WiredWX Hobby Weather ToolsLog in

 


bankerfox.a and win32/nugel.e viruses

3 posters

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
Actually, leave booting from disc for now, I've still got some old(er) tricks to use.

Please download Ice Sword from HERE

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
I copied the file to my desktop from a flash drive. I right clicked on the icon and selected extract all files, It brought up the extraction wizard windowwhich i selected "next" twice and i get an error message of
"no files to extract."

I doubled clicked on the icon and it gives me an error message of "The compressed (zipped) folder is invalid or corrupted."

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
What's the next trick up your sleeve?

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
Hi, Smile...

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Then try OTL.

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
exeHelper by Raktor
Build 20100414
Run at 15:47:50 on 07/18/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Is this what you are looking for?

I tried to run otl but got same error message, "otl.exe is not a valid win32 application."

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
ETA: You know all this started when i purchased a belkin wireless router n-150 to replace my linksys that i thought was broken. Thr belkin router would not work correctly with my dell inspiron laptop (now infected computer). After about four calls to their cust serv and many changes to the laptop to accomodate the router i plugged up my old linksys and the router was working. So i took back the belkin to walmart and a bout a day later i was infected.

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
Although i did get the error message from trying to start otl...my desktop is now blank with the ot helper box....i selected start otl but haven't noticed anything occurring yet.

how long should it take otl to run if it is running?

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
Hi, Smile...

Please hold CTRL+ALT+DEL and go to Task Manager.

Once in task manager please hit 'New Task' and type 'Explorer.exe' then your desktop should pop back up.

If so, please do this:

Please download ComboFix bankerfox.a and win32/nugel.e viruses - Page 3 Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

bankerfox.a and win32/nugel.e viruses - Page 3 Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
bankerfox.a and win32/nugel.e viruses - Page 3 RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
error message for the name i'm typing in the run box

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
Hi, Smile...

Try typing %windir%\explorer.exe

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
that worked but it brought me to the my documents window, is that right?

when do i run commy.exe?

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
Hi, Smile...

Please run it now.

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
Ok here it is.....


ComboFix 10-07-16.02 - Bubba Clemons 07/18/2010 20:39:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.191 [GMT -5:00]
Running from: c:\documents and settings\Bubba Clemons\Desktop\commy.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\BUBBAC~1\LOCALS~1\Temp\svchost.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\pthreadVC.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-14 16:13 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 19:54 . 2010-07-10 19:54 -------- d--h--w- c:\windows\PIF
2010-07-07 11:26 . 2010-07-14 16:02 -------- d-----w- c:\documents and settings\Bubba Clemons\Local Settings\Application Data\uytxiyaxo
2010-07-06 14:19 . 2010-07-06 14:19 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-06 14:19 . 2010-07-06 14:19 -------- d-----w- c:\program files\MSBuild
2010-07-06 14:19 . 2010-07-06 14:19 -------- d-----w- c:\program files\Reference Assemblies
2010-07-06 14:18 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-06 14:16 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-06 14:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-06 14:16 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-06 14:16 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-06 14:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-06 14:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-06 14:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-06 14:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-06 14:16 . 2010-07-06 14:18 -------- d-----w- C:\afa241a5b34af12c39432e9dd1765d2d
2010-07-06 05:02 . 2010-07-06 05:22 -------- d-----w- c:\documents and settings\Bubba Clemons\Local Settings\Application Data\Deployment
2010-06-29 19:01 . 2010-06-29 19:01 -------- d-sh--w- c:\documents and settings\Bubba Clemons\IECompatCache
2010-06-25 12:54 . 2010-06-25 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Belkin
2010-06-24 21:17 . 2010-06-24 21:17 -------- d-----w- c:\program files\Belkin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 20:53 . 2007-11-24 23:16 -------- d-----w- c:\program files\lx_cats
2010-07-08 01:46 . 2010-05-23 20:35 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-07 14:41 . 2006-01-05 12:39 45408 ----a-w- c:\documents and settings\Bubba Clemons\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-06 05:26 . 2006-04-05 23:10 56 --sh--r- c:\windows\system32\130AF31ACE.sys
2010-07-06 05:26 . 2006-04-05 23:10 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-30 21:58 . 2008-07-01 16:39 46 ----a-w- c:\documents and settings\Bubba Clemons\jagex_runescape_preferences.dat
2010-06-30 21:58 . 2009-09-02 20:40 99 ----a-w- c:\documents and settings\Bubba Clemons\jagex_runescape_preferences2.dat
2010-06-22 21:38 . 2010-06-22 21:38 303443 ----a-w- c:\documents and settings\All Users\SPLB.tmp
2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 01:59 . 2010-06-04 01:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 01:29 . 2010-06-04 01:29 324140 ----a-w- c:\documents and settings\All Users\SPL1D.tmp
2010-05-07 20:50 . 2010-05-07 20:50 0 ----a-w- c:\documents and settings\Bubba Clemons\jagex__preferences3.dat
2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-26 02:09 . 2010-04-26 02:09 44872 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-20 05:30 . 2004-08-10 17:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-12-24 21:00 . 2006-12-24 21:00 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2005-08-24 393216]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-08-01 610304]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-11 2048352]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-6 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-26 20:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Lexmark 3400 Series\\lxcymon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcypswx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/11/2008 2:20 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/11/2008 2:20 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/11/2008 2:19 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/11/2008 2:19 PM 297752]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 SQTECH913D;Photo Frame;c:\windows\system32\drivers\Capt8080.sys [12/23/2007 6:58 PM 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Bubba Clemons\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-pvgxhhpi - c:\documents and settings\Bubba Clemons\Local Settings\Application Data\uytxiyaxo\kfyuxwytssd.exe
HKLM-Run-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-pvgxhhpi - c:\documents and settings\Bubba Clemons\Local Settings\Application Data\uytxiyaxo\kfyuxwytssd.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-18 21:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcycoms.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WLTRAY.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-07-18 21:13:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-19 02:13

Pre-Run: 2,367,614,976 bytes free
Post-Run: 5,424,795,648 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0824F890580C347C2DDA7ACC7C34DA51

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
Hi, Smile...

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    Folder::
    c:\documents and settings\Bubba Clemons\Local Settings\Application Data\uytxiyaxo

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    bankerfox.a and win32/nugel.e viruses - Page 3 Cfscriptb4

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==========

bankerfox.a and win32/nugel.e viruses - Page 3 Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
On the malware site, the link said page not found....will this download fit on a 1gb flash drive?

descriptionbankerfox.a and win32/nugel.e viruses - Page 3 EmptyRe: bankerfox.a and win32/nugel.e viruses

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum