WiredWX Hobby Weather ToolsLog in

 


descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyWin32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
I have a laptop that is on loan through a public school administration center in another state so I do not have administrator privileges like most people. The school provides the security but that was hijacked when the virus was downloaded. I have tried following instructions to other people but have had no success as either I have no privileges or the virus won't allow me to open the program. Is there ANY help out there for getting rid of these things? :sad:

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.




Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix Win32/Nuqel.E and Banker A virus hijacked my laptop Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Win32/Nuqel.E and Banker A virus hijacked my laptop Query_RC

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Win32/Nuqel.E and Banker A virus hijacked my laptop RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
when I double click on RKill it tells me the application cannot be executed and asks if I would like to activate the antivirus software (which is actually the virus I'm trying to get rid of - Security Suite).

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
ok I got it to run for a few seconds before being hijacked again. It said that it was terminating known malware processes and to please be patient. Then a warning pops up saying it cannot find C:\rkill.log and to run a search for it.

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz


Rkill by Lawrence Abrams (Grinler)
BleepingComputer.com

Terminating known malware processes.
Please be patient.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
pevFind by Billy Robert O'Neal III
Version: 509
Distributed under the Boost Software License, Version 1.0.
(See accompanying file LICENSE_1_0.txt or copy at
http://www.boost.org/LICENSE_1_0.txt)

pevFind contains some code from Info-ZIP, used with permission.
In accordance with Info-ZIP's License, it can be found at
http://billy-oneal.com/infozip.txt
Special thanks to Lucian Wischik's for Zip Utils

Filename regular expressions library is
Copyright (C)1997-1998 by David R. Tribble, all rights reserved.

Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
I had to repeatedly click on the log file until it would let me select all and copy before closing the window. But thats what I got. Any advice?

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
ok. I was able to trick the virus and terminate the process itself immediately upon loading windows. I used my installed anti-virus program (Microsoft forefront) to preform a scan and quarantine the intruder. It doesn't allow me to delete so I have to use this process every time I sign onto the laptop for the time being. I tried the Combofix but it just tells me I don't have administrative rights. Bring it on I'm not going to be able to fix this myself am I?

Blasted coffee shop servers! Evil or enraged

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Then try again.

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
Sadly I fear there is no solution other than returning the computer to the school and paying for repairs Annoyed or Unimpress

I tried rebooting in Safe Networking mode but when I reach the blue Windows screen to load windows there is no account name available to click on (weird I know). It says "click on a name to open account" but there is nothing.

So unless you have further advice thank you for your help up to this point.

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
  • Kaspersky RescueDisk
    If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

descriptionWin32/Nuqel.E and Banker A virus hijacked my laptop EmptyRe: Win32/Nuqel.E and Banker A virus hijacked my laptop

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum