Over 1 million tech questions and answers.

Troj/Rustok-N persistent infection

Q: Troj/Rustok-N persistent infection

so a couple of months ago i was infected with Troj/Rustok-N i know this because the site i was at when i was infected told me i had it, i looked it up and tried to figure out how to remove it and i downloaded malawarebytes and super anti spyware and spyware doctor and tried to run scans on them but they wouldnt update so it was difficult, eventually using another computer and doing some stuff i forget exactly what i did i got the porgrams to update but they didnt find anything bad most of the threats they found were either mild or moderate, so i feel it really didnt find it and instead found other infections that were the result of the main infection... i have felt the computer slow down since then and ive been running scans with malaware bytes and super anti spyware with minimal results showing up and the computer still doesnt feel as fast as it was before i got infected. so i think its still there and bogging everythign down.

i am runing windows vista

RELEVANCY SCORE 200
Preferred Solution: Troj/Rustok-N persistent infection

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Troj/Rustok-N persistent infection

Read other 12 answers
RELEVANCY SCORE 89.6

 Attach.txt   7.02KB
  5 downloads
 Attach.txt   7.02KB
  5 downloadsHELLO EVERYONE,

I'M NEW TO THIS FORUM SO I APOLOGIZE FOR ANY PROTOCOL MISTAKES. 1-23-09 I FIRST NOTICED SERIOUS PROBLEMS WITH MY LAPTOP.HERE ARE THE SYMPTOMS AND WHAT I HAVE DONE SO FAR TO RESPOND TO THE APPEARENT MALWARE/TROJAN ATTACK:

- NORTON INTERNET SECURITY 2009 INFORMS ME ABOUT SECURITY BREECH-"BACKDOOR TIDESERVLINF". SUPPOSEDLY
THIS WAS CORRECTED BY NIS2009.
- NIS INSTRUCTED ME TO RESTART COMPUTER TO FINISH RESOLVING SECURITY BREECH.WHEN I REBOOTED, NIS WAS
NON FUNCTIONAL, NOT RUNNING.
- ALSO,INTERNET EXPLORER WOULD NOT ACCESS INTERNET,I COULD NOT ACCESS C DRIVE(JUST GOT ERROR
MESSAGE).
- I TRIED TO USE SYSTEM RETSORE TO ROLL BACK TO 1-17-09, SYSTEM RESTORE WOULD LOCK UP. I TRIED USING
SYSTEM RESTORE IN SAFE MODE WITH THE SAME "LOCK UP".
- I USED"NORTON_REMOVAL_TOOL.EXE' ONCE.
- I USED "NISO9EN.EXE" TO RESTORE NIS2009.
- WHEN NIS WAS RESTORED I NOTICED THAT IT COULD NOT RETREIVE UPDATES OR MAINTAIN ADVANCED
PROTECTION.
- I DID REGAIN INTERNET ACCESS AND WAS ABLE TO DOWNLOAD NIS UPDATES VIA THE NORTON WEBSITE. NIS STILL
WILL NOT CONNECT AUTOMATICALLY TO THE NORTON WEBSITE.
- ATTEMPTED TO PERFORM A FULL SYSTEM SCAN WITH NIS---SCAN WAS WAY TOO BRIEF AND ONLY SCANNED A
COUPLE THOUSAND FILES I ALSO TRIED A SCAN IN SAFE MODE WITH SIMILAR RESULTS.
- WHEN ON THE INTERNET I NOTICED NUMEROUS SITE RE... Read more

A:TROJ/RUSTOK-N INFECTION--PLEASE HELP!

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 3 answers
RELEVANCY SCORE 89.6

hi guys. how is everyone doing? ive been having problems with my computer alot lately. and ive tried all sorts of things to try to fix it. it wont let me into some of my programs, for awhile it wouldnt even let me online. it kept saying i had a appcrash. and now i got a message from a site telling me i have a Troj/Rustok-N infection. i would really appreciate any help you guys can give me. here are my reports and the scan.

DDS (Ver_09-07-30.01) - NTFSx86
Run by jared at 8:30:49.40 on Fri 08/28/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3060.1249 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\... Read more

A:Troj/Rustok-N infection

Hello jrdc099, Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. **********************Note: If you already have Malwarebytes' Anti-Malware, then update, run it, then do a "Perform Full Scan"Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)... Read more

Read other 2 answers
RELEVANCY SCORE 89.6

DDS (Version 1.1.0) - NTFSx86
Run by Omikias at 2:33:06.03 on Tue 12/30/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1011 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\uTorrent\uTorrent.exe
C:&... Read more

A:Troj/Rustok-N infection

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 4 answers
RELEVANCY SCORE 89.6
A:Need help with a Troj/Rustok-N infection

Since the post is deleted, this thread is closed.

