Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Security Popups with BankerFox.A and need help please.

  • Please log in to reply
No replies to this topic

#1 chansey


  • Members
  • 8 posts
  • Local time:09:23 AM

Posted 23 January 2010 - 02:31 PM

I had popups stating security issues, one showed a BankerFox.A threat and another one was a Win32\Nugel.E threat, also I had security shields all along the task bar showing different .exe that were infected, and adult websites automatically opening up.

I ran a Malwarebytes scan and it found 3 items, which I followed directions to restart my computer so Malwarebytes could finish.

Now I can not access the Internet at all. I tried to go in and restore the deletes the Malwarebytes quarantined to see if that would allow access to the Internet, but the quarantine section did not have this "Registry Value Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jetwqvmn (Trojan.FakeAlert)"

Here is the log (typed by hand since I'm on a different comnputer) from the Malwarebytes Scan. Any help would greatly be appreciated!!! I run Windows XP

Malwarebytes' Anti-Malware 1.44
Database version: 3617
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/23/2010 10:55:36 AM
mbam-log-2010-01-23 (10-55-36).txt

Scan type: Quick Scan
Objects scanned: 6744
Time elapsed: 3 minutes(s), 12 seconds(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\exlffu\tfqesysguard.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Value Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jetwqvmn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detedted)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\exlffu\tfqesysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users