Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

removing troj/rustok-n


  • Please log in to reply
3 replies to this topic

#1 angus475980

angus475980

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 03 January 2009 - 03:10 PM

Hi everyone I"m new to this forum. My friend is having a problem with his computer he's got the trojan troj/rostuk-n. How do I go about removing it? I've tried Malwarebytes to no luck. Here's the log.

Malwarebytes' Anti-Malware 1.31
Database version: 1602
Windows 6.0.6000

1/3/2009 2:34:56 PM
mbam-log-2009-01-03 (14-34-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 105165
Time elapsed: 26 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fc5636cb-f9f2-4c95-83a7-63ea8d07883f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fc5636cb-f9f2-4c95-83a7-63ea8d07883f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{fc5636cb-f9f2-4c95-83a7-63ea8d07883f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Mike\AppData\Local\Mozilla\Firefox\Profiles\cxcfvheg.default\Cache\738CC91Dd01 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 03 January 2009 - 10:05 PM

Have you restarted the computer so the changes can be made?

While I was looking, I noticed that he may not have Service Pack 1 for Windows Vista. Many bugs and serious security risks were patched and fixed in Service Pack 1. I highly recommend that it gets updated as soon as possible.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA

Posted 03 January 2009 - 10:50 PM

Hello I would like for you to run Part 1 of S!Ri's SmitfraudFix

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 angus475980

angus475980
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 24 February 2009 - 11:03 PM

Hey I downloaded smitfraud but for some reason it wont let me do the search function. Is there anything else i can do? Thanks for all your help. I know its been a while since i posted but been busy lol.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users