windows security alerts, can't open txt files

tearingouthair · Apr 17, 2010

or rather, they open for a split second then close--as does the window when i try to set msconfig for normal startup (per the read-me-first page).

i'm getting constantly repeating windows security alerts (trails of the yellow shield with ! that disappear if i mouse over them).

also disappeared are the add/remove programs and control panel options, which is pretty scary.

so far the alert mostly names the wuauclt.exe file, but it's also mentioned mbam.exe and wmiadap.exe.

i have run malwarebytes and ccleaner in safe mode, and malwarebytes told me i was clean, but...

this is not the first time i've been virused, but it is the first time i haven't been able to get rid of it by using your directions.
i'm not finding anything similar via search engine (maybe i'm not searching properly).
so here i am.

whatever help you can give is of course greatly appreciated.

chaslang · Apr 18, 2010

Welcome to Major Geeks!

You need to complete all of the instructions in the READ & RUN ME and attach the requested logs so that we can help you.

tearingouthair · Apr 18, 2010

i have now seen that the names associated with this virus are bankerfox.a/nuqel and antivirus soft (fake antivirus software).

re: what i've done...
can't run anything except in safe mode.

couldn't install superantispyware +
malware log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.2.3790 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.3790.1830

4/18/2010 4:09:20 AM
mbam-log-2010-04-18 (04-09-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 275859
Time elapsed: 41 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

couldn't run combofix or root repeal 'cause of win64
couldn't run mgtools because of error type 4 (meaning i need to install microsoft net framework, which wouldn't install: "please confirm that package exists")

tearingouthair · Apr 18, 2010

Re: bankerfox.a/nuqel & antivirus soft

i have downloaded and run the "patch" from here
http://www.net-studio.org/eng/patch...re-removal-tool-to-remove-antivirus-soft.html
and it has had an impact, apparently positive. i am no longer in safe mode and have now installed and am running SAS (so far it's found 15 adaware tracking cookies)...
sorry if this is more info than you want.

chaslang · Apr 18, 2010

If you want our help, you must not be doing anything we don't ask you to do. This was stated at the very beginning of the READ & RUN ME.

You must not post inline logs. Please follow the instructions given in the cleaning procedure and ATTACH all of the logs we requested. The below is a direct quote:

Step 3: Do You Still Have Problems

Yes, I’m still having problems

DO NOT run the READ ME again!!!! Please attach your logs as given below.

If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.

Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans

SASlog.txt log from SuperAntiSpyware.

Malwarebytes Anti-Malware log

ComboFix.txt (normally C:\ComboFix.txt)

RRlog.txt (from RootRepeal)

MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

You should attach all of your logs in two messages after you have completed all scans. You need two messages since only 4 attachments are allowed in a single message.

Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.

Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!

Click to expand...

MGtools still runs even if you see that error message. You must not have even looked for the MGlogs.zip file.

tearingouthair · Apr 18, 2010

sorry

i think the problem's solved.
sorry i didn't follow the directions properly.
thanks again for your time.

chaslang · Apr 19, 2010

You're welcome. If you find that you still have a problem, you will need to attach the requested logs. Otherwise perform the below to remove things we installed.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

windows security alerts, can't open txt files

tearingouthair Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

tearingouthair Private E-2

tearingouthair Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

tearingouthair Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member