Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'Troj/Rustok-N'


  • This topic is locked This topic is locked
1 reply to this topic

#1 wikus

wikus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 26 August 2009 - 12:11 AM

Problem solved. thanks anyhoo

I received this when going to a pornography website "Your computer (IP: xxxxxxxxx) generates attacking our servers DOS requests. This attack was provoked by the spyware/virus named 'Troj/Rustok-N' ". Spybot won't open up or update. Spyware doctor also will not update. Hijackthis will not run. SDfix reports no trojans. The only noticible problem i've received has been from links on google not loading. It goes to a white screen in the browser and if I reload it, it goes back to the original search. Links to websites on google will usually work on the second attempt. At this point I am desperate because I have tried all common methods for the detection and removal of this trojan. It's beyond my league now so... here goes:


================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\s27xqcna.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-25 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-30 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-14 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-30 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-8 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-6 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-25 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-25 1097096]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2009-7-16 69120]

=============== Created Last 30 ================

2009-08-25 22:48 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-25 22:47 <DIR> --d----- c:\windows\ERUNT
2009-08-25 14:50 <DIR> --d----- C:\SDFix
2009-08-25 14:43 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 14:43 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-25 14:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 14:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-25 14:25 <DIR> --d----- c:\program files\Trend Micro
2009-08-25 14:13 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-25 14:13 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-25 14:13 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-25 14:13 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-08-25 14:13 <DIR> --d----- c:\program files\common files\PC Tools
2009-08-25 14:13 <DIR> --d----- c:\program files\Spyware Doctor
2009-08-25 14:13 <DIR> --d----- c:\docume~1\mark\applic~1\PC Tools
2009-08-25 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools

==================== Find3M ====================

2009-07-15 15:43 88,606 a------- c:\windows\War3Unin.dat
2009-07-08 11:27 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 16:26 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 05:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-12 02:47 30,872 a------- c:\docume~1\mark\applic~1\wklnhst.dat
2008-12-23 10:36 478,526 a------- c:\docume~1\alluse~1\applic~1\phn.dat
2006-10-29 15:52 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 23:32:28.43 ===============

Any help is received with great appreciation. Thank you.

Attached Files


Edited by wikus, 26 August 2009 - 08:05 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:04 AM

Posted 26 August 2009 - 11:48 PM

Problem solved. thanks anyhoo


Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users