Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several trojans and problems


  • Please log in to reply
8 replies to this topic

#1 jonalara

jonalara

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 25 April 2011 - 01:30 PM

Hello i decided to desperately register here to seek some help
on sunday that i returned from my vacation and started my pc i noticed that my antivirus nod 32 detected several problems and virus
when i opened my internet browser it automatically closes or restores the webpage due an error and in the end it says that theres an error on the page and is not possible to access it, also randomly nod32 detects and blocks an internet website and a remote ip

i already tried scanning with the antivirus eset nod 32, superantisyware and, malwarebytes and pc doctor they detect some viruses and deleted it but when i restart the virus is still there

nod 32 is detecting several variations of the trojan kryptyk.muu nd kryptyk muu nd also fake alrert.arf trojan, some treaths are marqued as multiple problems and one that was just detected once since the first day that i started with problems a virus called tsr.boot.

also i followed a tutorial to get rid of something called IsaMonitor and some other virus that where anup.exe,nuyol.exe

on other forums they suggested me to use tdssrkill but the installation process stops at 80% and it shows an error, i already tried to rename and still does not work
and finall they suggested me to use OTM by Oldtimer with some commands and the problem got worse!!

all the files on the desktop where deleted, also in my documents folder, the shortcuts where deleted, and even with the program files folder are still there the files for example winrar shows as a white paper that if i clic on them it opens winrar

i already used recuva and pc inspector and i managed to recover about 30% of the files, the others does not appear or it appears with 0 kb due they have been rewrited

so thats all my history it seems that the problem is getting worse and worse, sometimes when i restart my computer keeps restarting over and over even when i select to restart form the last know configuration that worked

also i tried to use system recovery and it shows a message after restarting that is not possible to recover the information that i need to choose another recovery date



hope someone can help me i have windows xp system ( in spanish due im from mexico) and currently im using a mac laptop and a usb to transfer the files to the infected pc (i already disinfected the usb drive)

cheers :(



UPDATE: today i turned on the PC and it shows a message
NTLDR is missing
press ctrl alt supr to reboot.

:(!!

Edited by jonalara, 25 April 2011 - 03:02 PM.


BC AdBot (Login to Remove)

 


#2 Curiousp

Curiousp

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:10 PM

Posted 25 April 2011 - 06:38 PM

Have you tried CCleaner or HitmanPro? Might also be a good idea to try Prevx. All of these are reliable and strong in detection. I recommend trying this. Sounds like the viruses and trojans deleted or configured part of your registry..

#3 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 25 April 2011 - 06:43 PM

I would follow this guide http://www.bleepingcomputer.com/forums/topic34773.html and wait for a malware trained expert to get back with you.

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#4 jonalara

jonalara
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 25 April 2011 - 07:14 PM

i usually use ccleaner and im unable to test the other two due the pc wont boot anymore
tommorrow i will take mi hdd to a friend to connect it as slave and try to back up my data and restore the boot registry to get again my pc working and work in the ddos log and proceed with the desinfection

i hope that getting my hdd as slave in another computer does not infect my friends pc :S

#5 jonalara

jonalara
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 26 April 2011 - 06:18 PM

i already recovered acess to my pc and meanwhile my hdd was on slave mode my friend sacnned it with symantec endpoint antivirus and it seems that the problem was corrected

BUT

i uninstalled i explorer and installed again normally, pc asked me to reboot wich i did and now the ntldr file is missing again!!!
any idea ahy is it happening?

#6 Computerproblem101

Computerproblem101

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 26 April 2011 - 08:10 PM

Missing files are generally related to Malware that was intended to run at boot and then were removed. Go to http://www.Malwarebytes.org - open it, update it, run the Quick Scan and remove any infections found. A log with what was detected will now pop up in notepad, copy and paste everything in that notepad document and post it here. After you post the log here, reboot your PC.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 26 April 2011 - 09:30 PM

If NTLDR is still missung after the MBAm scan...

Insert the Windows XP bootable CD into the computer.
When prompted to press any key to boot from the CD, press any key.
Once in the Windows XP setup menu press the "R" key to repair Windows.
Log into your Windows installation by pressing the "1" key and pressing enter.
You will then be prompted for your administrator password, enter that password.
Copy the below two files to the root directory (ususally C:\)of the primary hard disk. In the below example we are copying these files from the CD-ROM drive letter, which maybe is "e."

copy e:\i386\ntldr c:\
copy e:\i386\ntdetect.com c:\
Once both of these files have been successfully copied, remove the CD from the computer and reboot.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 jonalara

jonalara
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 26 April 2011 - 09:56 PM

i already recovered the access to my system with the previous response

so it seems that the malware or the program OTM by Old timer deleted all my data u.u
also i have some problems with the desktop, it does not show shortcuts to some programs and there is no option to send to desktop and create a short cut
im working into malwarebytes log to paste it here.

is there any ways to repir the registry as it was before or something? the malware deleted all my restore points also :S

#9 dwilliams15

dwilliams15

  • Banned Spammer
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 26 April 2011 - 10:18 PM

It may be worth removing nod32 and installing AVG Free Edition to see if that has the same problem. AVG Free can be found at http://www.free-virus-download.com.

Don't install two antivirus packages on the same computer. Make sure you remove nod32 first.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users