BANKERFOX.A, WIN32/NUQEL.E

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 1:13 am

I have changed our passwords, am i safe now to use internet to do the "move it"

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 1:14 am

Yep.
Do the OTMoveIt scripts, then we'll have a look inside that folder once you post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 2:00 am

========== FILES ==========
c:\windows\syssvc.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02182009_203836

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 2:01 am

i am now on the pc and not the laptop... so the internet is finally connected.

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 2:03 am

Please download DirLook by jpshortstuff from one of the following mirrors:
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
  • Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    Code:
    C:\s6uo

  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)
Note: Scanning may take longer for large folders.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 2:13 am

i had to still do it on my laptop since the link did not work onthe pc. .... here is the text..


DirLook.exe v2.0 by jpshortstuff
Log created at 21:12 on 18/02/2009
==================================
Contents of "C:\s6uo"

Unable to find directory.

==================================
=EOF=

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 2:16 am

Hmm.
It's a file, not a folder.
Something has removed the file extension.

Delete this file in bold:
C:\s6uo

As for the link not working.
It should work now, the rootkit is gone.

Please run a GMER Rootkit scan:

Download GMER's application from here:
[You must be registered and logged in to see this link.]

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.

The log will be huge, so please update to to here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 2:19 am

do i run the dirlook first and input
C:\s6uo or do i run the gmer

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 2:25 am

Don't run DirLook, you can delete that.
Then delete C:\s6uo.

Then run GMER using my instructions.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 2:37 am

it is running now. i opened up mediafire. do i use the big green button - that says "download files to mediafire?" or so i download a different way?

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 2:38 am

i also have NOT backed up files yet......

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 2:53 am

it is done, and I hit copy..... do i have to have an account or use the basic uploader

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 3:03 am

hello....

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 3:36 am

i created an accout on mediafire and i then pasted the files in a txt (notepad) file and uploaded them to my account on mediafire. i hope this was correct....

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 3:39 am

ok it is late ineed to continue tomorrow so please let me know if i did it right....

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 1:52 pm

Hello.
When you press the green button, it should give you the option to upload without an account, so choose that option and locate the log, then upload it.

It should give you a share URL so I can get the log file.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 9:29 pm

hello.... are you there

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 9:31 pm

Yep, right here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 9:33 pm

i had to rerun gmer to get the files - once i run it you said to COPY it - do i copy all the files and to what

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 9:33 pm

i did it once and copied it to word pad last night...

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 9:35 pm

Hello.
Copy it to wordpad/notepad again, then upload it at mediafire.com please.

Upload without an account, locate the file and upload it.
It should give you a share URL.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 9:46 pm

it finished ruuning ....

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 9:50 pm

Could you upload the log please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 9:51 pm

[You must be registered and logged in to see this link.]

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 10:01 pm

Hello.
The log looks fine, still having problems?

I want to check something.

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 10:04 pm

so far no problems - looking up goorefix now on internet to download it

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 10:16 pm

Hello.
Don't run Gooredfix, don't need to anymore.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 10:19 pm

already ran it - i sent this while you were sending

GooredFix v1.91 by jpshortstuff
Log created at 17:17 on 19/02/2009 running Option #1 (Eileen)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 10:20 pm

Doesn't matter.
I've edited my above post.
You should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 10:26 pm

Wow..... Thanks for all that great information.... One thing I added was to educate my son tooo, who probably was main reason for this issue. I will fil out the form too. You are wonderful and much appreciated.... Thanks a million

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 10:35 pm

i did a reply form and i hope it went, got page cannot be displayed after .... I may re-do it just in case.. One last final question,,,,, can i delete the things I downloaded???

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 10:42 pm

Yep, delete everything we used.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 10:54 pm

thanks.... one last thing, when i click on the links it does not go, but if i cut and paste to url it does. is that basue my security settings???

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 10:58 pm

It could be.
Are you getting re-directed or just blank pages?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 11:09 pm

just nothing - the links do not re-direct.

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Belahzur on 19th February 2009, 11:20 pm

Ok.
It could be a problem with Internet Explorer, try Firefox.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 11:31 pm

what is firefox... do i go to [You must be registered and logged in to see this link.]

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 11:31 pm

other links works when i go to their sites so it was just on the links you sent me

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by eileen on 19th February 2009, 11:40 pm

np i got it going and downloading the spyware now -

eileen
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-02-18
OS OS : windows xp
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: BANKERFOX.A, WIN32/NUQEL.E

Post by Doctor Inferno on 6th July 2009, 3:36 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104630
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum