Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'Troj/Rustok-N'


  • Please log in to reply
3 replies to this topic

#1 cship4885

cship4885

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 23 February 2009 - 12:29 AM

I am running Windows XP Profession and recently I have been having ALOT of computer problems. I get tons of pop ups when browsing. If I do a google search, I ALWAYS get redirected when I click the links to a completely different and bogus site. Certain sites will inform me with a message that spyware on my computer is attacking their website, and I am unallowed to browse. The site says the virus is 'Troj/Rustok-N'. I believe I obtained the virus trying to download torrents using 'uTorrent'.

So far, I have run Ad-Aware, Norton AV, and Malwarebytes, all in safe mode, with out networking. I am unable to update ANY of my anti-virus/malware programs. Any time I try to update, I am told the download failed and to check my internet connection. I am also not even able to open Spybot S&D. I tried uninstalling and reinstalling, and it only got worse for S&D. The computer could completely install the program updates for previously said reason.

One last funny thing, I cannot open my C:\ by clicking the link. I get the error message:

"Windows cannot find 'RECYCLER\S-0-6-15-100014831-100013926-9389.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the start buttn, and then click Search."

I have also run HiJackThis and posted the log to someone who said it looked fine.

ANY and ALL help is greatly appreciated. I would really like to not have to reformat this computer.


Regards,
Chris S

Edited by cship4885, 23 February 2009 - 12:42 AM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 23 February 2009 - 08:09 PM

Hello.

'Troj/Rustok-N' is not a pleasent infection to have (well any kind of infection is unpleasent), but this infection is nasty.

It is related to a backdoor trojan. P2P sharing is notorious for carrying infections..

Posted ImageBackdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 cship4885

cship4885
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 24 February 2009 - 04:18 PM

WOW. I have gotten viruses/trojans before, and easily removed them with no problems. But like you said, this one has been very stubborn. Since obtaining the virus, I haven't logged into any websites requiring passwords for anything financial, security or anything; Only sites like Myspace, Facebook, Forums, etc. No banking, investment, Loans, etc.

I think since there is no 100% fix for this thing, I will just reformat the computer. How can I ensure that the infection is not spread to any files that I may transfer from the old format to the new? Is there anyway the infection can stay on the system other than spreading to transferred files?

The main files that will be transferred are pictures, spreadsheets, word documents, etc. I can reinstall any software for the computer rather than copying instal files over. I just wish my removeable disc had enough space for my itunes library.... :thumbsup:

Thank you for the response and advice.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 24 February 2009 - 05:39 PM

Hello again.

I think since there is no 100% fix for this thing, I will just reformat the computer. How can I ensure that the infection is not spread to any files that I may transfer from the old format to the new? Is there anyway the infection can stay on the system other than spreading to transferred files?

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe's, .scr, .com, .pif etc... as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

The main files that will be transferred are pictures, spreadsheets, word documents, etc. I can reinstall any software for the computer rather than copying instal files over. I just wish my removeable disc had enough space for my itunes library.... :thumbsup:

You can transfer it to another computer if you want and the back your music files again and then transfer it to the same computer over and over again until you have backed up all your music files :flowers:

Also, if you are going to use a flash-drive/removable drive I suggest you run this tool first.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Then you can do a reinstall. This will not remove any of your files or pictures etc... it just reinstall windows onto your Drive. If you partitioned your drive it would be easier because you just have to reinstall windows on that one drive, and all your other data will be safe.

However a format will remove everything. If you need help reinstall or formating please start another topic in the XP forum as this forum is only removing malware infections. Thanks.

Hope that helps. Any thing else you want to ask?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users