Infected with Win32/Nugel.E and Bankfox a

View previous topic View next topic Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Tue Jun 29, 2010 10:06 pm

a pop up window occurs, similar to trying to open windows documents, music, etc.

states
application cannot be executed. the file mbam.exe is infected do you want to activate your antivirus software now?

MLeonardRN
Novice
Novice

Status :
Online
Offline

Posts Posts : 28
Joined Joined : 2008-12-07
OS : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Tue Jun 29, 2010 10:13 pm

Hi,

Try this first.

Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]



  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.


Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

After RKill runs, please immediately do the following: Try running MBAM

Crush
Master
Master

Status :
Online
Offline

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Wed Jun 30, 2010 5:13 pm

I was able to run MBAM without Rkill
Here is the log.
I did run and restart my computer, still seem to have problems with internet explorer, text size, connection, etc....when mozilla seems to still be OK.
thanks for all your continued help

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2010 5:11:36 PM
mbam-log-2010-06-30 (17-11-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 244174
Time elapsed: 59 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pctuhnio (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Melissa\Local Settings\temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

MLeonardRN
Novice
Novice

Status :
Online
Offline

Posts Posts : 28
Joined Joined : 2008-12-07
OS : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Wed Jun 30, 2010 10:14 pm

Ok. How are things running now?

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Crush
Master
Master

Status :
Online
Offline

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Fri Jul 02, 2010 11:32 am

I cant run the Online ESEt scanner. SOmething pops up about proxy settings are not configured. I am not sure what this means, and not sure about how to fix or reset them.

MLeonardRN
Novice
Novice

Status :
Online
Offline

Posts Posts : 28
Joined Joined : 2008-12-07
OS : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Fri Jul 02, 2010 11:47 am

McLeonardRN,

Try this:

Remove the Proxy setting in Internet explorer and/or in FireFox.

In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

Click the apply button and restart that computer in normal mode.

Crush
Master
Master

Status :
Online
Offline

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Mon Jul 05, 2010 4:12 pm

OK here is the log, things definitely running better.

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2010 5:11:36 PM
mbam-log-2010-06-30 (17-11-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 244174
Time elapsed: 59 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pctuhnio (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Melissa\Local Settings\temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

MLeonardRN
Novice
Novice

Status :
Online
Offline

Posts Posts : 28
Joined Joined : 2008-12-07
OS : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Mon Jul 05, 2010 4:15 pm

That looks like the Malwarebytes log. I need the log from ESET please Smile

Crush
Master
Master

Status :
Online
Offline

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Mon Jul 05, 2010 4:30 pm

oh, sorry, and never mind what I said before, as now it seems to be Baacckkk.

MLeonardRN
Novice
Novice

Status :
Online
Offline

Posts Posts : 28
Joined Joined : 2008-12-07
OS : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Mon Jul 05, 2010 4:32 pm

Argh! Alright, let's see what the ESET says and we'll go from there.

Crush
Master
Master

Status :
Online
Offline

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Mon Jul 05, 2010 8:42 pm

OK here is the right log this time! I will also say I ran the ESET scanner once before, everything was supposedly quarantined, I couldn't find the log to post, and then my computer was back to the same old tricks 1 day later.


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ac78e3800069154e9c01256e6267aacc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-05 11:51:16
# local_time=2010-07-05 07:51:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118607
# found=1
# cleaned=1
# scan_time=5522
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\85CUYG56\ormey[1].jar a variant of Java/TrojanDownloader.Agent.NAL trojan (deleted - quarantined) 00000000000000000000000000000000 C

MLeonardRN
Novice
Novice

Status :
Online
Offline

Posts Posts : 28
Joined Joined : 2008-12-07
OS : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Mon Jul 05, 2010 8:52 pm

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Crush
Master
Master

Status :
Online
Offline

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Tue Jul 06, 2010 9:46 pm

Ok, ran it and it automatically rebooted. Nothing to post though, right???? anything else I should be doing???

thanks again

MLeonardRN
Novice
Novice

Status :
Online
Offline

Posts Posts : 28
Joined Joined : 2008-12-07
OS : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Tue Jul 06, 2010 10:03 pm

How are things running now? Any more issues?

Crush
Master
Master

Status :
Online
Offline

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Thu Jul 08, 2010 5:20 pm

Hi Crush, I gave it a few days, and its back. I have already run Malware bytes. When I scan with Norton antivirus, it seems to run on the internet explorer history scan forever and I have to shut it down via task manager, so that is not running correctly either.
is there a way to remove this manually? I see some posts online about this. It is driving me crazy.
thanks for all your help

MLeonardRN
Novice
Novice

Status :
Online
Offline

Posts Posts : 28
Joined Joined : 2008-12-07
OS : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Sneakyone on Sat Jul 10, 2010 2:11 am

Hi, Smile

Crush is having some computer issues and will be back ASAP to assist you.

Sorry for the inconvenience,
Sneakyone

Sneakyone
Master
Master

Status :
Online
Offline

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Mon Jul 12, 2010 11:07 pm

Hi,

Sorry for the delay. Can you post the most recent log from Malwarebytes please?

Crush
Master
Master

Status :
Online
Offline

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum