Bankerfox.A amongst other things

View previous topic View next topic Go down

Bankerfox.A amongst other things

Post by aivlis on 9th February 2010, 6:08 am

Hi, I'm trying to fix a laptop for a friend, but I'm completely stumped on this one. It's been infected by Bankerfox.A, so whenever i open IE, it doesn't let me access anything. I open firefox, but it won't let me browse any webpages either. They all eventually fall back to [You must be registered and logged in to see this link.] or say the page cannot be found in the server. I am unable to download any antivirus software, do a system restore, or anything, because any .exe file i try to open comes out as "Application cannot be executed. the file xxxxx.exe is infected. Do you want to activate your antivirus software now?". I also cannot install any software through a USB, since it will give me the same error message when it's trying to read the USB drivers. I tried with a CD, same thing. I can't start the laptop on safe mode because the screen is broken (i have it connected to a monitor) and when I press F8 at startup, that doesn't show on the external monitor. Any ideas?

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by Dr Jay on 9th February 2010, 2:11 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by aivlis on 10th February 2010, 4:14 am

I'm sorry, but like I said, it won't let me access any websites. I'm typing this from another computer because any website i try to access goes to a fake google page that says that the requested URL was not found on the server.

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by Dr Jay on 10th February 2010, 4:34 am

Please transfer the download from a clean computer on to the infected one.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by aivlis on 10th February 2010, 4:39 am

I did try. The laptop won't let me open any executable files. It won't let me open task manager. It won't even let me open system restore. I can't download, install, or run anything

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by Dr Jay on 10th February 2010, 4:50 am

Rename it to blackpudding.bat and try again please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by aivlis on 10th February 2010, 4:54 am

It does the same thing...Sorry, I forgot to add, it gives me a fake Windows Security Alert popup that says "Application cannot be executed. The file blackpudding.bat (or whichever is trying to open) is infected. Do you want to activate your antivirus software now?"

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by Dr Jay on 10th February 2010, 2:56 pm

Rename it to iexplore.exe

Then, go to Start > Run and paste this command and press OK:

"%desktop%\iexplore.exe" /stepdel


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by aivlis on 10th February 2010, 3:35 pm

it brings up a search window, like if it can't find the file. Also, just thought you might need to know, if i double click the icon, a little bar comes up that says "ComboFix", it loads, but then at the end it doesn't do anything.

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by Dr Jay on 11th February 2010, 3:44 am

Last try here. If bust, then we will get a more powerful option. Shh a secret

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, try ComboFix again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by metalmikey on 11th February 2010, 9:42 am

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. ~DragonMaster Jay

metalmikey
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-02-11
OS OS : Windows XP
Points Points : 24985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by aivlis on 12th February 2010, 10:18 pm

The laptop's screen is not working, so it doesn't let me start in safe mode :sad:

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by Dr Jay on 13th February 2010, 3:55 pm

Odd. But, you start just fine in normal mode?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by aivlis on 13th February 2010, 4:55 pm

Yes, I have it plugged in to a monitor. But when I press F8 as its starting up, the boot screen doesn't show on the external monitor. It only starts showing after the vista logo comes up

ComboFix is running now..I guess the computer just needed to rest, maybe? Well, it's scanning atm, so I'll post the scan log as soon as it comes up. Thanks


Last edited by aivlis on 14th February 2010, 4:04 am; edited 1 time in total (Reason for editing : update)

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by aivlis on 14th February 2010, 4:46 am

ComboFix 10-02-09.03 - Daniel 02/13/2010 22:03:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1161 [GMT -6:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3443657032-2903806523-3540040041-500
c:\$recycle.bin\S-1-5-21-3967032013-1912477881-1511816985-1001
c:\$recycle.bin\S-1-5-21-3967032013-1912477881-1511816985-500
c:\users\Daniel\AppData\Local\vmibou
c:\users\Daniel\AppData\Local\vmibou\bdsxsftav.exe
c:\windows\fxstaller.exe
c:\windows\system32\KBL.LOG
c:\windows\system32\oem3.inf
c:\users\Daniel\secupdat.dat . . . . failed to delete
c:\windows\system32\secupdat.dat . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 04:17 . 2010-02-14 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-10 04:16 . 2009-12-04 16:27 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 04:16 . 2009-12-04 16:27 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 04:37 . 2010-02-09 04:37 -------- dc----w- C:\89f2b01f43ee574fe247
2010-02-07 01:33 . 2010-02-07 01:33 16384 ---ha-w- c:\users\Daniel\fnlqaf.exe
2010-02-01 17:00 . 2010-02-01 17:00 -------- d-----w- c:\users\Daniel\AppData\Roaming\Facebook
2010-02-01 14:08 . 2010-02-01 14:08 16384 ---ha-w- c:\users\Daniel\bwuy.exe
2010-01-22 11:43 . 2009-12-18 12:52 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-16 04:35 . 2010-01-15 19:24 225280 --sh--r- c:\windows\system32\wmisktp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 04:21 . 2008-07-29 04:17 -------- d-----w- c:\users\Daniel\AppData\Roaming\LimeWire
2010-02-14 03:59 . 2008-07-23 19:26 290886 ----a-w- c:\users\Daniel\AppData\Roaming\nvModes.dat
2010-02-12 22:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-09 04:46 . 2007-11-02 07:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-09 04:42 . 2007-11-02 07:25 -------- d-----w- c:\progra~2\Symantec
2010-02-01 17:00 . 2010-02-01 17:00 50354 ----a-w- c:\users\Daniel\AppData\Roaming\Facebook\uninstall.exe
2010-02-01 14:14 . 2009-09-30 00:09 -------- d-----w- c:\program files\AIM Toolbar
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\users\Daniel\AppData\Roaming\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Daniel\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-22 18:36 . 2009-11-10 06:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 18:27 . 2008-07-29 04:16 -------- d-----w- c:\program files\LimeWire
2010-01-14 17:12 . 2009-10-02 16:23 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-18 12:48 . 2010-01-22 11:42 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48 . 2010-01-22 11:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46 . 2010-01-22 11:42 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18 . 2010-01-22 11:42 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45 . 2010-01-22 11:42 48128 ----a-w- c:\windows\system32\mshtmler.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-28 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-02 1006264]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CFmon"="c:\users\Daniel\fnlqaf.exe" [2010-02-07 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\cguvmmot.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Daniel\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-jhdalwnw - c:\users\Daniel\AppData\Local\vmibou\bdsxsftav.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-exxmdlzs.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-13 22:21
Windows 6.0.6000 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5472)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\LimeWire\LimeWire.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
.
**************************************************************************
.
Completion time: 2010-02-13 22:36:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-14 04:35

Pre-Run: 82,781,044,736 bytes free
Post-Run: 83,650,134,016 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4,5
- - End Of File - - 8B66006D7C20D3A77F5DC800DEF3CD86

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by Dr Jay on 14th February 2010, 8:34 pm

Hi again. Please do these steps in order.

1. Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

[You must be registered and logged in to see this link.]

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A amongst other things

Post by aivlis on 21st February 2010, 4:06 am

I ran MalwareBytes, and after the restart, the laptop won't pick up the external screen anymore. The laptop's screen is broken, so I don't know what to do now

aivlis
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-02-09
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25541
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum