Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spysweeper - App/Nirsoft-Gen Found on Win7 HP


  • This topic is locked This topic is locked
3 replies to this topic

#1 Metalball

Metalball

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 22 May 2010 - 04:45 PM

I have been browsing and searching these forums in hope of discovering the fix for this issue. I own a Dell XPS 1640 laptop running Windows 7 Home Premium 64-bit edition. The current antivirus program is Avast! Home v5. I also run two antispyware programs, Webroot Spysweeper and Spybot Search & Destroy.

I allowed a buddy of mine to use my computer for approx. 4 days while his Apple Macbook Pro was in the shop to get the LCD screen replaced. Apparently that was a foolish move. After he returned it, I completed a sweep of my HDD, and Spysweeper discovered that there is a Hacktool called "App/Nirsoft-Gen" installed on my PC. It cannot quarantine or remove this rootkit.

Following some advice discovered for Win Vista, I downloaded GMER, Defogger, and ComboFix. However, only the Defogger software is able to run. GMER stops with an error stating that the file specified cannot be located. ComboFix, at least the version posted in the thread (http://www.bleepingcomputer.com/forums/topic296473.html), is incompatible with Win7.

The Defogger ran as expected and is presently "disabled" for CD emulator drivers. Spybot also discovered two registry errors (Microsoft.WindowsSecurityCenter_disabled) and removed them. I also attempted to use the online Trendmicro Housecall v7.1 to remove the rootkit. Unsuccessful (it didn't detect it at all).

I want to get this malware off of my PC immediately. Any suggestions on how to go about removing it? Any assistance would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:45 PM

Posted 22 May 2010 - 06:15 PM

Hello, you shouldn't even be running CombFix ,it and Gmer are not 64 bit compatable..

Use OTL

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Then go here here and create a new topic Virus, Trojan, Spyware, and Malware Removal Logs .

Let me know if that went well.

Edited by boopme, 23 May 2010 - 02:03 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Metalball

Metalball
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 22 May 2010 - 10:56 PM

OTL ran as expected. I have copied both log files per request. New thread has been created at http://www.bleepingcomputer.com/forums/t/318542/spysweeper-appnirsoft-gen-found-on-win7-home-premium/.

Thanks for the fast reply!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:45 PM

Posted 23 May 2010 - 02:04 PM

OK,thanks ,log looks good.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users