[grfloyd]

Hi, it looks like my computer has recently been infected with worm.win32.netsky. At least that's what the initial warning when I try to start it up says, I'm assuming that it's not a fake warning. It causes numerous popups and other windows security alerts that all try to route me to buying some software to clean it up. I'm guessing that those ARE fake. I haven't been able to follow any of the existing threads because this worm is stopping me from doing simple processes like accessing registry's, add/remove options and even accessing the internet. Any help on removing this from my computer would be greatly greatly appreciated! Thanks.

grfloyd

[Advertisements]

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  c:\$recycle.bin\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  nvstor32.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  explorer.exe
  svchost.exe
  userinit.exe
  qmgr.dll
  ws2_32.dll
  proquota.exe
  imm32.dll
  kernel32.dll
  ndis.sys
  autochk.exe
  spoolsv.exe
  xmlprov.dll
  ntmssvc.dll
  mswsock.dll
  Beep.SYS
  ntfs.sys
  termsrv.dll
  sfcfiles.dll
  st3shark.sys
  ahcix86.sys
  srsvc.dll
  nvrd32.sys
  /md5stop
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

[chamber]

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  c:\$recycle.bin\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  nvstor32.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  explorer.exe
  svchost.exe
  userinit.exe
  qmgr.dll
  ws2_32.dll
  proquota.exe
  imm32.dll
  kernel32.dll
  ndis.sys
  autochk.exe
  spoolsv.exe
  xmlprov.dll
  ntmssvc.dll
  mswsock.dll
  Beep.SYS
  ntfs.sys
  termsrv.dll
  sfcfiles.dll
  st3shark.sys
  ahcix86.sys
  srsvc.dll
  nvrd32.sys
  /md5stop
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

[grfloyd]

Thank you for your response. The problem with me downloading anything is that the virus will not allow me to access any websites except the malware website that it directs me to. It says that the website can not be loaded because it contains malicious material. Is their either A) A way around this so that I can get on the internet or B) A program that I can download to an external hardrive that I can move over manually? (I have another computer that is working fine.)

Thanks,

grfloyd

[chamber]

Do you have access to a clean computer to download files to and then transfer them across?

[grfloyd]

yes, I've just had some problems when I was trying to do that. However, I am no professional so I was probably doing something wrong. I will try putting them on my external and transfering them. Where should I go to download this?

[chamber]

If you can get to another computer then this would work for downloading the files, you can put them on a cd or memory stick and then transfer them to the desktop of the infected computer.