GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptionWIN32/Nuqel.E EmptyWIN32/Nuqel.E

more_horiz
My computer has been infected by Win32/Nuqel.E and BankerFox.A

I cannot download anything nor open files such as Open Office or PDFs. I have the latest Windows updates, Adobe Reader 9.3 and the latest automatic Java update.

My computer is an Acer laptop with Windows Vista. Please help me remove this virus/spyware.

descriptionWIN32/Nuqel.E EmptyRe: WIN32/Nuqel.E

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionWIN32/Nuqel.E EmptyRe: WIN32/Nuqel.E

more_horiz
I clicked the OTL link, then clicked the Save File button. Nothing happened. A Security Warning box appears saying "Application cannot be executed. The file searchfilterhost.exe is infected." or "searchprotocolhost.exe is infected."

What am I doing wrong? This is unfamiliar territory for me. Please spell it out even if the answer seems obvious!

Thanks.

descriptionWIN32/Nuqel.E EmptyRe: WIN32/Nuqel.E

more_horiz
Hello.

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now?

descriptionWIN32/Nuqel.E EmptyRe: WIN32/Nuqel.E

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum