Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus and Trojan Infections Virus.Win32.Nimnul.a Trojan.Win32.Lebag.agi


  • This topic is locked This topic is locked
2 replies to this topic

#1 azorek69

azorek69

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 04 April 2011 - 03:11 PM

Hello.

First I would like to say hello.

I have read these guidelines

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

For now I need to say, that I didn't do the DDS and GMER logs.

From what I had deep in my memory I assumed, that you will need a ComboFix log and HiJackThis log. I have those ready to post. (Now I know ComboFix is used if everything else fails)

If you would need me to do those DDS and GMER logs. I will gladly do it tomorrow.

So back to my problem.

I'm fixing a computer of my friend. Firstly I scanned his hard drive in my own PC and deleted or disinfected the infected files (I also have a log from Kaspersky). There were couple of Trojans, trojan downloaders and also one Virus.

The next thing I have done is put the HDD back into his PC and boot the OS. Oh, it is Win XP Home SP3 32-bit.

I've browsed the running services via Administrative Tools in Control Panel. I've browsed startup objects with MSConfig, also I've deleted some registry entries (that were suspicious to me).

Internet Explorer seemed to be infected, but it could pretty well be the effect of multiple Toolbars installed for IE. (WinOptimizer toolbar, AVG antivirus toolbar). I managed to uninstall AVG free antivirus 2011 with a uninstall tool from AVG website (Add & Remove Programs entry was corrupt).

Also I uninstalled Kaspersky Internet Security 2011. (I couldn't download instructions from the website, even if the connection was up and running)

This Hewlett-Packard Suite was (maybe still is) heavily infected.

I managed to install Firefox 4 and the web seemed to work. (Older installation of Mozilla was corrupt).

In the end I installed HiJackThis and get some logs. Also I installed ComboFix and Windows Recovery Console.

This is the first time I'm posting some logs with intention of getting help from more experienced users. I find myself moderately experienced also. Will gladly take help and enhance my own knowledge regarding Malware removal and ComboFix usage.

Attachements:

1) ComboFix log from Normal mode
2) HiJackThis log from Normal mode
3) ComboFix log from Safe mode
4) earlier log from Kaspersky scan

If I've done something wrong regarding topic creation and if you need other logs, please let me know.

With regards, azorek69.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 PM

Posted 12 April 2011 - 07:40 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 PM

Posted 17 April 2011 - 07:00 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users