GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

antivir solution pro win32/Nuqel.E and

View previous topic View next topic Go down

antivir solution pro win32/Nuqel.E and

Post by jogismo on Sun Jul 25, 2010 4:41 pm

I have both of the viruses listed above on my laptop. I cant do anything with my computer without pop ups saying i have infected files pop up to the point where I can not execute and file . The only thing that seems to be unaffected is mozilla firefox. .I can not run any spyware or removal programs or access my control panel. I also have internet explorer popping up with ad sites.

thanks

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Sun Jul 25, 2010 5:00 pm

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too Smile and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly Smile.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

====
Download [You must be registered and logged in to see this link.] to your Desktop


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Sun Jul 25, 2010 5:20 pm

Hi Chris

thanks for you time, I'm Joan

I can not download nothing with my computer because i don't have internet acces. virus don't allow to me start internet

what can I do?

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Sun Jul 25, 2010 5:22 pm

Hi Joan Smile

Do you have access to another machine? Perhaps we can get the files needed on to your PC by downloading them from another machine and putting them on a USB stick or CD.

EDIT: You mentioned Mozilla is unaffected. Can you use that?

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Sun Jul 25, 2010 5:25 pm

yes I already tried but in normal mode I can't run them, and neither in safe mode

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Sun Jul 25, 2010 5:26 pm

Try my instructions from Post 2 in Normal Mode. RKill will kill the active infection so it's like your computer is clean. But, the infection will only be prevented from running, not actually off your machine. The next time you reboot it will be back. That should let OTL run and we'll go from there Smile

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Sun Jul 25, 2010 5:34 pm

I can't open USB the the trojan block it

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Sun Jul 25, 2010 5:38 pm

Can't open in Normal or Safe mode? If safe mode, try Normal Smile

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Mon Jul 26, 2010 2:51 pm

Hi Chris, are you there?

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Mon Jul 26, 2010 5:12 pm

Hi,

Did you see post 8?

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Mon Jul 26, 2010 5:31 pm

yes, I tried in normal and in safe mode but it didn't work

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Mon Jul 26, 2010 5:36 pm

Do you have another browser? Chrome, Firefox, SeaMonkey, etc. Do they work there?

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Mon Jul 26, 2010 5:49 pm

I have Chrome, it doesn't work, all its blocked by the virus

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Mon Jul 26, 2010 6:05 pm

Hi,

We're slowly running out of options here. I'm going to have a conversation with a few colleagues about this and I will be back to you asap

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Mon Jul 26, 2010 6:12 pm

OK, thak you very much

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Mon Jul 26, 2010 6:15 pm

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Mon Jul 26, 2010 6:52 pm

Can we meet for tomorrow?I ve to give back the computer to my roomie.
I'll be connected from 15h00 (I live in Europe).

See you tomorrow


jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Mon Jul 26, 2010 6:55 pm

Ok. I look forward to your reply.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Tue Jul 27, 2010 1:18 pm

Hi Chris,

It's very strange, this morning I tried to run 'rkill' and it works, here you are:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Usuario on 27/07/2010 at 14:41:10.
Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Usuario\Escritorio\rkill.exe

Rkill completed on 27/07/2010 at 14:41:27.


jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Tue Jul 27, 2010 1:41 pm

Hi Chris,

I tried this morning and it works, here you are

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Usuario on 27/07/2010 at 14:41:10.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Usuario\Escritorio\rkill.exe


Rkill completed on 27/07/2010 at 14:41:27.

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by jogismo on Tue Jul 27, 2010 1:46 pm

but I can't open OTL Indifferent or Blank

jogismo
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2010-07-23
OS : windows xp
Points : 24032
# Likes : 0

View user profile

Back to top Go down

Re: antivir solution pro win32/Nuqel.E and

Post by Crush on Tue Jul 27, 2010 5:09 pm

Ok try RKill and then try this:

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male
Points : 42058
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum