Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: BankerFox a &; Win32/nuqel Trojan

  1. #1
    Junior Member
    Join Date
    Jan 2011
    Posts
    28

    BankerFox a &; Win32/nuqel Trojan

    This nubee computer user needs help removing this virus--Am running xp, broadband on the infected computer, my other computer is not infected. I read on another site to stop this "Process" in Win task Master. I have task mgr. up but don't have a clue which one to stop! I cannot access the internet or anything else. From my other computer i have d/loaded and installed Spyware Doctor (claims it can remove the virus) via flash drive, but the virus won't let me use it. How can i stop the BankerFox process and use something to remove this virus? Whatever answers you give please remimber, i'm new at this so please discribe all steps. thanks to all.

  2. #2
    Administrator GT500's Avatar
    Join Date
    May 2010
    Location
    Fortville, Indiana, USA
    Posts
    32
    Please download Rkill from one of the following seven links:

    Save all of those 7 onto your flash drive, and then try to run one of them on the infected computer. If the infection blocks it, then try one of the others. After running it, please try to install and run Malwarebytes' Anti-Malware (you can use one of the three links below to download it if needed), run the update, then run the Quick Scan and remove anything it finds. If it works, attach the log to a reply. If it does not work, then let me know, and we can go from there.


    Sometimes you have to run Rkill multiple times before it terminates all malicious processes. Also, Rkill's effect is temporary, and if you restart your computer before you run the scan with Malwarebytes' Anti-Malware then you may have to run Rkill again before you can run Malwarebytes' Anti-Malware.
    For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...

  3. #3
    Junior Member
    Join Date
    Jan 2011
    Posts
    28
    Ok--I'll get started.

  4. #4
    Junior Member
    Join Date
    Jan 2011
    Posts
    28
    After trying several, i finally got Rkill iExplore.exe to work.After running Malwarebytes' Anti-Malware the results below were removed. All seemes ok..is this likely to return later by itself or gone until the next bad website (in my case it was YouTube).
    Malicious software found:
    1- c:\doc&settings\local settings\temp\otlkeonp\ebenpjxuerb.exe
    2- HKEY_current_user\software\microsoft\windows\curre ntversion\run\femmqmab
    3- HKEY_current_user\software\microsoft\windows\curre ntversion\ext\stats\{ld4db7d2-6ec9-47a3-bd87-1e41684e07bb
    4- c:\doc&settings\localsettings\temp\2.2125130675693 7e7.exe
    5- c:\program files\dynamic toolbar
    6- HKEY_current_user\software\microsoft\security center\antivirus disable notify
    7- HKEY_current_user\software\microsoft\security center\firewall disable notify
    8- HKEY_classes_root\regfile\shell\open\command\[default]

  5. #5
    Administrator GT500's Avatar
    Join Date
    May 2010
    Location
    Fortville, Indiana, USA
    Posts
    32
    OK, lets run some checks to make sure that everything is gone. Please run RSIT by following the steps below:
    1. Download Random's System Information Tool (RSIT) by random/random from this link.

    2. It is important that is saved to your desktop (please do not click 'Run' when downloading).

    3. Double click on the icon on your desktop for RSIT to run it.

    4. Click Continue at the disclaimer screen.

    5. Once it has finished, two logs will open in separate Notepad windows. Please copy and paste the contents of both log.txt (<<-will be maximized) and info.txt (<<-will be minimized) into a reply. Note that you can also save the logs on your desktop and attach them to a reply.
    For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...

  6. #6
    Junior Member
    Join Date
    Jan 2011
    Posts
    28
    I earlier spoke too soon. After a reboot my home page came back up &am able to connect all links on that page. But i cannot access any other web site. ONLY MY HOME PAGE.!---I will not be able to install the RSIT on my desktop. So what next?

  7. #7
    Administrator GT500's Avatar
    Join Date
    May 2010
    Location
    Fortville, Indiana, USA
    Posts
    32
    Try running the Rkill again (run it as many times as needed), and then see if you can download ComboFix from this link, save it on your desktop, turn off your anti-virus software, and run the ComboFix download that you had saved on your desktop.

    Combofix will ask you a few questions (such as whether or not you want to install the Windows Recovery Console), give you some general warnings about not using it without supervision, and it will give you some general information about the tool. Please note that the Windows Recovery Console is not required to run ComboFix, and that you do not need it if you have a Windows XP disk (or if you have another version of Windows, then a disk for that edition of Windows).

    ComboFix usually takes about 10 minutes to run, unless your computer is heavily infected. It will run through about 50 different stages (listing them all on the blue window that popped up while it was running), and if it does not advance to the next stage after about 10 minutes then that is usually a sign that your anti-virus software is interfering with it.

    Once ComboFix is done, it will remove anything that it knows is malicious, and restart your computer. If it didn't find anything malicious, then it will skip that step. The final step takes a few minutes, and when it is done it will open a log in Notepad. Please either copy and paste this log into a reply, or save it on your desktop as a Text Document and attach it to a reply. Please do not take screenshots of the log, or save it as a Word Document.
    For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...

  8. #8
    Junior Member
    Join Date
    Jan 2011
    Posts
    28
    I do not have the XP disk -- i don't know anything about reinstalling a system--is this going to get complicated?

  9. #9
    Administrator GT500's Avatar
    Join Date
    May 2010
    Location
    Fortville, Indiana, USA
    Posts
    32
    Only if something goes horribly wrong. Normally that doesn't happen, however you can allow ComboFix to install the Recovery Console which should allow us to repair any problems caused if something does go wrong. If you do not allow ComboFix to install the recovery console, then it will not attempt to remove anything that could potentially break things.

    It is also possible that there is a rootkit infection such as TDSS/TDL3/TDL4, in which case TDSSKiller can be used to remove it. Note that while ComboFix can remove TDSS and TDL3, it has trouble with many variants of TDL4, and thus TDSSKiller would most likely be required if there is a TDL4 rootkit on your computer.

    There are other ways to wipe out such a rootkit, but these are the easiest and safest.
    For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...

  10. #10
    Junior Member
    Join Date
    Jan 2011
    Posts
    28
    OK, i'll start with the ComboFix. thanks--i'll get back to you later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •