Infected with Win32/Nugel.E and Bankfox a

McLeonardRN,

Try this:

Remove the Proxy setting in Internet explorer and/or in FireFox.

In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

Click the apply button and restart that computer in normal mode.

OK here is the log, things definitely running better.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2010 5:11:36 PM
mbam-log-2010-06-30 (17-11-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 244174
Time elapsed: 59 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pctuhnio (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Melissa\Local Settings\temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

That looks like the Malwarebytes log. I need the log from ESET please

oh, sorry, and never mind what I said before, as now it seems to be Baacckkk.

Argh! Alright, let's see what the ESET says and we'll go from there.

OK here is the right log this time! I will also say I ran the ESET scanner once before, everything was supposedly quarantined, I couldn't find the log to post, and then my computer was back to the same old tricks 1 day later.


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ac78e3800069154e9c01256e6267aacc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-05 11:51:16
# local_time=2010-07-05 07:51:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118607
# found=1
# cleaned=1
# scan_time=5522
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\85CUYG56\ormey[1].jar a variant of Java/TrojanDownloader.Agent.NAL trojan (deleted - quarantined) 00000000000000000000000000000000 C

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Ok, ran it and it automatically rebooted. Nothing to post though, right???? anything else I should be doing???

thanks again

How are things running now? Any more issues?

Hi Crush, I gave it a few days, and its back. I have already run Malware bytes. When I scan with Norton antivirus, it seems to run on the internet explorer history scan forever and I have to shut it down via task manager, so that is not running correctly either.
is there a way to remove this manually? I see some posts online about this. It is driving me crazy.
thanks for all your help

Hi,

Crush is having some computer issues and will be back ASAP to assist you.

Sorry for the inconvenience,
Sneakyone

Hi,

Sorry for the delay. Can you post the most recent log from Malwarebytes please?