Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista 32Bit/ Worm.Win32.Netsky Virus


  • Please log in to reply
7 replies to this topic

#1 Kristen Skye

Kristen Skye

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 05 January 2010 - 04:38 PM

I turned off my computer last-night which had been giving me this constant "c.exe stopped working" error message which I ignored. Today I opened my account and found only my wallpaper. NO taskbar, NO icons and this message:

Posted Image

So I immediately thought of a System Restore. I pressed Ctrl+Alt+Delete and came up with the Vista options all without the "Task Manager" option.

Yet here's another problem: Its all on my laptop, which its screen cracked couple months back and have been using a Logitech Wireless Keyboard/Mouse and Monitor Screen as a substitute ever since. Have no money to fix it but it works well kind-of like a compact desktop. I bring this up because I can NOT see the boot screen. The earliest my Monitor shows something is When I put in my password to login.

4,000+ iTunes Songs and All of my private data.
Please Help
It would be greatly appreciated.
Thank you:)

BC AdBot (Login to Remove)

 


#2 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 05 January 2010 - 11:08 PM

Kristen,
try using the guide posted at http://www.bleepingcomputer.com/virus-remo...tivirus-pc-2009
Follow the steps carefully and let me know how it worked.

#3 Kristen Skye

Kristen Skye
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 07 January 2010 - 05:54 PM

Kristen,
try using the guide posted at http://www.bleepingcomputer.com/virus-remo...tivirus-pc-2009
Follow the steps carefully and let me know how it worked.



Thanks trev47
I did the "rkill.exe" and everything that post told me to do.
But when I downloaded "Malwarebytes' Anti-Malware" and opened it to install it:
I got this error
"Setup
Access violation at address 10006100. Read of address 774DC1CC"

Then I tried renaming the file to a random name so maybe the malware wont block it but the same error pops up. :thumbsup:

Edited by Kristen Skye, 07 January 2010 - 05:56 PM.


#4 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 07 January 2010 - 09:52 PM

Kristen,
Delete rkill and malwarebytes from your desktop and try following the guide one more time. After you have run rkill. When you save malwarebytes, save it as kristen.exe to your desktop, and then try to install it. If you get the same errors as before then try the following:
Run rkill if you have need to again. Download SuperAntiSpyware from http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
Install it and run it.

Or try to download Dr Web CureIt from http://www.freedrweb.com/cureit/?lng=en and run it

Let me know if any of these works for you.

#5 Kristen Skye

Kristen Skye
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 09 January 2010 - 03:15 PM

Kristen,
Delete rkill and malwarebytes from your desktop and try following the guide one more time. After you have run rkill. When you save malwarebytes, save it as kristen.exe to your desktop, and then try to install it. If you get the same errors as before then try the following:
Run rkill if you have need to again. Download SuperAntiSpyware from http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
Install it and run it.

Or try to download Dr Web CureIt from http://www.freedrweb.com/cureit/?lng=en and run it

Let me know if any of these works for you.


The "SuperAntiSpyware" didn't help any since it wasn't able to open.
But the "Dr. Web CureIt" ran and wokded.

After 1:34:09 of scaning
I had 13 Infected folders | 5 was Moved | 8 was Deleted.

After it was done it said:

"Restart Computer
[OK] [Cancel]"

I pressed OK and the computer restared.
When it booted and I logged in, Nothing! theres No errors but No Taskbar, Start Menu, or Files shortcuts or Extensions.
Not even my Wallpaper is there, just a big fat black screen and a mouse pointer.

Now I cant even download the programs you give me on this computer into the FlashDrive and run it on my infected laptop because all of the error file opening loopholes are closed! :flowers:

Although I can view my file folders and programs ONLY when I press Ctrl+Alt+Del / Task Manager / New Task / Browse
But thats only if it lets me. 2 out of 3 times this little trick wont work for me anymore

I dont know to do! I really thought this was going to work :thumbsup:

Edited by Kristen Skye, 09 January 2010 - 03:35 PM.


#6 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 09 January 2010 - 05:09 PM

After ctrl+alt+Del new task type "explorer" and ok.
Try installing malwarebytes again, update it and run it

Edited by trev47, 09 January 2010 - 07:13 PM.


#7 Kristen Skye

Kristen Skye
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 12 January 2010 - 04:04 PM

After ctrl+alt+Del new task type "explorer" and ok.
Try installing malwarebytes again, update it and run it


Posted Image

It Worked!
Only thing is that all of the threasts were just "Moved" so I dont know if I'm fully cured.
Im now running the Malwarebytes and hopefully finish this once and for all. :D
So I dunno if I want to connect to the Internet just yet :/

BTW
trev47, you are such a sweetheart :flowers:
the only person thats helped me

Thnaks :thumbsup:

Edited by Kristen Skye, 12 January 2010 - 04:09 PM.


#8 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 12 January 2010 - 10:56 PM

Kristen,
we are making progress :thumbsup: When Malwarebytes has finished scanning your system and you have removed the threats (Refer to the guide in my first post for directions on running MBAM) please post the log for review.

Regarding SAS "moving" the infection read this for peace of mind:
How does the SUPERAntiSpyware Quarantine work?

The SUPERAntiSpyware Quarantine is a secure "holding pen" for items that have been detected as threats and removed from your hard drive and/or registry. The items listed in your Quarantine have been removed from your system and are inert inside the Quarantine. Quarantined items will not run and they cannot harm your system.

After a scan has completed, the quarantine process adds the threat items to the Quarantine, and then removes the items from where they reside on your hard drive and/or registry. The Quarantine displays this as "Adding:..." and "Removing:...", respectively.

The Restore... button allows you to restore quarantined items back onto the disk and/or registry location(s) where they were originally detected. Restore... can be used to un-quarantine items that have been incorrectly detected by SUPERAntiSpyware as malware. Note that most users will never need to use the Restore... functionality. If a legitimate malware threat is un-quarantined, you could be putting your system at risk.

The Remove... button allows you to permanently delete quarantined items from the Quarantine. Removing an item from the Quarantine means that it will no longer reside on your PC.

I await your next post with your logs, and thanks for the praise! Someone else would have helped you if I hadn't responded - and still might.

Trev




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users