Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
i have been infected by a trojandownloader: Win32/Renos.DZ
it displays pop-ups and random audio clips. it also slows my computer down alot and redirects my search engine.
windows defender finds it but when i maunally remove it, it comes back in about 30 mins.
i am using symantec/norton antivirus and avast antivirus.
I ran GMER and it detected a rootkit. and i am using windows vista.
does anyone know of any ways to help me get rid of this trojan downloader.
Follow these steps in order numbered:
1) Download GMER: http://gmer.net/download.php
[This version will download a randomly named file (Recommended).]2) Disconnect from the Internet and close all running programs.
3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7) Now click the Scan button. If you see a rootkit warning window, click OK.
8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it rapidshare.com. Post the download link to the uploaded file in your post.
9) Exit GMER and re-enable all active protection when done.
Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.
If I'm helping you and I don't reply within 24 hours send me a PM.
0 
thanks for the reply!
i followed the steps 1 - 7 as stated above. i let GMER scan my computer overnight (took a while). when i checked it in the morning, it had restarted itself. so i executed GMER again and it still detected a rootkit(highlighted in red). is there a way to get the scan results, or should i just scan again?
I appreciate all the help.
0
Step 8). Please read directions carefully.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
ok so i ran GMER again, no restart this time. heres the link.
Download Link:
http://rapidshare.com/files/2528795...
MD5: 54B8B3C6C9056FC690D4DF94EC182086
0
Please Re-read Response Number 1 Note:.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
Follow these steps in order numbered:
1) Open Gmer like before.
2) Click on the >>> tab. This will open up the rest of the tabs for you.
3) Click on the CMD tab and make sure CMD.exe is selected.
4) Now highlight the contents of the below codebox and copy it to the clipboard by pressing ctrl+cbjgt0hpt.exe -killall bjgt0hpt.exe -del service MSIVXserv.sys bjgt0hpt.exe -del file C:\WINDOWS\system32\drivers\MSIVXgpwwytdtmirmvovpytpxvmguqylepicy.sys bjgt0hpt.exe -del file C:\WINDOWS\system32\MSIVXvgrwqjxfeuqjbwiitvnosqjxwphxqsqh.dll bjgt0hpt.exe -del file C:\WINDOWS\system32\MSIVXedvykmxcfcpexadxwtpmywdsbdbeeubp.dll bjgt0hpt.exe -reboot
5) Now paste the contents into the top black box in GMER by using ctrl+v.
6) Click Run, the script will run and then your PC will be rebooted.
7) After rebooted, rerun GMER like before and attach the new log.If I'm helping you and I don't reply within 24 hours send me a PM.
0
so i cut and pasted the text repsonse number 7. But, as soon as i clicked run, the screen went black. and then the computer restarted with that error screen that says " computer shut down unexpectedly ..... start in safe mode, safemode with networking, or start windows normally. so i booted up with a normal startup, and ran GMER like i did before and this is the log i uploaded to rapidshare.
Download Link:
http://rapidshare.com/files/2532160...
MD5: 0DB35C51BA8889D4D1699C98E06B1791
0
Follow these steps carefully and in order numbered:
1) Download The Avenger by Swandog46 from here.
2) Unzip/extract it to a folder on your desktop.
3) Double click on avenger.exe to run The Avenger.
4) Click OK.
5) Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
6) Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
Drivers to delete: MSIVXserv.sys Files to delete: C:\WINDOWS\system32\drivers\MSIVXgpwwytdtmirmvovpytpxvmguqylepicy.sys C:\WINDOWS\system32\MSIVXvgrwqjxfeuqjbwiitvnosqjxwphxqsqh.dll C:\WINDOWS\system32\MSIVXedvykmxcfcpexadxwtpmywdsbdbeeubp.dll
7) In the avenger window, click the Paste Script from Clipboard, button.8) Click the Execute button.
9) You will be asked Are you sure you want to execute the current script?.
10) Click Yes.
11) You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
12) Click Yes.
13) Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
14) After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
15) Please upload this log to rapidshare.com and post a download link to the uploaded file.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
Follow:
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
the first link is the malwarebytes log, the second link is the superantispywarelog
1. Download Link:
http://rapidshare.com/files/2540165...
MD5: 46627E5CB39A572E97B619B28808D3EE2. Download Link:
http://rapidshare.com/files/2540165...
MD5: 94FDDBFFC1424A5A826C570FB5493900 2. Download
0
Update your malwarebytes database and run a complete scan again.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
i updated and there was no malicious files found.
thank you very much for all of your help, your responses were very helpful and much appreciated.
i think my pc is good now, is there anything else i should do to makke sure?
0
Download ccleaner and clean your temp and registry.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
I ran ccleaner and it fixed alot. That's a good program thanks.
Can you think of anything else that I should do?
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
