Nugel.E/BankerFox.A Trojan

I would greatly appreciate any help that any of you can give me!
I have been trying to fix my friend’s PC.
I have searched the net for hours and hours seeking information and advice.
I have read your “sticky threads” and done everything recommended.

He had an older version of Avast (4.8) which we ran until figuring out that the virus re-wrote itself just as fast as the AV could scan. I finally learned how to uninstall in Safe Mode with aswclear.exe. I installed the new (6.0) version and scanned again, deleted all infected files and running the Boot Scan (deleting all files).

No luck. :cry:

I have been using “my” PC to download files onto a flash drive to install onto his. Nothing will install, nothing will run. Ctrl+Alt+Del won’t work. I was able to install the latest version of Malwarebytes (and many other similar programs prior to this) and ran it (them) successfully in Safe Mode (or so it seemed- until restarting). I am not able to upgrade any AV Software, as his PC cannot access the internet (though, updating shouldn’t be the problem as this seems to be an older type of Trojan anyway).

Based on everything I have learned…it seems I have only two options. Reformat??? Or go through every single Registry file (as listed on other sites) one by one, hoping I don’t accidently screw something up in the process???

Please tell me there may be another option? :-\

Thank you again, for your help (& apologizing for my stupidity).

Try this…if you can run them ?

Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en
How to use Dr.Web http://www.freedrweb.com/cureit/how_it_works/?lng=en
Norman Malware Cleaner http://www.norman.com/support/support_tools/malware_cleaner/

Download to USB stick and move over to the infected computer, the programs are fully updated when you download them…
They are not installed so can be run from the USB stick or you just put them on the desktop and run from there…
Can also be run in Safe Mode

OBS: Norman is a thorough but slow scanner, you can speed it up by untic “Scan archives”

There is a proposed cleansing routine for this found up here: http://webcache.googleusercontent.com/search?q=cache:QQGB2aBKnasJ:www.geekpolice.net/t21364-bankerfoxa-and-win32-nugele-removal-help+Nugel.E/BankerFox.A+Trojan&cd=3&hl=nl&ct=clnk&gl=nl&source=www.google.nl
The MBAM and ATF cleaner routine there could be performed as given in the link, then top off the cleaning with removal of the proxy setting in the browser as explained further down in the link. All this after you followed up Pondus’s suggestions,

polonus

Thank you both very much for your kind assistance.

Pondus, I did as you suggested. Multiple scans with Dr.Web show no infection (?), Norman finds them and deletes them (as all the others have done). But as with everything else I have tried, the problems remain.

Polonus, I will register on that site and try your suggestion later after I get some sleep.

Thanks again!

Hi there does it stop programmes from running or can you run analysis programmes ?

From safe mode run the following programme

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

I just wanted to let you know that this was my friend’s Business PC and that he decided to take it in somewhere to get it fixed. Consequently, I no longer need your assistance.

I’ve never had a virus on my personal PC, but if I ever do have problems I will be thinking of you guys!

Thanks again, very much for your kind and very generous help!

Have a great day, all! :slight_smile:

No problems ;D