grfloyd
worm.win32.netsky has attacked my computer!
Started by
grfloyd
, Jan 09 2010 05:33 PM
#1
Posted 09 January 2010 - 05:33 PM
grfloyd
#2
Posted 11 January 2010 - 06:18 AM
Download OTL to your desktop.
Please download GMER from one of the following locations and save it to your desktop:
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under the Custom Scan box paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and re-enable all active protection when done.
#3
Posted 11 January 2010 - 01:36 PM
Thank you for your response. The problem with me downloading anything is that the virus will not allow me to access any websites except the malware website that it directs me to. It says that the website can not be loaded because it contains malicious material. Is their either A) A way around this so that I can get on the internet or B) A program that I can download to an external hardrive that I can move over manually? (I have another computer that is working fine.)
Thanks,
grfloyd
Thanks,
grfloyd
#4
Posted 11 January 2010 - 01:38 PM
Do you have access to a clean computer to download files to and then transfer them across?
#5
Posted 11 January 2010 - 01:44 PM
yes, I've just had some problems when I was trying to do that. However, I am no professional so I was probably doing something wrong. I will try putting them on my external and transfering them. Where should I go to download this?
#6
Posted 11 January 2010 - 01:47 PM
If you can get to another computer then this would work for downloading the files, you can put them on a cd or memory stick and then transfer them to the desktop of the infected computer.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users