Antivirus Live (Bankerfox.A/Nuqel)

View previous topic View next topic Go down

Antivirus Live (Bankerfox.A/Nuqel)

Post by AZ108 on Thu Jan 21, 2010 8:07 am

It looks like a lot of people are having the same problem I am.

My computer was infected with the Antivirus Live malware a few days ago. Their pop ups tell me I am infected with the Bankerfox.A and Nuqel viruses and it runs a scan and keeps trying to get me to download their program. I cannot access the internet to download malwarebytes or copy any of the files to your website like you have asked others to do. I am writing this from my MSNTV2 browser which cannot download files because it does not have a hard drive.

The malware put an icon on my control page that says hs_err_pid1512. I clicked on properties and it said: Text document, 12KB, 193.134.61.2, Port 44700, Original Location: c:\Documents and settings\My Name\Desktop. Then I deleted it into my recycle bin. People on the internet said one of the files it leaves is called sysguard.exe so I was able to run the search feature for that and deleted it into my recycle bin. It also planted a shield icon next to my other icons at the bottom of my screen and it has a pop up. I clicked on one of the alert pop ups and clicked properties and it said the url is [You must be registered and logged in to see this link.] and settings\my name\Local settings\Application!

I went into programs and was able to click on latest and it showed a progam called EDT Ware. Suspiciously, it said the last date used was 11/18/2010! It also had PS/2-x86 5.0.0.5 WHQL. Since I am not very experienced with computers I wasn't sure whether to remove it although I was very tempted to since it had the word "ware" in it and the date was so suspicious. Later when I went back to remove it because I figured it was the malware, the antivirus pop up blocked me as it does with pretty much anything I try to do. I notice now when I boot up I have about a 30 second window where I can act before the malware loads and starts throwing pop ups. So I used the 30 sec window to delete the EDT Ware program. I tried to access the internet to download malwarebytes during this window but couldn't. The Internet Explorer page looks like a fake page created by their malware and keeps trying to get me to download their program. It was also loading porn sites until I deleted the EDT Ware program. So far, those have not loaded again.

I tried to run taskmanager so I could look at the files but when the files load it blocks them. Even when I hold Shift+ CTRL+ Escape.

It does seem to be quite a bit better since I removed the EDT Ware program. I'm still getting the pop ups but not as many and it seems to have taken some of the wind out of their malicious program. I also tried running the clean disk feature and it cannot run.

I don't have much experience on computers. About ten years ago I started teaching myself some stuff but really know very little. I don't even know how to boot in safe mode as you have instructed others.

Thanks for an help you can give.

AZ108
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-01-20
OS OS : Windows XP
Points Points : 25138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live (Bankerfox.A/Nuqel)

Post by Belahzur on Thu Jan 21, 2010 5:22 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Live (Bankerfox.A/Nuqel)

Post by AZ108 on Fri Jan 22, 2010 3:25 am

Sorry Belahzur, I am not able to access the internet to download Hijackthis. The malware has control of my computer and won't let me get access to the internet. Are there other options? :sad:

AZ108
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-01-20
OS OS : Windows XP
Points Points : 25138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live (Bankerfox.A/Nuqel)

Post by Belahzur on Fri Jan 22, 2010 10:19 pm

Can you transfer tools over from another machine via USB?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Live (Bankerfox.A/Nuqel)

Post by averylynn7 on Sat Jan 23, 2010 7:24 pm

I am having a similar issue to this post. I have and I'm using another computer to discover the fixes and have downloaded the Hijackthis software to a flashdrive per your recommendation. I am trying to open it on the infected computer but keep getting a pop-up stating "Security Warning - Application cannot be executed. The file csc.exe is infected. Do you want to activate your antivirus software now?"

I tried the SmitfraudFix.exe last night and it appeared to clear it up until I tried to install TrenMicro as the antivirus software and had to turn the internet back on to allow it to work...at that point I seem to have found myself back in the same boat!

Please help a somewhat uneducated computer user to resolve this issue!!

JM

averylynn7
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-01-23
OS OS : xp
Points Points : 25105
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live (Bankerfox.A/Nuqel)

Post by Belahzur on Sat Jan 23, 2010 11:54 pm

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum