Attack from revolving IPs; Bankerfox.a and Win32/Nuqel.E viruses

[kentcleigh]

My current version of Avast has been rendered helpless.  Laptop is being attacked by a virus identifying itself as one that goes after passwords.  An unidentified antivirus software package pops up on screen for me to "buy" to eliminate the virus/worm/trojan. . . whatever.

Laptop is overrun with antivirus software "out of date" popups approximately every 3-5 seconds.

I ran the most current avast 4.8 for home edition three times, but the problem is not eliminated.  One other symptom is a popup:  "Application can't be executed.  wscntfy.exe is infected"

Can anyone tell me what I need to do.  I can't manually update avast either, though I know for a fact that 5-15 minutes prior to my crash, avast automatically updated.  When I attempted a manual update, avast said it's box is broken.

[Pondus]

An unidentified antivirus software package pops up on screen for me to "buy" to eliminate the virus/worm/trojan. . . whatever.

Can you see a name on this rogue security program? If you can, then we can probably fiend a uninstall guide



check your computer for malware with

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click on "remove selected" to quarantine anything found, and restart

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found you may post the scan logs here

[kentcleigh]

There was no Mfg name of the AV software.  It was a scammer and I didn't download.  I actually tried an immediate closure of any attempt to interrupt my avast AV from running its program.

After some further attempts, I gained access to the avast log.

Avast version 4.8.1368, [VPS 100 129-0] updated automatically.

WARNING queue

Application 3640
Function setifaceUpdatePackages() has failed.
Return Code: 0x20000011,
dwRes is 20000011

[newmann]

I have the same trojan/virus right now.  Speaking dumb, can someone please give me step-by-step instructions as to how to get rid of this thing? 

[Saty]

(edited.....just realized the date)

newmann, can you give the name of the fake AV Scanner?

IM gonna go out on  a limb and post this link.

 try this link for removal instruction, be sure to pay attention to the proxy settting instructions if you having problems with IE8 not connection. (and if you dont know, safe mode networking can found by hitting the F8 key repeatively after shutoff/turn on)

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft


hope this helps. If you have any questions feel free to ask

Please post your malwarebytes log when completed.

Sat

[Mach]

I was hit with this already, a very dangerous virus. syssvc.exe-- win32:FakeAV-ALD[trj] was caught and put into the chest, what was not caught was the other one that slipped by it and rendered my desktop and most of my programs into a non-working agents of doom. I went into the application data file to see what was wrong and noticed this folder.... enlkdawyu which had only this file in it... omublmhtssd.exe

In the temp file there was a video file that could not be deleted, cause it was in use, Perflib_Perfdata_770 and ~DF478D.tmp, whatever that was. The "antivirus" that popped up was called Antispyware Soft. Most of my hard drive has suffered greatly, my chkdsk doesn't work properly now. Along with many other vital programs. I have isolated an unreadable and corrupted file and I have destroyed a decompression bomb, though they were implanted into files that were already on my computer. The unreadable one, I cannot delete. I am still working on trying to get it back to normal, although I did noticed that most of the programs that have the "$" in it is missing and this is the major problem. Hopefully some of this info will help, if not, then I understand your aggressions.

If anyone could tell me on how to get rid of an unreadable, corrupted, file that the system keeps calling a directory, and that has 0 bytes in it, please let me know. 

Thanx, Mach

[Pondus]

If anyone could tell me on how to get rid of an unreadable, corrupted, file that the system keeps calling a directory, and that has 0 bytes in it, please let me know.

do you have Malwarebytes installed ? It has a tool called FileASSASSIN,
top right corner > more tools

[Mach]

I've tried that. The unreadable file, is a folder, sorry about not being clear on that before. I cannot open it.

[rfetested]

I'm with you Mach my sisters computer has the same problem and I don't know where or how to start to remove or clean. Does Avast monitor this board r just leave it here for us to beat around..........I have always liked this product but the lack of immidate support for such a danger is to say the least left one with a very serious bitter taste intheir mouth.

Please post back if you find a cure and I will do the same

[DavesComputerRehab]

I found this file attached to this Fake AV virus. It renders any anti virus unusable and if previously infected prior to installing Avast it will crash your system catastrophically. The file is "xhetomy.sys" . I have searched every where for a reference to this file only to come up empty. I currently am working on 7 machines that acquired this within the past 3 days from supposedly E-Cards. Those stupid little things you get in your Email like "someone has a crush on you" ect. Whet you open the attached link you are prompted to download a Microsoft Access file to view the content  and BAM you get the FAKEAV. I am not positive this is related to your infection. If it is you would be able to run a Scan under SAFE Mode and you will find the above mentioned file. No matter what option you choose, quarantine, delete ect. You will get a respone from Avast saying that a device connected to the system is not functioning properly and then your computer will promply restart. I have tried several Rootkit tools and Malware/Antispyware progs only to end up with an unaccessible OS. Anyone out there come across this??? Besides me?

[llariel]

Try this, is the best restore that you can use:

Use system restore (from boot is better), is the fastest & easiest way to solve this problem. Then scan the computer for posible infections or traces. DONT FORGET TO CLEAN TEMP FILES.

[llariel]

If the recommendation above fails, try this:

1) download and use:   rkill.exe
2) download and use:   Ccleaner (use before scan to avoid scanning of innecesary files)
3) scan with Super Antispyware or Malwarebytes to remove malicious traces or registry entry

[DavesComputerRehab]

If the recommendation above fails, try this:

1) download and use:   rkill.exe
2) download and use:   Ccleaner (use before scan to avoid scanning of innecesary files)
3) scan with Super Antispyware or Malwarebytes to remove malicious traces or registry entry

I tried this as well as the above but when you use rkill it rendered the restore process unusable

[llariel]

You can post some info from your OS? this help us to bring better suggestions in many case.

[llariel]

You can't use system restore? Umm!