Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj/Rustok-N Looking For a Way of Removal.


  • Please log in to reply
1 reply to this topic

#1 angryporkchop

angryporkchop

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 10 July 2009 - 08:56 AM

Hi, recently, I have been having some slight computer problems. I went do a certain website and was told:

"Your computer (IP: 216.201.22.11) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.

We strongly recommend you to run your antivirus edition and, if necessary, check it for the latest updates available.

You may also download recommended software, which has been approved by a number of our surfers who encountered the same problem and used this software to overcome it.

Make sure your computer is protected before continue browsing. Without this antivirus software your computer becomes a pushover for hackers.

Leaving computer unprotected may lead to:
- Computer performance slowdown and operating system crash
- Serious drop of traffic caused by hidden advertising
- Leak of personal and credit card information
- The inappropriate use of your personal photos by web sites
- Using you machine as a source for spam spreading
- Infection spreading to other removable devices such as memory cards, writable CD and DVD disks
- Getting your cell phone infected through USB. The first sign of infection in your cell phone device will appear as sms-messages sent to paid numbers
- etc

Make sure you use effective antivirus software. We recommend you to check your computer right now and the software that have already helped thousands of our visitors.



We apologize for the inconvenience, and hope we'll see you again on www.redtube.com

Find more comments on the software at: aumhaphpbb.com"


I did download it, stupidly, but quickly uninstalled that program and used CCleaner to remove any file extents related to it. I have MBAM, but it does not launch at all, and some other programs can't update/launch to remove this trojan. For any other info, just ask, please help me get my computer back asap.
~Alex

(Fake Edit): I have also realized that explorer.exe, the user is running under "Alex" (mine login name) and not SYSTEM like any other SYSTEM programs should.

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 PM

Posted 10 July 2009 - 10:07 AM

Hello, that site will always have malware... Try UN and RE installing MBAM as below.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Now run part 1 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users