We have a computer infected with BankerFox. A Trojan and Nugel.exe. Kept getting pop ups to purchase AV Suite which is a fake website.
It took over our Avast and most everything on the computer. We uninstalled Avast Security Suite and downloaded it again.
Booted in safe mode and cleaned the virus with Avast.
We have used Malwarebytes(updated)
Avast Security Suite(updated)(disabled while running Kapersky)
Kapersky free version
Smitfraudfix(registry cleaner)
They all say they find viruses/spyware and clean them except for the smitfraud found nothing.
What else can we do to guarantee our computer is totally clean?
Boot scan is completed, all it found was the smitfraudfix which we downloaded and installed ourselves to clean our registry.
We did uninstall smitfraudfix before the boot scan and thought these may be left over remnants? Avast deleted the smitfraudfix files it found on the boot scan.
After the Avast boot scan deleted the files we performed a final quick scan with Avast which found no viruses.
Updated Malwarebytes again, scanned and it found no malware.
Does this mean we may be rid of the BankerFox.A and Nugel.exe?
Any suggestions would be most appreciated, we have been working on this for 2 days now.
I just saw this forum. I also became infected with BankerFox this morning. I was protected by Avast freeware which has served me excellently for 3 years.
This AV Security trojan has blocked access to add/remove programs in my control panel and also nothing happens when I hit control/alt/delete.
I bought Avast 5.0, installed, registered it successfully, but I am blocked also from opening it to run scan of the system.
I contacted Avast Tech Support 4 hours ago and have a ticket number. I have yet to receive a reply.
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
run quick scan and click on the remove selected button to quarantine anything found
post the scan log here
[*]Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
Select Scan.txt that you downloaded
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Click the Internet Explorer button, post these logs in your Virus Removal topic.
PLAN B
Please download RKill.com to your desktop
Double click the programme to run it
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate
[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop. Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Drag and drop this attached scan.txt into the Custom scans and fixes box
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
Thanks for your help. I had to bail out earlier to take care of a business emergency.
Anyway, a colleague of mine who also is a webmaster for several sites has agreed to fix this for me. His skills far exceed mine in this area. Also, his menu of remedies is very similar to yours and he is very familiar with the BankerFox.A problem since he has resolved this for many people.
Start computer in Safe Mode (pressing F8 key) and set an avast boot-time scan (if yoy havent tried this already). Restart computer and let scan run. Move to chest any files brought up in scan.
Then follow directions from Essexboy and see how plan will run
edit - sorry didn’t see second page. Good luck folks.