Troj/Rustok-N

View previous topic View next topic Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 27th December 2008, 11:01 pm

I tried to run those files as you said and this is what I got:

regsvr32 urlmon.dll & regsvr32 Shell32.dll were the only ones that succeeded. The rest gave me error messages as follows:

1) regsvr32 Shdocvw.dll gave me an error message saying:

"The module Shdocvw.dll was loaded but the entry-point DllregisterServer was not found. Make sure that Shdocvw.dll is a valid DLL or OCX file and then try again"

2) regsvr32 Msjava.dll gave me an error message saying:

"The module Msjava.dll failed to load. Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files. The specified module could not be found."

3) regsvr32 Actxprxy.dll gave me an error message saying:

"The module Actxprxy.dll as loaded but the call to DllregisterServer failed with error code 0x80070005. For more information about this problem search online using the error code as a search term."

4) regsvr32 Oleaut32.dll, regsvr32 Mshtml.dll, and regsvr32 Browseui.dll all gave me the same error message as the one in #3.

Is this helpful? What next?

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 27th December 2008, 11:13 pm

UAC problem again. Annoyed or Unimpress

Click on Start, go to Programs -> Accessories, right click on Command Prompt and choose Run as administrator. Youíll be prompted to approve the action, and will then see a window that looks like this (notice the ĎAdministrator:í prefix!Crying



Now try the ones that didn't work again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 27th December 2008, 11:36 pm

Now only these didnt work:

msjava.dll
mshtml.dll
browseui.dll

The others worked

Now what?

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 27th December 2008, 11:42 pm

I'm not sure Vista has them files or not, I only know them instructions work for XP. I've only just noticed this.

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently.¬ Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 27th December 2008, 11:45 pm

I have an antivirus on my computer but just got rid of all of them like 10 minutes ago because none of them can find the problem. I don't understand what your telling me. I have vista. so are you telling me you can't help me?

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 27th December 2008, 11:53 pm

Now I just tried downloading antivir personal edition and I cant update the antivirus either.

It looks like nothing can remove this thing!!!!! I'm so freakin frustrated.

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 27th December 2008, 11:58 pm

Hello.
I'm trying not to say that.
We've run rootkit scans and found nothing suspicious, nor does the CF log say anything.

It's not rustock causing this, but it's something.
I'm wondering if it's the UAC stopping updates. Let me think


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 28th December 2008, 12:48 am

What is the UAC?

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 28th December 2008, 12:55 am

It's a (very annoying) security feature in Vista.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 28th December 2008, 1:01 am

so what do I do to check if thats the problem?

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 28th December 2008, 1:14 am


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=dword:00000000

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


Can you update your AV now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 28th December 2008, 11:48 pm

I did what you said and it still won't work. So now we know it isnt the UAC. What do you recommend I do next? Nothing seems to get rid of this thing.

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 28th December 2008, 11:51 pm

I would like to see the second opinion. Please navigate (using Internet Explorer, other browsers won't work) to the following site: [You must be registered and logged in to see this link.]

Scroll to the bottom of the page, and click Start Scan.

When prompted, choose to install the software. After the software has installed, click Accept. Click Custom Scan and check the option for Scan inside archives, then click Start. The necessary databases will then be downloaded, and the scan will then start automatically.

Please be patient as this scan will take a while to complete. If any infections are found then once the scan has finished, the "cleaning" screen will be displayed.

Choose Automatic cleaning (recommended).After cleaning has finished, then the Finish screen will be displayed.

Choose Show Report. In order to post the report, press CTRL+A on your keyboard to highlight all the text.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 29th December 2008, 1:49 am

These are the results I got running the antivirus you told me:

Scanning Report
Sunday, December 28, 2008 20:29:41 - 20:47:57
Computer name: MICHAEL-PC
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 7 malware found
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Statcounter (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 14301
System: 2834
Not scanned: 18
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 7
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{304836D8-ABF3-44B7-8823-E21C1A6EDB4F}.BIN
C:\Avenger\backup.zip\avenger/avenger.txt

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2008-12-27
F-Secure Pegasus: 1.20.0, 2008-11-17
F-Secure AVP: 7.0.171, 2008-12-28
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Scan inside archives
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 29th December 2008, 1:59 am

I don't know what's causing it, but it's not a rustock rootkit.
I'll see what my colleagues say.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 29th December 2008, 2:02 am

Thanks, please let me know as soon as possible. Could it be that its taken over the system registry and therefore cannot be detected?

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 29th December 2008, 2:03 am

Haha.
No, the bad guys aren't that smart just yet. LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 31st December 2008, 6:54 am

Have your colleagues been able to figure out how to solve my problem? Thanks.

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 31st December 2008, 2:27 pm

Can you uninstall your AV and then re-install it? See if that works.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 2nd January 2009, 2:40 am

I tried that, didn't work. any other ideas?

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by helpme82 on 2nd January 2009, 4:44 am

it seems like im gonna have to throw away this computer if dell cant fix it because nothing seems to be able to get rid of this trojan.

helpme82
Novice
Novice

Posts Posts : 28
Joined Joined : 2008-12-24
OS OS : windows vista
Points Points : 29050
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Belahzur on 2nd January 2009, 2:38 pm

I wouldn't say it's a trojan, we haven't found anything.
And throwing it isn't an option, it's not broken. A simpel format may fix things.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Troj/Rustok-N

Post by Doctor Inferno on 21st February 2009, 9:54 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum