Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


'Troj/Rustok-N' please help remove

  • Please log in to reply
1 reply to this topic

#1 goosby


  • Members
  • 5 posts
  • Local time:01:35 PM

Posted 27 August 2009 - 04:56 PM

Please delete past log...
Yes I caught the 'Troj/Rustok-N' virus...
The fake anti-virus keeps popping up saying do you do you want trustninja
to block this pop-up and it does that all the time...
I have ran SDFix.exe, OTS.exe, and ComboFix.exe... but maybe im running them wrong...
please help
Here's my log from malwarebytes anti-malware:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/27/2009 4:52:10 PM
mbam-log-2009-08-27 (16-52-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 145397
Time elapsed: 3 hour(s), 18 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ESQULSERV.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data:, -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data:, -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data:, -> No action taken.

Folders Infected:
C:\Program Files\RegTool (Rogue.RegTool) -> No action taken.

Files Infected:
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> No action taken.
C:\WINDOWS\Tasks\ErrorFix Scan.job (Rogue.ErrorFix) -> No action taken.

Edited by goosby, 27 August 2009 - 04:56 PM.

BC AdBot (Login to Remove)


#2 Guest_superbird_*


  • Guests

Posted 16 September 2009 - 08:54 AM


Did you delete everything?
Please do a new Full scan, and post the logfile.

Also do this please:

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
If you need a tutorial, see here

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users