Read other 1 answers
RELEVANCY SCORE 88.4

Ive been getting redirected to ad sites when i click on links. Need to fix the problem and remove the virus.HJT ReportDDS (Ver_09-03-16.01) - NTFSx86 Run by Olena at 14:45:08.36 on Thu 04/30/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2942.1890 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\m... Read more

A:Virus infection, May be Troj/Rustok-N

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

My computer has been infected with the Troj/Rustok-N. i have tried to run mbam but the program shuts down as soon as it starts. please help with removing this.

A:Troj/Rustok-N

Hello and welcome!Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first***Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..S!Ri's SmitfraudFix Now download and run SmitFraudFix by S!Ri. run options 1 and 2. Post that report in your next reply.The report can be found at the root of the system drive, usually at C:\rapport.txt If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.

Read other 3 answers
RELEVANCY SCORE 70.4

I am running Windows XP Profession and recently I have been having ALOT of computer problems. I get tons of pop ups when browsing. If I do a google search, I ALWAYS get redirected when I click the links to a completely different and bogus site. Certain sites will inform me with a message that spyware on my computer is attacking their website, and I am unallowed to browse. The site says the virus is 'Troj/Rustok-N'. I believe I obtained the virus trying to download torrents using 'uTorrent'.

So far, I have run Ad-Aware, Norton AV, and Malwarebytes, all in safe mode, with out networking. I am unable to update ANY of my anti-virus/malware programs. Any time I try to update, I am told the download failed and to check my internet connection. I am also not even able to open Spybot S&D. I tried uninstalling and reinstalling, and it only got worse for S&D. The computer could completely install the program updates for previously said reason.

One last funny thing, I cannot open my C:\ by clicking the link. I get the error message:

"Windows cannot find 'RECYCLER\S-0-6-15-100014831-100013926-9389.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the start buttn, and then click Search."

I have also run HiJackThis and posted the log to someone who said it looked fine.

ANY and ALL help is greatly appreciated. I would really like to not have to reformat this computer.
Regards,
Chris S

A:'Troj/Rustok-N'

Hello.'Troj/Rustok-N' is not a pleasent infection to have (well any kind of infection is unpleasent), but this infection is nasty.It is related to a backdoor trojan. P2P sharing is notorious for carrying infections..Backdoor ThreatIMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.With Regards,Extremeb... Read more

Read other 3 answers
RELEVANCY SCORE 70.4

I have adaware lavasoft running but I can't get my other two programs to open and run.I ran a smitfraud report . Here it is.SmitFraudFix v2.423

Scan done at 4:03:08.97, Thu 07/23/2009
Run from C:\Documents and Settings\Frank\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 85.255.112.26
DNS Server Search Order: 85.255.112.73

HKLM\SYSTEM\CCS\Services\Tcpip\..\{41676C37-515E-4C02-854E-352A5F28A72F}: DhcpNameServer=85.255.112.26,85.255.112.73
HKLM\SYSTEM\CCS\Services\Tcpip\..\{41676C37-515E-4C02-854E-352A5F28A72F}: NameServer=85.255.112.26,85.255.112.73
HKLM\SYSTEM\CCS\Services\Tcpip\..\{648C4EDC-7A15-48C0-B3F9-F5297B7F2E2F}: NameServer=85.255.112.26,85.255.112.73
HKLM\SYSTEM\CS2\Services\Tcpip\..\{41676C37-515E-4C02-854E-352A5F28A72F}: DhcpNameServer=85.255.112.26,85.255.112.73
HKLM\SYSTEM\CS2\Services\Tcpip\..\{41676C37-515E-4C02-854E-352A5F28A72F}: NameServer=85.255.112.26,85.255.112.73
HKLM\SYSTEM\CS2\Services\Tcpip\..\{648C4EDC-7A15-48C0-B3F9-F5297B7F2E2F}: NameServer=85.255.112.26,8... Read more

A:Troj / Rustok-N

Hello Frank7777,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. If MBAM (Malwarebytes) will not install, please rename the installer mbam-setup.exe. Example: newtool2.exeProceed installing the renamed installer of MBAM. If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool4.exe, double click newtool4.exe to proceed in running a Quick scan.. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log. * If you dont have Hijackthis installed, then do this: Download HijackThis here: http://www.trendsecure.com/portal/en-US/th.../hijackthis.php ... Read more

Read other 37 answers
RELEVANCY SCORE 70.4

I have a Troj/Rustok-N on my computer at work... I have Windows XP (I think)... Need someone to help me one step at a time... Someone with patience I'm hoping this trojan is what makes my computer slow and will also rid my internet from Pop-ups... Please help....

A:Troj/Rustok-N

Please follow the instructions you have been given here: http://www.bleepingcomputer.com/forums/ind...t&p=1121501This topic is closed, to avoid confusion and multiple replies.

Read other 1 answers
RELEVANCY SCORE 70.4

how do i remove this virus? i was on a site and it said i cant access it because of this trojan. but my updated mcafee isnt detecting it? wut do i do?

A:Troj/Rustok-N

Hello and welcome please run these next,if possible. If you have Spybot installed temporarily disable it.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be ask... Read more

Read other 1 answers
RELEVANCY SCORE 70.4

I am running MS Windows XP - version 2002. I have a Pentium® 4 CPU 3.00GHz
3.16GHz, 1.00GB of RAM
The following problem has occurred using both Internet Explorer 8 or Mozilla Firefox.

Some websites have not allowed me access and informed me that my computer is infected with 'Troj/Rustok-N'. I have been trying to re-install my McAfee Anti-Virus/Internet Security Software, but have been unable to do so. When I attempt to download the software, I get the following message...

- Internet Explorer Cannot Display the Web Page
- It appears you are connected to the internet, but you might want to the internet (typo is on the message displayed)
- Re-Type the address
- Go back to the previous page
-Most likely causes:
- You are not connected to the internet
- The website is encountering problems
- There might be a typing error in the address
-More info

Needless to say, I am connected to the internet, there is not a problem with the way the address has been typed and McAfee website is not encountering a problem. I have also tried to download AVG and some other Anti-Virus softwares, but get the same error screen.

I have turned off my firewall, but it did not do any good. I did a full scan of my computer with the Ad-Aware Anniversary Version (the latest), and it cleaned out several infections, but still have not been able to download my anti-virus software. I need help getting rid of this virus and think it may be what is causing me to not be able to downl... Read more

A:Troj/Rustok-N

Hi angelmom_06 and welcome. Please run these 3 tools next.S!Ri's SmitfraudFix part 1..Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmNext run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Follow with MBAM:Please download Malwarebytes Anti-Malware (v1.32) a... Read more

Read other 17 answers
RELEVANCY SCORE 70.4

When I visit certain sites I get this message: "Your computer (IP: XXX.XXX.XXX.XXX) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'"

The thing is I Believe I've had it for some time but just really found out what it is i got some other program like windows live onecare to destroy the winifighter i got to supposedly destroy it. but my sites are still getting redirected I still can't update none of my other software.I've tried downloading Spyware doctor but can't update to run nor activate Malwarebytes at all.I tried downloading hijackthis but my computer just shuts down.

I can't fix on my own can someone help

Thanks
Mariojukjuk
DDS (Ver_09-06-26.01) - NTFSx86
Run by Marell at 15:20:30.59 on Sat 07/18/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2036.1213 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: K7AntiVirus *On-access scanning enabled* (Updated) {51AA8441-E1FB-11D8-B3A1-0080482CAD47}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: K7AntiVirus *enabled* (Updated) {FE6A0ADD-5EC4-46C1-8DF2-6C72E32A4B71}
FW: K7FireWall *enabled* {51AA8440-E1FB-11D8-B3A1-0080482CAD47}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\Wind... Read more

A:I Believe I Have Troj/Rustok-N.....Help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

I tried going into a couple of sites where the trojan virus TROJ/RUSTOK-N stopped me from entering the site... This is my first time encoutering a virus... nonetheless a trojan... I'm on a computer at work and need this virus taken oiut ASAP... Can someone PLEASE help me... I've noticed people having to go through this really long process... which I would dread doing but desperate times call for desperate measures... ya know!! I have Norton installed in my computer... Also from checking out some web pages I followed some instructions and downloaded Malwarebytes and Hijackthis... I dont even know what to do next... Please please please... somebody help me...

