WiredWX Hobby Weather ToolsLog in

 


BankerFox A infection causing failure to reboot

2 posters

descriptionBankerFox A infection causing failure to reboot EmptyBankerFox A infection causing failure to reboot

more_horiz
Hi all - I need help. I am running an IBM ThinkPad T42 laptop with Windows Xp and AntiVir virus software. Yesterday, I started getting infection messages including BankerFox A virus. My Antivir software says I do not have virus removal tool. After several reboots, now at boot up, windows tries to run but stops half way through and displays screen where you can run in Safe Mode, or Last Known Good Configuration etc. However, I have tried all these options and it keeps repeating the process with unsuccessful boot up. I can only hit the Access IBM to get into the IBM System Restore and Recovery area. Please help.

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





We need to do some diagnostics to get started.

1. Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

2. Download MBRCheck to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


4. In your next reply, please post the following logs for my review:
  • MBRCheck log (2)
  • Cheetah log (3)


Thanks! Smile...

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
Thanks DragonMaster Jay. My predicament is that during boot up, Windows stops the boot from being completed, then displays a error message stating boot up cannot be completed, then it reveats to the page requiring me to select run in Safe Mode, or Last Known Good Configuration (or others) etc. What ever option I select, the same thing happens, so essential boot up cannot be completed. I can download RKill using another computer, but how do I get this onto my infected laptop? Hop you can help?

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Network REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPENet.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
After clicking on OTLPENet.exe, a User Account Control window pops up stating "An identified program wants to access your computer (due to unidentified publicher). When I click Allow, IMGBurn starts up for burn and file extraction begins but then my Kaspersky PURE 9.0.0.192 (Anti-Virus software) displays a message "Potentially Dangerous Program - is being launched - IMG Burn - does not contain a digital signature, and has a high danger rating". Options at this point are: yes (allow), limit (allow but block dangerous operations) or no (bock). No sure whether to proceed, given message.

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
Allow it. Kaspersky products always check to make sure you know what you are doing. It is safe to proceed. Smile...

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
I have changed bios to start CD drive at boot up and have downloaded and installed OTLPLNet. Once in Reatogo-X-PE desktop, when I click on OTLPE icon on desktop, a small grey window opens titled "Browse for Folder", which requires me to select a drive and folder, and press OK or Cancel. Te first time I ran this program, a different window opened with some options, but repeated reboot attempts only opens the "Browse for Folder" window. Don't know how to proceed. Help

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
To add to Post 7, unfortunately I have not updated Java and Adobe Reader prior to running OTLPENet.exe (I don't know if I am running outdated versions). Can I and should I do so at this point, given I am not seeing the image of OTL displayed in the "Read this before posting" post 1 where you paste the code into the Custom Scans/Fixes box?

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
Did OTLPE install successfully on the CD, and is loaded?

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
i've downloaded OTLPE from your link into USB, then opened and burnt onto disk. IMG Burn automatically runs to do burn. Once rebooting, Reatogo X-PE desktop loads. After clicking on OTLPE icon on desktop, the Browse for Folder window opens. I've repeated this process twice from download to disk, but both attempts the same.

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
Do you have the Windows XP cd?

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
XP came pre-loaded on the laptop when I purchased it on ebay. I may have another XP set I've used on another computer, if it is of any use.

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
Is it just a basic XP setup disc, upgrade disc, or diagnostics?

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
I don't have one, but I'll download one and burn to disk, then run. Would you tell me the next few steps to do once I've done this.

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

Then, tell me if you can boot correctly.

descriptionBankerFox A infection causing failure to reboot EmptyRe: BankerFox A infection causing failure to reboot

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum