Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.Viknok!inf detected please help me remove


  • This topic is locked This topic is locked
13 replies to this topic

#1 Sigmatam

Sigmatam

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 19 April 2014 - 05:38 PM

Yesterday my norton popped up a threat detected for trojan.Viknok!inf and says I need to manually remove it. I dont know how to remove it. Please help. I've disconnected the internet for now, but dont know what else to do.

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:37 PM

Posted 19 April 2014 - 06:09 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • Next please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Sigmatam

Sigmatam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 21 April 2014 - 08:43 AM

I'm having some issues doing what you requested. I cannot open the windows start up menu and bar since it is now missing. My internet is no longer connecting on this computer. Not sure why. ideas?

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:37 PM

Posted 21 April 2014 - 09:11 AM

Did you try to reboot the computer?

About the network issue can you transfer FRST from another computer via usb flash drive to the affected one?

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 21 April 2014 - 10:44 AM.
typo.

cXfZ4wS.png


#5 Sigmatam

Sigmatam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 21 April 2014 - 09:33 AM

Thanks Georgi,

Restarting the computer didn't solve the problem. I will use the usb drive to transfer farbar... how can I get the usb drive open if there is no windows start up bar/ tool bar at the bottom of my screen?

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:37 PM

Posted 21 April 2014 - 10:46 AM

Hi,

 

Do you have an installation DVD? If so then try the steps described below:

 

To run FRST on Vista, Windows 7 and Windows 8 in RE:

 

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Sigmatam

Sigmatam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 21 April 2014 - 10:56 AM

I have Windows XP on my system, but do not have the backup cd/ dvd.  I did download the FRST Tool onto the flashdrive though



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:37 PM

Posted 21 April 2014 - 11:48 AM

Hi.

 

Press Ctrl + Alt + Delete key together and task manager will open

Now Go to file menu and click on new task (run) command Run box will be opened.

Type there eplorer.exe and hit enter button and see if your desktop shows up.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Sigmatam

Sigmatam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 21 April 2014 - 12:07 PM

This does not make the desktop show up.



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:37 PM

Posted 21 April 2014 - 01:10 PM

Hi,

 

So you can see the explorer.exe process running among other processes in Task Manager?

 

Can you borrow a CD with windows XP with the same Service Pack as the one installed on your computer from a friend, or colleague?

We are with tied hands at the moment...

 

A few suggestions.

 

1. Can you boot in Safe Mode and tell me if you can access your desktop?

2. Reboot the computer and as it's booting repeatedly press the F8 Key, which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Last Known Good Configuration" and press your Enter key and see if that resolve the issue...

3. If no joy try this please. You will need a USB drive:

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Sigmatam

Sigmatam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 21 April 2014 - 03:42 PM

Still not having luck.  Tried to find CD with windows xp, but as of now I can't.  May be a while before I hear back from one or two friends on that one. 

 

I tried usb option and got error msg on the XUD screen: not enough memory to load specified image.

 

Is it going to be easier to just install a different OS on this computer?  I hate to do it since I will lose some files, but nothing I seem to do works to fix this bug



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:37 PM

Posted 21 April 2014 - 05:04 PM

Hello,

 

Perhaps a bad download or burn? Have you tested the usb in another computer?

 

Also try to disable Memory Hole at 15M-16M in Bios (if you have such option) and try again to load xPud.

 

http://www.computerhope.com/issues/ch000933.htm

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:37 PM

Posted 22 April 2014 - 06:15 AM

Btw also you may try to run FRST.exe using Task Manager => File => New task (run...) => Browse => navigate to your flash drive and click on the FRST.exe.

If the operation is successful then run a scan and post the log in your next reply.

 

Regards,

Georgi


cXfZ4wS.png


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:37 PM

Posted 29 April 2014 - 04:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users