Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus: Worm.Win32.NetSky 2/2011


  • This topic is locked This topic is locked

#16
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

OK there is another option that is being trialled at the moment

Download rogue killer from here to your desktop

Run the programme in normal mode - you may need to try this several times, any popups from the virus leave open do not close them



Press 1 on this screen and a notepad will open please post that


The problem with doing this procedures is... As the 1st window appears... it also, immediately starts going thru my registry.... and because of this... I immediately stop the 1st window.... so, I am very concerned about doing this..... so, please confirm if you still want me to do this....

Second... I can send you the original file I received the virus from... I know where & what & when I opened it..... do you want this so you can put it on a "test computer".. and see what it does?

Third... When I restart my computer in normal now (after the 1st attempt)... the "virus window".. no longer "starts".. but, I am unable to run any malware cleaners... so, I am not sure the "rogue cleaner" will work, but I will try...

Edited by Matt633rle, 23 February 2011 - 12:31 PM.

  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I must admmit I will be interested to see what the new programme reports. Initially it will just be doing a scan

So once we have the OTL log and I am looking at it could you try the rogue killer in normal mode and
A) see if it runs
B) let me see any log it can produce
  • 0

#18
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Yes....
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could Zip and upload the file I will take it and then remove it from your post. The author of rogue killer is now following this thread :D
  • 0

#20
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I can forward it to an email address only... I still have the original email that caused this... please advise what email address.
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will PM

What progress so far ?

We are currently getting a standardised set of instructions for this - the main point so far

Option 1 (SCAN)

In this mode, the program will only kill the infectious process and inform the user of the infected registry keys, but no changes shall be made. In this way you can safely generated report and post it


  • 0

#22
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Status so far..... I am unable to restart OTL.... it is booting from CD.. BUT... it is taking me to drive C: (I have to main drives..) I have attempted now, 15 times... still trying to get to your program on the disk...
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is you main drive ?

Does the reatogo desktop come up ?
  • 0

#24
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

What is you main drive ?

Does the reatogo desktop come up ?


The main drive is C:.... , NO, I cannot get reatogo desktop to come up now.......

My second drive is D;... upon reboot, I have my system set up to give me the option of which drive I want to access, then by default (after 30 sec) it defaults to C:.... that is what it is doing.. When I "am able".. to press "enter".. at the prompt "Boot from CD"... it is as if it is not "recognizing" my "keyboard entry"... so I went into BIOS to check... and it seems to be fine....

So.. "when I am able to press enter"... at the prompt "Boot from CD"... I press "enter"... it waits the 15 sec (default).. and (because I pressed enter).. it is going to my Drive C:... the 1st option on my list.....

FYI (my internet provider seems to be up and down... so if I don't respond right away... they are working on it., so please bare with me.)


Ok.. tried again... for sure... it is not "accepting my "enter' at the prompt.... Boot from CD"... so, I do have access to BIOS... what can I check in there....? And/or... I can go into safe mode.. do you want me to attempt to run the "Rogue Killer"?

Edited by Matt633rle, 23 February 2011 - 01:59 PM.

  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try safe mode and see if you can run rogue killer from there please
  • 0

Advertisements


#26
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok
  • 0

#27
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Could you try safe mode and see if you can run rogue killer from there please



ok.. in safe mode w/networking... here is the file...

Another question... can I "run the CD".. from this mode....

Attached Files


Edited by Matt633rle, 23 February 2011 - 02:12 PM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it has Identified it - now before I run the removal element could you downlod, and run OTL for me in safe mode with networking ( a bit of belt and braces here)

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#29
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
sorry... can't run it....

Edited by Matt633rle, 23 February 2011 - 02:26 PM.

  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets go for it then, Run rogue killer and select option 2, once done then retry OTL please

Option 2 (Delete)

In this mode, the program will also kill the infectious process, but also target registry keys allowing the rogue to restart at startup and delete them.

Furthermore, if among these registry keys a proxy was found (IE or Firefox),RogueKiller will prompt the user if he wants to keep it or not. A proxy is not necessarily malicious!
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP