BankerFox.A and Win32/Nugel.E Infections !!Help!!

View previous topic View next topic Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by Belahzur on Wed May 19, 2010 10:28 pm

Hello.
No it wont, catch you soon.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by theibones on Fri Jun 11, 2010 3:44 am

Hi,
We moved and it took the cable internet provider 20 days to get us hooked up. I will review your last entry and proceed from there.

Thanks

theibones
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-05-09
OS OS : xp 2008
Protection Protection : symtanic antivirus
Points Points : 24328
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by theibones on Fri Jun 11, 2010 3:58 am

Hi,

I followed these instructions:
In Firefox
# Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
# Click the apply button and restart that computer in normal mode.

My computer was already set at "No Proxy"

Also, I do not know what, exactly, you mean by "restart that computer in normal mode" How do I restart in Normal mode?

Thanks,

theibones
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-05-09
OS OS : xp 2008
Protection Protection : symtanic antivirus
Points Points : 24328
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by Belahzur on Fri Jun 11, 2010 12:35 pm

It just means reboot normally.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by theibones on Sat Jun 12, 2010 1:24 am

========== OTL ==========
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=skS_GJhJZuHe5S6Cn1o01w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL

OTL by OldTimer - Version 3.2.4.1 log created on 06112010_191203

theibones
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-05-09
OS OS : xp 2008
Protection Protection : symtanic antivirus
Points Points : 24328
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by Belahzur on Sat Jun 12, 2010 9:29 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by theibones on Tue Jun 15, 2010 12:15 pm

Hi,

Is this it? or do I need more steps after this?
I performed the scan per your instructions above. Thanks
Here is the report:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4192

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/12/2010 4:46:39 PM
mbam-log-2010-06-12 (16-46-39).txt

Scan type: Quick scan
Objects scanned: 138352
Time elapsed: 13 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\TMP0000000133E26E225B2CA5EB (Trojan.Dropper) -> Quarantined and deleted successfully.

theibones
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-05-09
OS OS : xp 2008
Protection Protection : symtanic antivirus
Points Points : 24328
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by Belahzur on Tue Jun 15, 2010 8:24 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by theibones on Sat Jun 26, 2010 11:08 pm

Hello,

Tried all of the above and keep getting a pop up box that says that my "Windows System Suite is still running" and then the whole process comes to a stop. I googled about this "Windows System Suite" and found out that it is a fake message and is part of the infection my computer has. Every time I boot, I get a "Windows Security Alert" message from a red shield on the tool bar were my other program icons are located. Oh, and I tried all of this is "safe mode" too....same error message. So, I was wondering if we should get rid of this fake "system suite" so I can then run the combo-fix.exe. What should I do, I'm starting to get worried because I have been trying to get this mess done with now for about three weeks. What do you think the answer is if I can't run the Comb-fix.exe?

Thanks.

theibones
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-05-09
OS OS : xp 2008
Protection Protection : symtanic antivirus
Points Points : 24328
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nugel.E Infections !!Help!!

Post by Belahzur on Sun Jun 27, 2010 10:45 pm

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Try Combofix now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum