win32/Nugel.E/Banker Fox.A

View previous topic View next topic Go down

win32/Nugel.E/Banker Fox.A

Post by tmjkbd on Sat May 15, 2010 4:37 pm

Hi there,

I have this trojan on my other computer.......I cannot go onto explorer at all to fix this problem, therefore I am using another computer to try to fix this issue. The computer that has the virus runs on Windows XP.....hope you can help me

tmjkbd
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-05-15
OS : xp

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by Belahzur on Sat May 15, 2010 9:07 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by tmjkbd on Sat May 15, 2010 10:51 pm

I dowloaded OTL and the virus is closing the window down before I can click Run Scan

tmjkbd
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-05-15
OS : xp

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by Belahzur on Sat May 15, 2010 10:53 pm

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Try now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by tmjkbd on Sat May 15, 2010 11:42 pm

I ran rkill and it seems to have stopped the threat popups... what next???
thank you

tmjkbd
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-05-15
OS : xp

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by Belahzur on Sun May 16, 2010 12:09 am

Run the OTL scan now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by tmjkbd on Sun May 16, 2010 12:52 am

Ran OTL scan..........message pops up and says "Cannot find the E\\OTL.Txt file. Do you want to create a new file. There is also an untitled notpad box behind it.

tmjkbd
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-05-15
OS : xp

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by Belahzur on Sun May 16, 2010 8:06 pm

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Try OTL again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by tmjkbd on Sun May 16, 2010 9:41 pm

Still the same message after the last time I ran OTL

tmjkbd
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-05-15
OS : xp

View user profile

Back to top Go down

Re: win32/Nugel.E/Banker Fox.A

Post by Belahzur on Mon May 17, 2010 9:41 pm

Hello.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum