Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: RansSIRIA Ransomware Takes Advantage of the Syrian Refugee Crisis

Featured Deal: Get 92% off a Microsoft Azure Mastery Bundle Deal

'Troj/Rustok-N' please help remove

Started by goosby , Aug 27 2009 04:56 PM

Please log in to reply

1 reply to this topic

#1 goosby

Members
5 posts
OFFLINE

Local time:06:49 PM

Posted 27 August 2009 - 04:56 PM

Please delete past log...
Yes I caught the 'Troj/Rustok-N' virus...
The fake anti-virus keeps popping up saying do you do you want trustninja
to block this pop-up and it does that all the time...
I have ran SDFix.exe, OTS.exe, and ComboFix.exe... but maybe im running them wrong...
please help
goosby
Here's my log from malwarebytes anti-malware:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/27/2009 4:52:10 PM
mbam-log-2009-08-27 (16-52-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 145397
Time elapsed: 3 hour(s), 18 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ESQULSERV.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{576a0ceb-b6de-4d2b-8739-7ef79982cd50}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> No action taken.

Folders Infected:
C:\Program Files\RegTool (Rogue.RegTool) -> No action taken.

Files Infected:
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> No action taken.
C:\WINDOWS\Tasks\ErrorFix Scan.job (Rogue.ErrorFix) -> No action taken.

Edited by goosby, 27 August 2009 - 04:56 PM.

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Guest_superbird_*

Guests
OFFLINE

Posted 16 September 2009 - 08:54 AM

Hi,

Did you delete everything?
Please do a new Full scan, and post the logfile.

Also do this please:

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.