Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Damage by WIN32/NSAG Virus [RESOLVED]


  • This topic is locked This topic is locked

#16
BLC

BLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Everything seems to be working fine, but I keep finding an infection when I run Ewido.

I ran Ewido -three times. I keep getting the same message. The program says it is cured, but it shows up with every scan. It shows up as Adware.RXToolbar. I am posting the report.

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:20:52 PM, 2/28/2006
+ Report-Checksum: 427F3FE4

+ Scan result:

HKLM\SYSTEM\CurrentControlSet\Enum\USB\Vid_0c76&Pid_0005\27C03740D3208989\\Class -> Adware.RXToolbar : Error during cleaning


::Report End
  • 0

Advertisements


#17
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
See if this will get rid of it:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0c76&Pid_0005\27C03740D3208989]
"Class"=-


Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
  • 0

#18
BLC

BLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I did what you suggested. The Malware is still there. Below is the log from the Ewido scan.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:21:46 AM, 3/2/2006
+ Report-Checksum: 4673C370

+ Scan result:

HKLM\SYSTEM\CurrentControlSet\Enum\USB\Vid_0c76&Pid_0005\27C03740D3208989\\Class -> Adware.RXToolbar : Error during cleaning
C:\Documents and Settings\bruce\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup


::Report

Does this problem pose any potential problems with e-mail or linking up with my computer at work. My station has the controls for our Company Network Server. We have a Microsoft Small Business Server. Our website is hosted on that computer as well as well as our e-mail accounts.
  • 0

#19
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Not sure if it will cause any problems with the emails, but since it's detected, let's remove it.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0c76&Pid_0005\27C03740D3208989 and delete Class

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

Did that work?
  • 0

#20
BLC

BLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
That seems to have done the trick. Everything appears back to normal.

Thank you for all of your help.

With everything out there today, I will probably be posting again with a different problem.

Until then.
  • 0

#21
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP