BankerFox.A and Nugel Trojan-Dropper

[MTW]

We have a computer infected with BankerFox. A Trojan and Nugel.exe.  Kept getting pop ups to purchase AV Suite which is a fake website. 
It took over our Avast and most everything on the computer.   We uninstalled Avast Security Suite and downloaded it again.
Booted in safe mode and cleaned the virus with Avast.


We have used Malwarebytes(updated)
Avast Security Suite(updated)(disabled while running Kapersky)
Kapersky free version
Smitfraudfix(registry cleaner)


They all say they find viruses/spyware and clean them except for the smitfraud found nothing. 
What else can we do to guarantee our computer is totally clean?

Thank you,
Dan and Mary

[Asyn]

They all say they find viruses/spyware and clean them except for the smitfraud found nothing.  
What else can we do to guarantee our computer is totally clean?
Thank you,
Dan and Mary

So did the other scanners find something or not...??
If you are on a 32bit system run a boot time scan with avast..!
asyn

[MTW]

Boot scan is completed, all it found was the smitfraudfix which we downloaded and installed ourselves to clean our registry. 

We did uninstall smitfraudfix before the boot scan and thought these may be left over remnants?  Avast deleted the smitfraudfix files it found on the boot scan.   

After the Avast boot scan deleted the files we performed a final quick scan with Avast which found no viruses.

Updated Malwarebytes again, scanned and it found no malware.

Does this mean we may be rid of the BankerFox.A and Nugel.exe?   

Any suggestions would be most appreciated, we have been working on this for 2 days now.

Thanks a million,
Dan and Mary

[mikaelrask]

i think that did it but if you like an second opion try superantispyware and see it that finds anything else that might malwarebytes have missed.

http://filehippo.com/download_superantispyware/

[Asyn]

After the Avast boot scan deleted the files we performed a final quick scan with Avast which found no viruses.
Updated Malwarebytes again, scanned and it found no malware.
Does this mean we may be rid of the BankerFox.A and Nugel.exe?   

Seems you successfully cleaned you system..!
asyn

[MTW]

Thank you all very much, we will also try the superantispyware just to be sure!

Dan and Mary

[Asyn]

Thank you all very much, we will also try the superantispyware just to be sure!

Dan and Mary

You're welcome..!
asyn

[Kimmon]

I just saw this forum.  I also became infected with BankerFox this morning.  I was protected by Avast freeware which has served me excellently for 3 years. 

This AV Security trojan has blocked access to add/remove programs in my control panel and also nothing happens when I hit control/alt/delete.

I bought Avast 5.0, installed, registered it successfully, but I am blocked also from opening it to run scan of the system.

I contacted Avast Tech Support 4 hours ago and have a ticket number.  I have yet to receive a reply.

Any ideas ?

[Pondus]

I just saw this forum.  I also became infected with BankerFox this morning.  I was protected by Avast freeware which has served me excellently for 3 years.  

This AV Security trojan has blocked access to add/remove programs in my control panel and also nothing happens when I hit control/alt/delete.

I bought Avast 5.0, installed, registered it successfully, but I am blocked also from opening it to run scan of the system.

I contacted Avast Tech Support 4 hours ago and have a ticket number.  I have yet to receive a reply.

Any ideas ?

1. you should have started your own topic
2. have you tried Malwarebytes ?



Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
run quick scan and click on the remove selected button to quarantine anything found
post the scan log here

[Kimmon]

Thanks, I'll try it.  I am new here and this was the first time I ever used these forums.

[Pondus]

Thanks, I'll try it.  I am new here and this was the first time I ever used these forums.

your wellcome......

[Kimmon]

Pondus

I have downloaded Anti-Malware 1.46, but I am blocked from opening or running it.

[Pondus]

I see essexboy is online, he is the expert with this so just wait

[essexboy]

Hi lets get the show on the road - If the OTH/OTL combo do not work then go to plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL  to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
  Select Scan.txt that you downloaded
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
• Click the Internet Explorer button, post these logs in your Virus Removal topic.
  

PLAN B

Please download RKill.com to your desktop
Double click the programme to run it
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate


Then run OTL

[Kimmon]

I tried Plan A & B.  No luck - still blocked.  When I try to open OTH, I get an immediate infected file notice.  Same with RKill.