Win32/Nuqel.E and Banker A virus hijacked my laptop

View previous topic View next topic Go down

Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Momsy on Tue Sep 14, 2010 3:15 am

I have a laptop that is on loan through a public school administration center in another state so I do not have administrator privileges like most people. The school provides the security but that was hijacked when the virus was downloaded. I have tried following instructions to other people but have had no success as either I have no privileges or the virus won't allow me to open the program. Is there ANY help out there for getting rid of these things? :sad:

Momsy
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-09-14
OS OS : XP
Points Points : 22933
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Dr Jay on Tue Sep 14, 2010 5:05 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.




Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Momsy on Tue Sep 14, 2010 5:16 am

when I double click on RKill it tells me the application cannot be executed and asks if I would like to activate the antivirus software (which is actually the virus I'm trying to get rid of - Security Suite).

Momsy
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-09-14
OS OS : XP
Points Points : 22933
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Momsy on Tue Sep 14, 2010 5:38 am

ok I got it to run for a few seconds before being hijacked again. It said that it was terminating known malware processes and to please be patient. Then a warning pops up saying it cannot find C:\rkill.log and to run a search for it.

Momsy
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-09-14
OS OS : XP
Points Points : 22933
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Momsy on Tue Sep 14, 2010 5:43 am



Rkill by Lawrence Abrams (Grinler)
BleepingComputer.com

Terminating known malware processes.
Please be patient.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
pevFind by Billy Robert O'Neal III
Version: 509
Distributed under the Boost Software License, Version 1.0.
(See accompanying file LICENSE_1_0.txt or copy at
[You must be registered and logged in to see this link.]

pevFind contains some code from Info-ZIP, used with permission.
In accordance with Info-ZIP's License, it can be found at
[You must be registered and logged in to see this link.]
Special thanks to Lucian Wischik's for Zip Utils

Filename regular expressions library is
Copyright (C)1997-1998 by David R. Tribble, all rights reserved.

Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

Momsy
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-09-14
OS OS : XP
Points Points : 22933
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Momsy on Tue Sep 14, 2010 5:44 am

I had to repeatedly click on the log file until it would let me select all and copy before closing the window. But thats what I got. Any advice?

Momsy
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-09-14
OS OS : XP
Points Points : 22933
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Momsy on Wed Sep 15, 2010 8:34 am

ok. I was able to trick the virus and terminate the process itself immediately upon loading windows. I used my installed anti-virus program (Microsoft forefront) to preform a scan and quarantine the intruder. It doesn't allow me to delete so I have to use this process every time I sign onto the laptop for the time being. I tried the Combofix but it just tells me I don't have administrative rights. Bring it on I'm not going to be able to fix this myself am I?

Blasted coffee shop servers! Evil or enraged

Momsy
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-09-14
OS OS : XP
Points Points : 22933
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Dr Jay on Thu Sep 16, 2010 3:03 am

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Then try again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Momsy on Thu Sep 16, 2010 5:01 pm

Sadly I fear there is no solution other than returning the computer to the school and paying for repairs Annoyed or Unimpress

I tried rebooting in Safe Networking mode but when I reach the blue Windows screen to load windows there is no account name available to click on (weird I know). It says "click on a name to open account" but there is nothing.

So unless you have further advice thank you for your help up to this point.

Momsy
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-09-14
OS OS : XP
Points Points : 22933
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Nuqel.E and Banker A virus hijacked my laptop

Post by Dr Jay on Fri Sep 17, 2010 9:04 am

  • [You must be registered and logged in to see this link.]
    If you encounter problems running the RescueDisk, you can get further assistance at the [You must be registered and logged in to see this link.].
If you are not sure how to burn an image, please read [You must be registered and logged in to see this link.]. If you need a FREE utility to burn the ISO image, download and use [You must be registered and logged in to see this link.].

Let me know how it goes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum