Yes I caught the 'Troj/Rustok-N' virus...
The fake anti-virus keeps popping up saying do you do you want trustninja
to block this pop-up and it does that all the time...
I have ran SDFix.exe, OTS.exe, and ComboFix.exe... but maybe im running them wrong...
please help
goosby
Here's my log from malwarebytes anti-malware:
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3
8/27/2009 4:52:10 PM
mbam-log-2009-08-27 (16-52-02).txt
Scan type: Full Scan (C:\|)
Objects scanned: 145397
Time elapsed: 3 hour(s), 18 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ESQULSERV.sys (Trojan.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> No action taken.
Folders Infected:
C:\Program Files\RegTool (Rogue.RegTool) -> No action taken.
Files Infected:
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> No action taken.
C:\WINDOWS\Tasks\ErrorFix Scan.job (Rogue.ErrorFix) -> No action taken.
Edited by goosby, 27 August 2009 - 04:56 PM.