Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Found Can't Remove It


  • Please log in to reply
7 replies to this topic

#1 leran

leran

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 28 March 2008 - 11:03 AM

Greetings, my virus program found a trojan named "Trojan.nebluer". and am wondering if there is a program that can remove this? My virus program cant find a way to solv it but it blocks it from entering the system. Anyway i rly don't want to reinstall my computer again :thumbsup: so if there is a site/program i can get to remove this then i would be glad :D
Games:Games:Games|and ofc MORE games.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:56 PM

Posted 28 March 2008 - 11:06 AM

hi leran,while i am researching this can you tell me what program found itand is this an XP machine.
Also did you mean 'nebuler' ?

Edited by boopme, 28 March 2008 - 11:08 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 leran

leran
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 28 March 2008 - 01:07 PM

I use xp on my computer and my antivirus program is Norton from symantec. And sorry the name of the virus is Trojan.nebuler ^^


I also use Superantispyware, booted my computer to safe mod and searcet with both programs found it destroyed it! but it seems that my Norton program still finds it on normal boot mod.
Games:Games:Games|and ofc MORE games.

#4 leran

leran
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 28 March 2008 - 01:28 PM

I just scanned again with my Norton and i shows that there is no virus left.... Anyway not sure i want to belive that.
Games:Games:Games|and ofc MORE games.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:56 PM

Posted 28 March 2008 - 01:56 PM

Could you pleas post the Super scanlog.
To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
[*]Click Preferences, then click the Statistics/Logs tab.
[*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
[*]If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply.
[*]Click Close to exit the program.

Edited by boopme, 28 March 2008 - 01:57 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 leran

leran
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 28 March 2008 - 02:14 PM

Here are two scans i have done, First scan shows you the problem (This is done in safe mod). Second scan is from a few min/hrs.

FIRST SCAN!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/28/2008 at 05:32 PM

Application Version : 4.0.1154

Core Rules Database Version : 3426
Trace Rules Database Version: 1418

Scan type : Complete Scan
Total Scan Time : 00:16:05

Memory items scanned : 462
Memory threats detected : 3
Registry items scanned : 3363
Registry threats detected : 9
File items scanned : 11720
File threats detected : 6

Trojan.Unclassified/AffiliateBundle
C:\WINDOWS\SYSTEM32\EFCYRKBQ.DLL
C:\WINDOWS\SYSTEM32\EFCYRKBQ.DLL
C:\WINDOWS\SYSTEM32\YAYVUNHY.DLL
C:\WINDOWS\SYSTEM32\YAYVUNHY.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{08A8068E-53D1-42B2-B197-6D568843721F}
HKCR\CLSID\{08A8068E-53D1-42B2-B197-6D568843721F}
HKCR\CLSID\{08A8068E-53D1-42B2-B197-6D568843721F}\InprocServer32
HKCR\CLSID\{08A8068E-53D1-42B2-B197-6D568843721F}\InprocServer32#ThreadingModel
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\efcYRKBq

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\RQRLEBCT.DLL
C:\WINDOWS\SYSTEM32\RQRLEBCT.DLL

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ED5852E-6CDC-4A6F-8A8F-EB302C9DE104}
HKCR\CLSID\{9ED5852E-6CDC-4A6F-8A8F-EB302C9DE104}
HKCR\CLSID\{9ED5852E-6CDC-4A6F-8A8F-EB302C9DE104}\InprocServer32
HKCR\CLSID\{9ED5852E-6CDC-4A6F-8A8F-EB302C9DE104}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Aleksander\Cookies\aleksander@advertising[1].txt
C:\Documents and Settings\Aleksander\Cookies\aleksander@atdmt[2].txt
C:\Documents and Settings\Aleksander\Cookies\aleksander@tradedoubler[2].txt













LAST SCAN!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/28/2008 at 07:15 PM

Application Version : 4.0.1154

Core Rules Database Version : 3426
Trace Rules Database Version: 1418

Scan type : Complete Scan
Total Scan Time : 00:11:33

Memory items scanned : 389
Memory threats detected : 0
Registry items scanned : 3359
Registry threats detected : 0
File items scanned : 11697
File threats detected : 0

Edited by leran, 28 March 2008 - 02:17 PM.

Games:Games:Games|and ofc MORE games.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:56 PM

Posted 28 March 2008 - 03:00 PM

I'd say you got it out. If there are no more symptoms please run these.
1>
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2>
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanupto remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 leran

leran
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 28 March 2008 - 04:09 PM

Thanks all done :D Now i feel more safe from this virus... Anyway il be back someday i guess for more help :thumbsup:
Games:Games:Games|and ofc MORE games.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users