WIN32/Nuqel.E

View previous topic View next topic Go down

WIN32/Nuqel.E

Post by DHoward on 22nd April 2010, 4:17 pm

My computer has been infected by Win32/Nuqel.E and BankerFox.A

I cannot download anything nor open files such as Open Office or PDFs. I have the latest Windows updates, Adobe Reader 9.3 and the latest automatic Java update.

My computer is an Acer laptop with Windows Vista. Please help me remove this virus/spyware.

DHoward
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-04-22
OS OS : Vista
Points Points : 24228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Nuqel.E

Post by Belahzur on 22nd April 2010, 6:32 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WIN32/Nuqel.E

Post by DHoward on 22nd April 2010, 10:59 pm

I clicked the OTL link, then clicked the Save File button. Nothing happened. A Security Warning box appears saying "Application cannot be executed. The file searchfilterhost.exe is infected." or "searchprotocolhost.exe is infected."

What am I doing wrong? This is unfamiliar territory for me. Please spell it out even if the answer seems obvious!

Thanks.

DHoward
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-04-22
OS OS : Vista
Points Points : 24228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN32/Nuqel.E

Post by Belahzur on 23rd April 2010, 12:28 am

Hello.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Try OTL now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum