GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Threats from Win32/Nuquel.E and Bankerfox.A

View previous topic View next topic Go down

Threats from Win32/Nuquel.E and Bankerfox.A

Post by megancockrum on Sun May 10, 2009 11:29 pm

My computer has been working slower that usual and when i click on a link it redirects me to another page. Also, a white box now pops up in the middle of my screen and another white box pops up in the lower right corner of my screen that says:
Attack from: 245.138.102.57, port 28978
Attacked port: 57985
Threat: Win32/Nuqel.E
and
Attack from: 166.79.121.229, port 22322
Attacked port:m 13861
Threat: Bankerfox.A

it also seems that my computer wont let me download any anti-virus programs and i have no idea what to do. I am not computer savvy at all so I'm trying not to do anything to mess my computer up even more!

megancockrum
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-05-10
OS : windows
Points : 27648
# Likes : 0

View user profile

Back to top Go down

Also....

Post by megancockrum on Sun May 10, 2009 11:31 pm

the numbers in the white box in the lower right corner change every once in a while, they are never the same numbers

megancockrum
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-05-10
OS : windows
Points : 27648
# Likes : 0

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by Origin on Sun May 10, 2009 11:38 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by megancockrum on Sun May 10, 2009 11:53 pm

When i click the link it says Page Load Error.
Firefox can't establish a connection to the server at download.bleepingcomputer.com.







Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.
* Are you unable to browse other sites? Check the computer's network connection.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.

it seems that this has been happening with any link that will lead me to getting rid of these viruses

megancockrum
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-05-10
OS : windows
Points : 27648
# Likes : 0

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by Origin on Mon May 11, 2009 12:04 am

A rootkit is blocking you access to the site, lets remove it:



1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by megancockrum on Mon May 11, 2009 12:26 am

The same thing is happening as before, i click on the link and it says there is a page load error.

megancockrum
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-05-10
OS : windows
Points : 27648
# Likes : 0

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by Origin on Mon May 11, 2009 12:44 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by megancockrum on Mon May 11, 2009 1:11 am

clicked both links and both of them are still Page Load Error

megancockrum
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-05-10
OS : windows
Points : 27648
# Likes : 0

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by Belahzur on Mon May 11, 2009 1:22 am

Me thinks there is a proxy set, the tools Origin wanted to use are hosted across different sites, I know some of the bigger names like BC are blocked by the malware, but I don't think foro is.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


See if you can download Hijack This now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by megancockrum on Mon May 11, 2009 1:43 am

on firefox it was already set to "no proxy"

megancockrum
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-05-10
OS : windows
Points : 27648
# Likes : 0

View user profile

Back to top Go down

Re: Threats from Win32/Nuquel.E and Bankerfox.A

Post by Belahzur on Mon May 11, 2009 1:45 am

Okay, guess we'll need to use another machine.
Do you have a USB stick/external drive and another machine Origin can have you use to transfer tools over?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum