eventlog.dll
4 File(s) 741,120 bytes

Directory of C:\WINDOWS\system32

scecli.dll netlogon.dll eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\system32\dllcache

atapi.sys
1 File(s) 95,360 bytes

Directory of C:\WINDOWS\system32\drivers

atapi.sys
1 File(s) 95,360 bytes

Total Files Listed:
24 File(s) 4,664,960 bytes
0 Dir(s) 73,708,556,288 bytes free

-----------------------------

+++ End-of-file +++

ccrawford
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-01-19
OS OS : Windows XP
Points Points : 25218
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuqel.E

Post by Dr Jay on 21st January 2010, 12:32 am

Do you have your XP cd?

Download [You must be registered and logged in to see this link.] to your desktop

  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum