WiredWX Hobby Weather ToolsLog in

 


descriptionWIN32/Nuqel.E and BankFox.A Removal Help EmptyWIN32/Nuqel.E and BankFox.A Removal Help

more_horiz
Need help removing WIN32/Nuqel.E and BankerFox.A
Thanks Thank You!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:07, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\winupdate.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Skip\Local Settings\Temporary Internet Files\Content.IE5\6E7DCEAP\winlogon[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
O4 - HKCU\..\Run: [lfxc7a135e4j7wvvr49] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\X7NB5HCE.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\WNXZ6MRL.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\LW8NPTSH.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\AD7K903I.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\8XA78DYJ.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\83Y1QTGL.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\4HQ789YV.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\0TMV016F.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1.SH!
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Carol')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Sissy')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Brother')
O4 - HKUS\S-1-5-21-1439906313-1815002781-3652652152-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - S-1-5-21-1439906313-1815002781-3652652152-1007 Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE (User 'Carol')
O4 - S-1-5-21-1439906313-1815002781-3652652152-1007 User Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE (User 'Carol')
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\SYSTEM32\windialup\3080[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\SYSTEM32\windialup\3080[1]\windialup.exe (file missing)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://www.streamchat.com:8000/java/cr.cab
O16 - DPF: {5274A4E6-90C9-11D5-903D-00105AABADD3} (Seagull Web-to-Host Control Module) - http://63.64.171.92/OTC1/seaglw2h.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/060005c6515160c97905/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176258209921
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A81B6F25-EDDA-11D3-85B6-006097109C81} (Ez3d Control) - http://63.64.171.52/mf3270/ocxs/Ez3d.Ocx
O16 - DPF: {A81B6F35-EDDA-11D3-85B6-006097109C81} (Ez3p Control) - http://63.64.171.52/mf3270/ocxs/Ez3p.Ocx
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c9ae63bb926f42) (gupdate1c9ae63bb926f42) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 14370 bytes

descriptionWIN32/Nuqel.E and BankFox.A Removal Help EmptyRe: WIN32/Nuqel.E and BankFox.A Removal Help

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - (no file)
    O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
    O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
    O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
    O4 - HKCU\..\Run: [] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
    O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
    O4 - HKCU\..\Run: [lfxc7a135e4j7wvvr49] C:\DOCUME~1\Skip\LOCALS~1\Temp\gly9hu.exe
    O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\X7NB5HCE.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\WNXZ6MRL.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\LW8NPTSH.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\AD7K903I.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\8XA78DYJ.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\83Y1QTGL.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\4HQ789YV.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.IE5\0TMV016F.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\skip\LOCALS~1\temp\TEMPOR~1.SH!
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O9 - Extra button: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\SYSTEM32\windialup\3080[1]\windialup.exe (file missing)
    O9 - Extra 'Tools' menuitem: Enjoy It - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\SYSTEM32\windialup\3080[1]\windialup.exe (file missing)
    O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionWIN32/Nuqel.E and BankFox.A Removal Help EmptyIt worked

more_horiz
Thanks. I followed the instructions and the BankerFox is dead. :Clapping:

descriptionWIN32/Nuqel.E and BankFox.A Removal Help EmptyRe: WIN32/Nuqel.E and BankFox.A Removal Help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum