Hi,
I've seen recent posts regarding this virus and everyone seems to have the same problem; NOD32 identifies the virus but can't delete it. It even say's where it is; Windows\system32\winlogon.exe.
I tried running ComboFix after reading instructions. One set of instructions indicated that after disabling security/firewall initially, I should then enable it as Combofix is running. This didn't make sense but I tried it both ways...first disabled then again enabling after Combofix started it's scan. I have two logs; the first says I'm infected..the next one doesn't seem to find it, but it's still here.
In both cases I succesfully uninstalled ComboFix and other than the threat warning that pops up every few minutes, I can get email etc.. I am not logging into sensitive sites (e.g. bank accounts) and have run the ATF cleaner that one of your support people (elise025) smartly recommended another inflicted user.
I have a LapTop that is running XP Home SP3. My DVD drive is broken so it can't read or write. I use USB memory sticks for transferring files.
I can send the logs however I don't see how to insert the files in this email and didn't want to paste all that without being asked for it.
By the way, elise025 recommended running Dr. Web Cureit which I did, but gave up after 5 hrs of it running a full scan with only 20% completed.
I would greatly appreciate some guidance on how I can get this thing off my computer.
Many thanks in advance!
Cheers,
Sandy
Full Version: Spy.Ursnif.A Virus NOD32 [Moved]
I am moving this topic to the Am I Infected forum where you can get assistance with this issue.
Orange Blossom
Orange Blossom
Combofix logs are not allowed in this forum
You only have one post. Where did elise025 tell you to use Dr. Web Cureit?
I trust you read the disclaimer about running Combofix on your own
http://img.photobucket.com/albums/v666/sUB...imer_090525.gif
All real-time security programs must be OFF while running Combofix
I have no idea what tools you used. If you wish to submit a hjt guide, please follow these instructions
Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.
You only have one post. Where did elise025 tell you to use Dr. Web Cureit?
I trust you read the disclaimer about running Combofix on your own
http://img.photobucket.com/albums/v666/sUB...imer_090525.gif
All real-time security programs must be OFF while running Combofix
I have no idea what tools you used. If you wish to submit a hjt guide, please follow these instructions
Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.
Thanks Mark!
I followed your instructions and have posted the logs in the HiJack This log forum.
Cheers,
Sandy
I followed your instructions and have posted the logs in the HiJack This log forum.
Cheers,
Sandy
Hello,
Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic238765.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible
To avoid confusion, I am closing this topic. Good luck with your log.
Orange Blossom
Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic238765.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible
To avoid confusion, I am closing this topic. Good luck with your log.
Orange Blossom
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.