Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected computer with Root.Necurs


  • This topic is locked This topic is locked
18 replies to this topic

#1 Bleky

Bleky

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 04 March 2014 - 11:08 AM

Hi again.My second computer is infected with threat named Root.Necurs.Is that a nasty rootkit or anything else?My computer doesent allow me to paste anything.Rogue Killer is not able to clean it.It also deleted Avira Free Antivirus  :killcomp:   :smash:


Edited by Bleky, 04 March 2014 - 11:19 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 AM

Posted 04 March 2014 - 11:35 AM

I'll be back to you shortly.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 04 March 2014 - 11:39 AM

Ok



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 AM

Posted 04 March 2014 - 11:44 AM

Looking up something about this...


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 04 March 2014 - 11:47 AM

My compter does not allow me to paste anything so i type the link to Rogue Killer report screenshot: prntscr.com/2xtkvb



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 AM

Posted 04 March 2014 - 12:39 PM

Soory to keep you waiting as I am trying to confirm if this is a curable infection.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 04 March 2014 - 12:43 PM

No problem  :wink:



#8 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 04 March 2014 - 04:15 PM

Did you find anything?I don't want the rootkit spread over internet connection to my another four computers that are used for working.

Edited by Bleky, 04 March 2014 - 04:23 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 AM

Posted 04 March 2014 - 05:37 PM

Hello, whew this is an ugly thing. We can clean it if ESET does Not find an Expiro infection.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 05 March 2014 - 08:22 AM

Also when i open IE it start 4 new tabs,computer needs about 5min. to boot up

and the browser is hijacked by Mywebsearch-fake search engine :killcomp:


Edited by Bleky, 05 March 2014 - 08:29 AM.


#11 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 05 March 2014 - 08:36 AM

When ESET online scanner updates i get an error message: Unexpected error 2002
EDIT:It is working now ;)

Edited by Bleky, 05 March 2014 - 09:17 AM.


#12 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 05 March 2014 - 09:50 AM

Eset log link to  screenshot: http://prntscr.com/2y3csj



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 AM

Posted 05 March 2014 - 10:48 AM

Ok, that's good 
 
Run GMER on 32 and 64 bit Systems -------------------- Please download GMER from one of the following locations and save it to your desktop:   Main Mirror which will download a randomly named file Zipped Mirror - Unzip the file to its own folder such as C:\gmer Disconnect from the Internet and close all running programs Temporarily disable any real-time active protection It is very important you do not use your computer while GMER is running Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon GMER will open to the Rootkit/Malware tab and perform an automatic quick scan If you receive a warning about rootkit activity and are asked to fully scan your system click NO Please check in the Quick scan box Please uncheck the following: IAT/EAT Show All <<< Important GMER2new_zpsdd936679.jpg Click Scan If you see a rootkit warning window click OK When the scan is finished, Save the results to your desktop as gmer.log Click Copy then paste the results in your reply Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled Note: If you encounter any problems, try running GMER in Safe Mode If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:03:24 PM

Posted 05 March 2014 - 12:11 PM

Nothing found.

When i did scan my computer with RK it found only 18 rootkit procceses that are stoped



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 AM

Posted 05 March 2014 - 12:24 PM

Lets see if MBAR finds them , if not we can get a deeper look.

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users