BankerFox A infection causing failure to reboot

View previous topic View next topic Go down

BankerFox A infection causing failure to reboot

Post by dogg on 26th July 2010, 3:00 am

Hi all - I need help. I am running an IBM ThinkPad T42 laptop with Windows Xp and AntiVir virus software. Yesterday, I started getting infection messages including BankerFox A virus. My Antivir software says I do not have virus removal tool. After several reboots, now at boot up, windows tries to run but stops half way through and displays screen where you can run in Safe Mode, or Last Known Good Configuration etc. However, I have tried all these options and it keeps repeating the process with unsuccessful boot up. I can only hit the Access IBM to get into the IBM System Restore and Recovery area. Please help.

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 27th July 2010, 8:05 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





We need to do some diagnostics to get started.

1. Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

2. Download [You must be registered and logged in to see this link.] to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


3. Please download [You must be registered and logged in to see this link.] by me, and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


4. In your next reply, please post the following logs for my review:
  • MBRCheck log (2)
  • Cheetah log (3)


Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 28th July 2010, 6:15 am

Thanks DragonMaster Jay. My predicament is that during boot up, Windows stops the boot from being completed, then displays a error message stating boot up cannot be completed, then it reveats to the page requiring me to select run in Safe Mode, or Last Known Good Configuration (or others) etc. What ever option I select, the same thing happens, so essential boot up cannot be completed. I can download RKill using another computer, but how do I get this onto my infected laptop? Hop you can help?

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 28th July 2010, 9:13 pm

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Network REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 30th July 2010, 12:09 am

After clicking on OTLPENet.exe, a User Account Control window pops up stating "An identified program wants to access your computer (due to unidentified publicher). When I click Allow, IMGBurn starts up for burn and file extraction begins but then my Kaspersky PURE 9.0.0.192 (Anti-Virus software) displays a message "Potentially Dangerous Program - is being launched - IMG Burn - does not contain a digital signature, and has a high danger rating". Options at this point are: yes (allow), limit (allow but block dangerous operations) or no (bock). No sure whether to proceed, given message.

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 30th July 2010, 5:07 am

Allow it. Kaspersky products always check to make sure you know what you are doing. It is safe to proceed. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 30th July 2010, 11:30 am

I have changed bios to start CD drive at boot up and have downloaded and installed OTLPLNet. Once in Reatogo-X-PE desktop, when I click on OTLPE icon on desktop, a small grey window opens titled "Browse for Folder", which requires me to select a drive and folder, and press OK or Cancel. Te first time I ran this program, a different window opened with some options, but repeated reboot attempts only opens the "Browse for Folder" window. Don't know how to proceed. Help

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 30th July 2010, 3:02 pm

To add to Post 7, unfortunately I have not updated Java and Adobe Reader prior to running OTLPENet.exe (I don't know if I am running outdated versions). Can I and should I do so at this point, given I am not seeing the image of OTL displayed in the "Read this before posting" post 1 where you paste the code into the Custom Scans/Fixes box?

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 31st July 2010, 4:15 am

Did OTLPE install successfully on the CD, and is loaded?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 31st July 2010, 11:18 am

i've downloaded OTLPE from your link into USB, then opened and burnt onto disk. IMG Burn automatically runs to do burn. Once rebooting, Reatogo X-PE desktop loads. After clicking on OTLPE icon on desktop, the Browse for Folder window opens. I've repeated this process twice from download to disk, but both attempts the same.

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 1st August 2010, 7:42 pm

Do you have the Windows XP cd?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 2nd August 2010, 1:18 am

XP came pre-loaded on the laptop when I purchased it on ebay. I may have another XP set I've used on another computer, if it is of any use.

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 2nd August 2010, 9:03 pm

Is it just a basic XP setup disc, upgrade disc, or diagnostics?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 3rd August 2010, 1:35 am

I don't have one, but I'll download one and burn to disk, then run. Would you tell me the next few steps to do once I've done this.

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 3rd August 2010, 2:53 am

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

Then, tell me if you can boot correctly.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 3rd August 2010, 6:10 am

Thanks for your patience here.

Just so I am 100% sure here, what is the exact name of the xp software/program I need to download. Is it the setup disk, start up disk, boot disk....... or what.

When I search the web for xp start up cd, the website below has this file (WinXP_EN_PRO_BF.EXE) (from: [You must be registered and logged in to see this link.]
This XP startup disk allows computers without a bootable CD-ROM to perform a new installation of the operating system. The Windows XP startup disk will automatically load the correct drivers to gain access to the CD-ROM drive and start a new installation of Setup. You cannot upgrade from a Windows XP startup disk. Could this be it? or....... I downloaded a xp system setup disk: wxpboot.exe, from [You must be registered and logged in to see this link.]


dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by dogg on 3rd August 2010, 6:27 am

See Post 16 - PS my laptop only has CD-ROM, no floppy drive

dogg
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-07-26
Gender Gender : Male
OS OS : windows xp
Protection Protection : Avira
Points Points : 23441
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 4th August 2010, 3:31 am

I have an alternate method.

Download [You must be registered and logged in to see this link.] and save it somewhere you can find it.

Download [You must be registered and logged in to see this link.] and install it.

Start MagicISO. When it asks you to register, just close that window...the
program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created
RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed
drop-down menu, choose the top 8X setting. Format should have "Mode 1"
selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart. Boot to the CD and enter the Recovery Console.

When there, do this:

type in "fixmbr" and hit Enter.



Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BankerFox A infection causing failure to reboot

Post by Dr Jay on 10th August 2010, 7:24 pm

Are you still with us?

Please reply and let us know the progress!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum