Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! Ultradefragger and trojan.Gen.2 removal [Closed]


  • This topic is locked This topic is locked

#61
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

....ok so left the computer overnight - did as requested - made the iso boot disc - turned on the computer, put the disc straight in - and it has booted into the normal screen - was that supposed to happen????

I think so. :rolleyes:

So what are current problems/issues with your computer? Can you connect to network, can you browse etc.?
  • 0

Advertisements


#62
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I didn't connect the internet, just ran without connection - windows launched, and sent me to my log in screen - I logged in and then as i said the only other thing I have done is disable nero scout? go figure! No idea how it decided to just launch!! So, as I said - should I run chkdisk, or while it seems to be back do i attempt to run combofix again?
  • 0

#63
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...oh and it didn't send me through any blue screen or give me any other options such as repair windows or anything, just opened straight up, as if nothing had ever happened!
  • 0

#64
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please don't run Combofix again. As for NMIndexStoreSvr.exe error you can read about this issue here. It is not malicious process.

First try to connect to internet and then launch your favourite browser to see if you can surf the web.
  • 0

#65
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
ok, will have to disconnect from this computer!
  • 0

#66
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...could connect to internet - went to google then edmodo, worked ok...but couldn't run internet straight from desktop and I have a warning that the firewall has been turned off
  • 0

#67
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

but couldn't run internet straight from desktop and I have a warning that the firewall has been turned off

We will deal with these later.

Posted Image Malwarebytes' Anti-Malware

Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#68
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...cool will do, should I attempt to do this with or without internet connection?
  • 0

#69
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Roanna :: ROANNA-36A94C04 [administrator]

30/05/2012 7:32:28 PM
mbam-log-2012-05-30 (19-32-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242055
Time elapsed: 26 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Roanna\Local Settings\Temp\tmzzyawysrzyjkfsfl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roanna\Local Settings\Temp\e3gDJZhFTVDZgy.exe.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
  • 0

#70
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Unfortunately NMIndexStoreSvr.exe popped up again after the restart and also can't exit any usb "safely" as it always says a program is still accessing it...ok well then what's next?!
ta
  • 0

Advertisements


#71
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

should I attempt to do this with or without internet connection?

With.

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#72
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Still running - found 5 threats so far!
  • 0

#73
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#74
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...ok so in the middle of the scan it has detected "malicious software" which demands a system re-boot and has requested to perform a "special disinfection" do I allow or say no and just delete as i have the other files? It is now up to 13 threats!
Thanks
  • 0

#75
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
btw I attempted to just delete and it wouldn't, now its giving me two options either disinfect or skip - it is called/labelled MEM:Rootkit.Win32.Sst.b
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP