Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/trojan


  • Please log in to reply
No replies to this topic

#1 Vincee

Vincee

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 09 January 2010 - 11:18 AM

Hello! Some days after christmas i was out surfing, and poof. Malware Defence program downloaded itself and starting poping up. I downloaded Malwarebytes Anti Malware. And it removed all the files.

But theres still something there. When i try to scan trough Norman Security suite i got a failure message:

An unanticipated error has occured.
If it persists, please send the information below to our support department:

Context: NVCOD - ScanThread
Routine: NscExecuteScan
Error value: 0x00300002
Error name : NDIORC_CANT_OPEN_PHYS



When i mailed the norman guy he told me to download Norman Malware Cleaner.

Norman Malware cleaner can run but i cant search since the message: Unable to load nsak.sys. Error (0x00000001).

Malwarebytes find this file almost every time i run it.

Infected Registrykeys:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Malware bytes has also in different times found a ''Trojan Vundo'' but it was removed.

So, what i need help with is to find some way to be able to run Normans anti virus scanner, without reformating the whole computer.

If i missed some information or you need some extra. Just tell me.

Help me. Thanks.

Edit:

I add the very recent MBAM logg:
Malwarebytes' Anti-Malware 1.44
Databasversion: 3527
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-01-09 17:35:29
mbam-log-2010-01-09 (17-35-29).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 144523
Förfluten tid: 11 minute(s), 54 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 1
Infekterade registernycklar: 1
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
\\?\globalroot\systemroot\system32\H8SRTnoptsnsiex.dll (Trojan.Vundo) -> Delete on reboot.

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
\\?\globalroot\systemroot\system32\H8SRTnoptsnsiex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

I have Rkill and Smitfraud downloaded at computer. I can run both, but i cant get the malware away.

Edited by Vincee, 09 January 2010 - 11:49 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users