BankerFox.A and Win32/Nuquel.E

View previous topic View next topic Go down

BankerFox.A and Win32/Nuquel.E

Post by Callie on Sat Apr 11, 2009 9:59 pm

Hi. My computer has viruses! My Spyware alrert indicates 34 serious treats have been found while scanning my files and registry. Attack from: 142.172.175.190, port 9508, Attached port: 40344, Threat: Win32/Nuqel.E, also, Attack from: 212.225.37.111, port 31060, Attacked port: 27059, Threat: BankerFox.A, also, Attack from: 237.152.246.171, port 31060, attacked port: , Attack from: 158.177.241.218, port 7535, attacked port 59707, BankerFox.A The list goes on and on.

I purchased McAfee VirusScan Plus 2009. I tried to install it; however, it tells me to remove PC-Cillin 2003 first. I cannot find this program on my computer (it must be hidden).

Please help.

Thank you!!!

Callie
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-04-11
OS OS : windows 2000 professional
Points Points : 27967
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E

Post by Belahzur on Sat Apr 11, 2009 11:04 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E

Post by Callie on Sun Apr 12, 2009 5:07 am

DDS (Ver_09-03-16.01) - FAT32x86
Run by Administrator at 21:57:38.98 on Sat 04/11/2009
Internet Explorer: 6.0.2600.0000 BrowserJavaVersion: 1.6.0_11
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.255.116 [GMT -7:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINNT\sysguard.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mDefault_Search_URL = 00000003
mSearch Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BHO: {abd42510-9b22-41cd-9dcd-8182a2d07c63} - c:\winnt\system32\iehelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [system tool] c:\winnt\sysguard.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [AtiPTA] atiptaxx.exe
mRun: [Microsoft IntelliType Pro] "c:\program files\microsoft hardware\keyboard\speedkey.exe"
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [Ideal] c:\winnt\system32\spool\drivers\w32x86\ideal.exe
mRun: [LoadQM] loadqm.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroCheck] c:\winnt\system32\NeroCheck.exe
mRun: [Lexmark X83 Button Monitor] c:\progra~1\lexmar~1\ACMonitor_X83.exe
mRun: [Lexmark X83 Button Manager] c:\progra~1\lexmar~1\AcBtnMgr_X83.exe
mRun: [PrinTray] c:\winnt\system32\spool\drivers\w32x86\3\printray.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
mRun: [Propel Accelerator] "c:\program files\earthlink totalaccess\accelerator\PropelAC.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
uExplorerRun: [svcho] c:\winnt\svcho.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {31564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {32564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {33564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ActiveSync - WcesWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6lykp5fb.default\

============= SERVICES / DRIVERS ===============

R2 BsUDF;BsUDF;c:\winnt\system32\drivers\bsudf.sys [2003-1-14 305961]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\winnt\system32\drivers\usbscan.sys [2002-3-6 12592]
S3 usbu2a;UsbU2A;c:\winnt\system32\drivers\usbu2a.sys [2001-8-30 5108]
S4 Racdicfafpq;Racdicfafpq; [x]

=============== Created Last 30 ================

2009-04-11 21:57 16,384 a------- c:\winnt\system32\Perflib_Perfdata_31c.dat
2009-04-11 21:38 10,752 a------- c:\winnt\system32\iehelper.dll
2009-04-11 21:37 16,384 a------- c:\winnt\system32\Perflib_Perfdata_4cc.dat
2009-04-11 21:37 16,384 a------- c:\winnt\system32\Perflib_Perfdata_260.dat
2009-04-11 16:00 65,128 a------- c:\winnt\system32\drivers\avgntflt.sys
2009-04-10 12:14 --d----- c:\program files\EsetOnlineScanner
2009-04-10 07:10 102,664 a------- c:\winnt\system32\drivers\tmcomm.sys
2009-04-10 07:09 --d----- c:\documents and settings\administrator\.housecall6.6
2009-04-09 21:01 16,384 a------- c:\winnt\system32\Perflib_Perfdata_270.dat
2009-04-09 17:27 14,336 a------- c:\winnt\syssvc.exe
2009-04-09 12:39 315,920 -------- c:\winnt\sysguard.exe
2009-04-01 22:38 --d----- c:\docume~1\admini~1\applic~1\Intuit
2009-04-01 22:36 --d----- c:\program files\common files\AnswerWorks 5.0
2009-04-01 22:26 --d----- c:\docume~1\alluse~1.win\applic~1\Intuit
2009-04-01 22:02 71,440 -------- c:\winnt\system32\dllcache\browser.dll
2009-04-01 22:02 442,640 a------- c:\winnt\system32\ipnathlp.dll
2009-04-01 22:02 442,640 -------- c:\winnt\system32\dllcache\ipnathlp.dll
2009-04-01 22:02 255,248 -------- c:\winnt\system32\dllcache\h323.tsp
2009-04-01 22:02 167,184 -------- c:\winnt\system32\dllcache\wintrust.dll
2009-04-01 22:00 --d-h--- c:\winnt\msdownld.tmp
2009-03-19 05:33 16,384 a------- c:\winnt\system32\Perflib_Perfdata_540.dat

==================== Find3M ====================

2009-02-08 08:16 1,644,784 a------- c:\winnt\system32\WIN32K.SYS
2009-02-08 08:16 1,644,784 -------- c:\winnt\system32\dllcache\win32k.sys
2009-01-29 07:07 16,384 a------- c:\winnt\system32\Perflib_Perfdata_5dc.dat
2009-01-28 15:47 16,384 a------- c:\winnt\system32\Perflib_Perfdata_520.dat
2001-06-20 16:19 40,960 a------- c:\program files\ACMonitor_X83.exe
2001-05-04 19:00 21,952 ----h--- c:\program files\folder.htt
2001-05-04 19:00 271 ----h--- c:\program files\desktop.ini
2000-07-26 12:00 32,528 a------- c:\winnt\inf\wbfirdma.sys
1998-12-08 19:53 186,368 a------- c:\program files\common files\IRAREG.DLL
1998-12-08 19:53 99,840 a------- c:\program files\common files\IRAABOUT.DLL
1998-12-08 19:53 70,144 a------- c:\program files\common files\IRAMDMTR.DLL
1998-12-08 19:53 48,640 a------- c:\program files\common files\IRALPTTR.DLL
1998-12-08 19:53 31,744 a------- c:\program files\common files\IRAWEBTR.DLL
1998-12-08 19:53 17,920 a------- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 21:58:12.46 ===============

Callie
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-04-11
OS OS : windows 2000 professional
Points Points : 27967
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BankerFox.A and Win32/Nuquel.E

Post by Belahzur on Sun Apr 12, 2009 2:41 pm

Hello.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    Racdicfafpq

    :files
    c:\winnt\system32\iehelper.dll
    c:\winnt\syssvc.exe
    c:\winnt\sysguard.exe

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd42510-9b22-41cd-9dcd-8182a2d07c63}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "system tool"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "svcho"=-


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum