Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BankerFox and Win32/Nuqel.E Help Needed


  • Please log in to reply
4 replies to this topic

#1 zeema

zeema

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 25 April 2010 - 02:39 PM

I seem to have gotten the Banker Fox and Win32/Nuqel.E thing going on my computer. I have Malaware Bytes and RKill installed on this computer from a previous attack. I ran the Malaware and after the scan it said I had to reboot...so I rebooted and nothing happened...just those pesky popups from this infection and now I can't get Rkill OR Malaware to do anything.

I am posting this from my desktop because I can't even get to a webpage...it's been hijacked to go straight to what appears to be a Windows error page (says avexpertsoft.microsoft.com) and now porno pages are popping up. :thumbsup:

Can someone please help me?

BC AdBot (Login to Remove)

 


#2 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 April 2010 - 03:31 PM

Hello zeema,

Did you try doing everything mentioned in the Malwarebytes page located here? Or you could also try this site on how to get Malwarebytes to run successfully.

I would also look at the rkill instructions listed here for several different ways you could try and run rkill.

I noticed that you said you were posting this from your desktop so I am assuming it's another computer that you are having problems with? Are you able to boot into safe mode with networking on the other computer using the F8 method listed here?

You could always download the programs such as rkill, MBAM, and SAS to a flash drive on the good computer, and then then transfer them over to the infected computer starting with rkill, and then MBAM in normal mode if possisble.

Let me know if you have any questions.

#3 adhesq

adhesq

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 April 2010 - 05:32 PM

Hi-

I have what sounds like the same problem that Zeema has. I have been able to get rkill to run a couple of times and the name of the processes that it kills seem to be morphing.


1st time is was Documents and settings\#######\Local Settings\Application Data\bgudssotc\jkihmyatssd.exe
2nd time it was C:\\Documents and settings\#######\Local Settings\Application Data\aexfrwmv\jeidoiwtssd.exe

I have Malware Bytes installed, but even after running Rkill, I can not get it to update.

any suggestions?

Thanks.

#4 adhesq

adhesq

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 April 2010 - 06:55 PM

I kept banging on RKill, and got it to run a couple of more times, then re-installed MBAM, and it downloaded the updates, which then identified some threats, and removed them.

Looks OK for the time being! Thanks for all the detailed help links in your reply to Zeema

#5 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 April 2010 - 07:38 PM

hi zeema,

I just wanted to check on you to see if you've made any progress yet? Let me know if I can help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users