Win32/NugelE anti-virusLive

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I have suddenly been infected with a nasty which may be called Win32/NugelE
(there is a file called abjsysguard.exe which windows 7 notification has
come up with.)

It is preventing me from using Malarebytes and keeps alerting me to a
supposed virus whch directs me to a web page about Anti-Viruus Live. this is
obviously a scam and I  would like to know how to gt rid of it.

I have started a long scan with MS Security Essentials, which does not seem
to be infected, but wll take ages.
I am having to write this on another computer as the attack has affected my
ability to get on line.

--
Yrs Quilly (Winchester UK)



Re: Win32/NugelE anti-virusLive





Quilljar wrote:
Quoted text here. Click to load it

Try renaming the MBAM executable to something else and they running it.
ie:   mbam.exe  to   better.exe    or   even   better.com    or
yourchoice.exe   or   yourchoice.com.

If no success, you might want to try the free version of SAS
(SuperAntiSpyware) available from SuperAntiSpyware.com.
You may have to rename its excutable also, if it will not run.

Buffalo

PS: Put       anti-virus live      in the search box in Google or another
search engine.



Re: Win32/NugelE anti-virusLive





Quilljar wrote:
Quoted text here. Click to load it

Curious if you are using the pro version of MBAM and was it running in
real-time when you got infected?
Thanks,
Buffalo
PS:  http://www.2-spyware.com/remove-antivirus-live.html

The above page describes how to    manually    delete the "anti-virus live"
trojan.
It sounds pretty simple if you are comfortable deleting entries in the
Registry.

One suggestion was to use   msconfig   and boot into     diagnostic  mode
and then run  MBAM.

However, read the whole page and choose what you want to do.



Re: Win32/NugelE anti-virusLive





--
Yrs Quilly (Winchester UK)


Quoted text here. Click to load it


Re: Win32/NugelE anti-virusLive



Quilljar, no message came through.
Please answer the MBAM question.
Have you looked at the link I provided?
It sounds pretty easy to fix.
Buffalo

Quilljar wrote:
Quoted text here. Click to load it



Re: Win32/NugelE anti-virusLive



Quilljar wrote:

Quoted text here. Click to load it

Will MBAM run okay if you reboot into Windows' safe mode?

Re: Win32/NugelE anti-virusLive



Thanks fo the advice all of which iam trying. /but this is a baaad vius.
Cananyone tell me how to get Windows 7 into safe mode ? the normal way
oftapping F8 does not work.

--
Yrs Quilly (Winchester UK)


Quoted text here. Click to load it


Re: Win32/NugelE anti-virusLive



Quilljar wrote:

Quoted text here. Click to load it

Windows 7 is the same as Windows Vista which is similar to ...

http://www.bleepingcomputer.com/tutorials/tutorial61.html

Maybe you are hitting the F8 too late.  Many pre-built computers shove a
spam splash screen on the monitor.  Ooooh, it's a Dell as if you didn't
know.  As soon as you hit the Reset key to reboot or when you power up, just
keep tapping the F8 key.

Re: Win32/NugelE anti-virusLive



To start in "Safe Mode"

"Start" button>type "MsConfig" in the caption box>Select "MsConfig.exe" from
the list>select "Boot" from the menu tabs>under "Boot Options" select "Safe
Mode" and OK your way out.

--
Sir_George

Quoted text here. Click to load it

Re: Win32/NugelE anti-virusLive



Thanks all you guys, but you have not taken on board that this virus does
not allow me to do anything. I cannot run msconfig or get to safe mode or
any of the simple stuff you have kindly suggested. After half an hour on the
phone with two BT helpline engineers plus their supervisor, I have been
advised that I will have to send my machine back to the makers (not Dell!)
I have 15 years experience of all the MS operating systems as well as Acorn,
Amstrad and Mac.
I have never come across a virus like this one. I hope none of you ever do!
I will give one more try phoning the makers tomorrow, then I guess
I will have to re-install windows 7. I am sending this post on my old Window
XP machine. Thank God I still have it and everything backed up.

--
Yrs Quilly (Winchester UK)


Quoted text here. Click to load it


Re: Win32/NugelE anti-virusLive



Quoted text here. Click to load it

Not a Dell - well, that narrows it down.

...may be called W32/NugelE (or W32/Nugel.E) and the file Windows7
notification "came up with" is abjsysguard.sys? Where did you "come up
with" anti-virusLive as a program (scareware?) name?

Are you googling filenames as a troubleshooting technique?

Had you tried to execute a rootkit detector such as a randomized GMER on
the affected system?
Have you investigated the possibility that whatever gave you the
"malware name" associated with that "filename" was misidentifying a new
entity as an older entity? Have you tried booting to another OS via
cd-rom (LiveCD or Windows7 version of the recovery console)?

It seems a shame to send the unit to the MFG for what practically *has*
to be a software problem.

In the end, reinstalling the OS on a cleaned up (wiped) drive is
probably the best option, but that won't satisfy (y)our curiosity will
it? :o)

How did you obtain the information that you have given us so far?



Re: Win32/NugelE anti-virusLive



Dear All,
I will now eat humble pie and apologize for my panic!
1. I got some information from the large number of warning windows that the
Trojan itself popped up.
2. Like anyone would I Googled for more. BTW when I Googled the name
''Anti-Virus Live' it took me straight to the Scam website NOT the usual
Google list, so I then prefaced my question with the word 'query' which
seemed to fool it. There is a lot of info on the net. I printed out six
useful pages of it.
3. However, thanks to all your reactions I tried yet again to get into
Windows 7 Safe Mode. This is not straight forward but eventually I got it.
Once there, things became much easier. I was able to do a full scan with
Malwarebytes at last, and It cleared the bloody thing out!
I have this morning, in gratitude, purchased the pro version of Malwarbytes.
Thanks to all for your patience and help.


Quoted text here. Click to load it

Re: Win32/NugelE anti-virusLive





Quilljar wrote:
Quoted text here. Click to load it

Happy to hear that it all worked out OK.
Was there a particualr 'trick' you used to finally get into Safe Mode?
Cheers,
Buffalo
PS: Happy to hear you rewarded MBAM by purchasing the pro version.  :)
It was a wise move.



Re: Win32/NugelE anti-virusLive



On 12/20/2009 8:40 AM, Quilljar wrote:
Quoted text here. Click to load it


Glad ypi were able to get the mess cleaned up in the future, you might
try a rescue CD like tej one from Avira

http://www.avira.com/en/support/support_downloads.html

There is an iso file as well as a exe that will create the CD for you.

Other AV companies have rescue CDs as well

There is a pretty good write up here
http://www.raymond.cc/blog/archives/2008/12/11/13-antivirus-rescue-cds-software-compared-in-search-for-the-best-rescue-disk /


John

Re: Win32/NugelE anti-virusLive



Quilljar wrote:

Quoted text here. Click to load it

As mentioned, because you couldn't get into the boot menu doesn't mean you
tried correctly.  So until it was determined that you did the correct
procedure to get into the boot menu and still couldn't would have progressed
to the next type of pest: MBR or boot sector infection.  The solution there
could be as simple as using the install CD to go into Recovery Console mode
and using FIXMBR and FIXBOOT, or having to boot using a CD (that loads a
separate instance of an OS) along with the anti-malware utilities on it.

Quoted text here. Click to load it

What wasn't straight forward?  How did you manage to get to the boot menu to
select Safe Mode?  Is this a pre-built by a well-known brand, like Dell?
They tend to shove fluff in your face at boot that can be confusing to a
user.

Site Timeline