Infected with Win32/Nugel.E and Bankfox a

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Sat 26 Jun 2010, 10:53 am

First topic message reminder :

running on windows XP. Please help. Can't open anything on internet explorer, mozilla seems to be OK. Have porn sites popping up every other minute!
Thank you in advance.

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down


Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Wed 30 Jun 2010, 1:06 pm

a pop up window occurs, similar to trying to open windows documents, music, etc.

states
application cannot be executed. the file mbam.exe is infected do you want to activate your antivirus software now?

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Wed 30 Jun 2010, 1:13 pm

Hi,

Try this first.

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3



  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.


Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

After RKill runs, please immediately do the following: Try running MBAM

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Thu 01 Jul 2010, 8:13 am

I was able to run MBAM without Rkill
Here is the log.
I did run and restart my computer, still seem to have problems with internet explorer, text size, connection, etc....when mozilla seems to still be OK.
thanks for all your continued help

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2010 5:11:36 PM
mbam-log-2010-06-30 (17-11-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 244174
Time elapsed: 59 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pctuhnio (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Melissa\Local Settings\temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Thu 01 Jul 2010, 1:14 pm

Ok. How are things running now?

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Sat 03 Jul 2010, 2:32 am

I cant run the Online ESEt scanner. SOmething pops up about proxy settings are not configured. I am not sure what this means, and not sure about how to fix or reset them.

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Sat 03 Jul 2010, 2:47 am

McLeonardRN,

Try this:

Remove the Proxy setting in Internet explorer and/or in FireFox.

In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

Click the apply button and restart that computer in normal mode.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Tue 06 Jul 2010, 7:12 am

OK here is the log, things definitely running better.

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2010 5:11:36 PM
mbam-log-2010-06-30 (17-11-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 244174
Time elapsed: 59 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pctuhnio (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Melissa\Local Settings\temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Tue 06 Jul 2010, 7:15 am

That looks like the Malwarebytes log. I need the log from ESET please

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Tue 06 Jul 2010, 7:30 am

oh, sorry, and never mind what I said before, as now it seems to be Baacckkk.

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Tue 06 Jul 2010, 7:32 am

Argh! Alright, let's see what the ESET says and we'll go from there.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Tue 06 Jul 2010, 11:42 am

OK here is the right log this time! I will also say I ran the ESET scanner once before, everything was supposedly quarantined, I couldn't find the log to post, and then my computer was back to the same old tricks 1 day later.


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ac78e3800069154e9c01256e6267aacc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-05 11:51:16
# local_time=2010-07-05 07:51:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118607
# found=1
# cleaned=1
# scan_time=5522
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\85CUYG56\ormey[1].jar a variant of Java/TrojanDownloader.Agent.NAL trojan (deleted - quarantined) 00000000000000000000000000000000 C

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Tue 06 Jul 2010, 11:52 am

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Wed 07 Jul 2010, 12:46 pm

Ok, ran it and it automatically rebooted. Nothing to post though, right???? anything else I should be doing???

thanks again

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Wed 07 Jul 2010, 1:03 pm

How are things running now? Any more issues?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by MLeonardRN on Fri 09 Jul 2010, 8:20 am

Hi Crush, I gave it a few days, and its back. I have already run Malware bytes. When I scan with Norton antivirus, it seems to run on the internet explorer history scan forever and I have to shut it down via task manager, so that is not running correctly either.
is there a way to remove this manually? I see some posts online about this. It is driving me crazy.
thanks for all your help

MLeonardRN

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2008-12-08
Operating System : windows xp

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Sneakyone on Sat 10 Jul 2010, 5:11 pm

Hi,

Crush is having some computer issues and will be back ASAP to assist you.

Sorry for the inconvenience,
Sneakyone

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Crush on Tue 13 Jul 2010, 2:07 pm

Hi,

Sorry for the delay. Can you post the most recent log from Malwarebytes please?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected with Win32/Nugel.E and Bankfox a

Post by Sponsored content Today at 4:09 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum