Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help removing Win32/Nugel.E


  • Please log in to reply
2 replies to this topic

#1 sshay

sshay

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Pennsylvania
  • Local time:07:35 PM

Posted 01 March 2010 - 09:46 PM

I've been working on this laptop all day which is running XP Prof SP 3.
It keeps coming up with alternating messages:

Infiltration Client: it shows an address/port with Win32/Nugel.E or BankerFox.A
I cannot click on any .exe without it saying the file is corrupt.

If I boot in Safe Mode, or if I log in using a different log-in the virus does not pop up.

So far, I've downloaded and ran ccleaner, then I ran Malwarebyte's Anti-Malware

It found 4 items to remove. Removed them, rebooted and tried to log-in nomally with the problem Log-in.

I then downloaded and ran Spybot S&D, it found a few more items to remove.

I then downloaded DDS.scr and saved the log in case someone needs me to post it.
and Combofix.exe and saved those logs.

I thought I had cleared it up after that. I logged in with the problem login and for 15 + minutes
it seemed clear. shut it down and set it up at the user's station and it started up again.

The user can login with another login and he can run all his software and get his work done.

I'd appreciate any thoughts.

Edited by Orange Blossom, 01 March 2010 - 10:56 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 sshay

sshay
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Pennsylvania
  • Local time:07:35 PM

Posted 02 March 2010 - 02:16 PM

Good News, Resolved!
I was able to log in normally with the infected Login name. The virus had a 3 min window before activating and I was able to get Mbam.exe running before it stopped any .exe's from executing.
It found 6 more infected files to be removed. Norton Internet Security then was able to run and found the Trojan.fake.av and quarantined it.

Thanks for all the good information on your site.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 PM

Posted 02 March 2010 - 02:56 PM

Hi, if you don't mind doing it.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users