Contact Us

Home > Infected With > Infected With Bankerfox.A And/or Win32/Nuqel.E

Infected With Bankerfox.A And/or Win32/Nuqel.E

I got this f***ing thing [I THINK from a supposed music CD site, with a song called Please Freeze Me]. Please register to post and access all features of our very popular forum. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. My help is free, but if you wish to help keep these forums running please consider a donation, see here for details. weblink

BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Thank you! Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your http://www.bleepingcomputer.com/forums/t/313836/infected-with-bankerfoxa-andor-win32nuqele/

HijackThis generates a report that others can use to identify what's wrong and advise you how to fix the problem. Again, if it looks suspicious...Currently redoing malwarebytes, fully updated, on all my disks... Back to top #10 Rocket Grannie Rocket Grannie SWI Australian Rebel Administrators 7,764 posts Posted 02 June 2010 - 05:02 AM Glad we could help. Ad-Aware AAWTray.exe is disabled!

To learn more and to read the lawsuit, click here. Re: Please Help! Back to top #4 dotmafia dotmafia Member Full Member 36 posts Posted 18 May 2010 - 10:53 AM Rocket Grannie, thanks so much for your invaluable help. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with

Your computer CAN be fixed. Please please help!! Welcome back.Your logs reveal an information stealing trojan.I would counsel you to disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. https://community.mcafee.com/thread/21828?tstart=0 If you detect the presence of Win32/Nuqel.E on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Win32/Nuqel.E.

Hijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:39:34 AM, on 19/05/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: When I ran it agian it DID NOT DETECT IT. As well as cookies.Contains macros - some are eg spreadsheets but i have site grabbed files which show this; I deleted them to be on the safe side.Password protected - I Each reply must be approved by a resident expert before posting them to you.Be sure to follow all my instructions carefully!

If I have helped you then please consider donating to continue the fight against malware Back to top #3 schrauber schrauber Mr.Mechanic Malware Response Team 24,794 posts OFFLINE Gender:Male Location:Munich,Germany If we have ever helped you in the past, please consider helping us. Over $68,000 in prizes has already been given out to active posters on our forum. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 schrauber schrauber Mr.Mechanic Malware Response Team 24,794 posts OFFLINE Gender:Male Location:Munich,Germany Local time:07:20 AM Posted

You may need two posts to fit them all in.Make sure you move BOTH logs to your USB and post back the results. 0 #3 crosby44 Posted 19 May 2010 - http://lsthemes.com/infected-with/infected-with-anti-malware-doctor-with-trojan-horse-cryptic-apo-and-win32-psw-wow-now-and-win32-fraudpack-bagn.html c:\users\User\AppData\Local\syssvc.exe . ((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 ))))))))))))))))))))))))))))))) . 2010-05-18 15:32 . 2010-05-18 15:32 -------- d-----w- c:\users\User\AppData\Local\temp 2010-05-18 15:32 . 2010-05-18 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-18 14:53 . 2010-05-18 Copy and Paste that log into your next reply.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK for either of Some forums can only be seen by registered members.

A case like this could easily cost hundreds of thousands of dollars. I'm not that great with computers, so my knowledge is limited about what to do. It will make it easier for you to follow the instructions and complete all of the necessary steps.Please download Rkill by Grinler from one of these links:Rkill.exeRkill.comRkill.scrRkill.pifSave Rkill to your Desktop.Double-click check over here Here is how i got rid of it:Reboot computer hitting f12 click on safe mode.go to programs,accessories, system tools, system restore.restore to a previous date before virus entered systemGo to programs

scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Hijack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:39:34 AM, on 19/05/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: If an update is found, it will download and install the latest version.4.

Back to top #8 dotmafia dotmafia Member Full Member 36 posts Posted 22 May 2010 - 07:07 PM MBAM Log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 6.0.6002 Service Pack

If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk I also, undid all the proxy settings etc on all my browsers.I was able to got to Mcafee and downlaod the latest software. What do i DOO!!? OTListIt.Txt and Extras.Txt.

If you think you may already be infected with Win32/Nuqel.E, use this SpyHunter Spyware dectection tool to detect Win32/Nuqel.E and other common Spyware infections. Operating Systems ▼ Windows 10 Windows 8 Windows 7 Windows XP See More... Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. http://lsthemes.com/infected-with/infected-with-antivirus-soft-and-bankerfox.html Sigh...

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Win32/Nuqel.E and other threats. OP seems to already know what the problem is but just can't figure out how to fix it. Contents of the 'Scheduled Tasks' folder 2010-05-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 04:18] 2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 07:19] 2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 07:19] . to prevent scammers and spammers harvesting your internode.on.net email address.

Do you want to activate your antivirus software now?"As well as another "Antivirus software alert" pop up on the bottom right hand corner of the screen that asks if i want Unfortunately it is not allowing her to access the internet which is why I am posting for her. Error - 20/05/2010 05:55:34 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: with Register now!

If it's any consolation, AVG (fully paid up, says everything's working) missed it too.A few thoughts --I ran 'search' from windows to look for any .exe file on the same day, Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Please turn JavaScript back on and reload this page. I'd pop the drive out and scan it on another system that has a good antivirus program installed with the latest definitions.

scanning hidden files ... About Wiki-Security Contact Wiki-Security EULA Terms of use Privacy policy Disclaimers City-Data Forum > General Forums > Science and Technology > Computers Win32/Nuqel.E and/or BankerFox.A (CD, flash, reinstall) uStart Page = hxxp://www.cnn.com/ mStart Page = hxxp://en.ca.acer.yahoo.com uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing Error - 18/05/2010 16:42:34 | Computer Name = HOME-94B5274B58 | Source = DCOM | ID = 10010Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Back to top #6 dotmafia dotmafia Member Full Member 36 posts Posted 22 May 2010 - 04:00 AM Rocket Grannie, here is my Security Check log and Hijack This log. Computing.Net cannot verify the validity of the statements made on this site. Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK for either of the prompts and let MBAM proceed with the