A:Troj/rustok-n

Hello and welcome.. Let's run these. If you would diable Norton for the time of these scans that may get us a better log.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Follow with MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start ... Read more

Read other 18 answers
RELEVANCY SCORE 70.4

I've been getting redirected alot and lots of popups. I went to a website and I couldn't access because it said I have Troj/Rustok-N. Here's my log, thanks for any help in advance:
DDS (Ver_09-01-19.01) - NTFSx86
Run by Damian at 23:18:51.89 on Sat 01/24/2009
Internet Explorer: 7.0.6000.16764 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.3062.2058 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkR... Read more

A:Troj/Rustok-N

Hi,

If you still need help with this post a fresh dds report, please.

Read other 2 answers
RELEVANCY SCORE 70.4

I have a virus that calls itself Troj/Rustok-N...some web sites i get on tell me that my cpu is infected with this.....also i am unable to update my security software and i cannot access my harddrive by double clicking it....(but i know how to get in) i am also unable to do a system restore because it will not let me click the next button.
can someone help me? i did do various scans and they were not able to find anything i have logs

Thanks

A:Troj/Rustok-N

Hello and welcome, I am moving this from XP to the AM I Infected forum as we have malware.Can we run MBAM and get a log?MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives... Read more

Read other 7 answers
RELEVANCY SCORE 70.4

Problem solved. thanks anyhoo

I received this when going to a pornography website "Your computer (IP: xxxxxxxxx) generates attacking our servers DOS requests. This attack was provoked by the spyware/virus named 'Troj/Rustok-N' ". Spybot won't open up or update. Spyware doctor also will not update. Hijackthis will not run. SDfix reports no trojans. The only noticible problem i've received has been from links on google not loading. It goes to a white screen in the browser and if I reload it, it goes back to the original search. Links to websites on google will usually work on the second attempt. At this point I am desperate because I have tried all common methods for the detection and removal of this trojan. It's beyond my league now so... here goes:
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\s27xqcna.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin ... Read more

A:'Troj/Rustok-N'

Problem solved. thanks anyhooThank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.In case you experience any problems with the computer, please start a new topic.Happy computing,Orange Blossom

Read other 1 answers
RELEVANCY SCORE 70.4

A lot of youtube website-like are saying this to me:

Your computer (IP: 24.***.***.**) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.

We strongly recommend you to run your antivirus edition and, if necessary, check it for the latest updates available.

You may also download recommended software, which has been approved by a number of our surfers who encountered the same problem and used this software to overcome it.

We apologize for the inconvenience, and hope we'll see you again on www.xvideos.com

Find more comments on the software at: aumhaphpbb.com
The "recommended software" was Winiguard fake anit-virus that I succed to remove with "Malwarebytes' Anti-Malware".
But after using AVG, adaware spybot or Malwarebytes' Anti-Malware, I still cant find that 'Troj/Rustok-N'.
First time I'm using Hijackthis sor here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:30, on 2008-12-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WIN... Read more

A:Troj/Rustok-N

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

I've been infected by Troj/Rustok-N
I am not sure how to delete it. Every guide I find has a lot of recommended software downloads, but none of them seem to work. I tried:
Malwarebytes' Anti-Malware
AVG
Avast
SUPERAntiSpyware

None of them will even run, some won't even install. What do I do?

Windows XP Home SP3

A:Troj/Rustok-N Please Help!

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs ta... Read more

Read other 3 answers
RELEVANCY SCORE 70.4

This one should be an easy one for you guys here. I am aware of what it does, but what I do not have knowledge of is a guaranteed, free program that will remove this, spyware doctor is out of the question as it can not smart update, and thus run, so I need something else that will work at the same caliber.
Thanks.

A:Troj/Rustok-N

Hi 1chains1 and welcome to BC As this is a rootkit, it will take several scans to be sure you are clean. Also, I would advise you to change web used passwords on a known clean computer.Our first step:The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Please rename the downloaded file mbam-setup.exe to winlogin.exeDouble-click on winlogin.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan bu... Read more

Read other 9 answers
RELEVANCY SCORE 70.4

When I visit certain sites I get this message: "Your computer (IP: XXX.XXX.XXX.XXX) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'"

The thing is I Believe I've had it for some time but just really found out what it is i got some other program like windows live onecare to destroy the winifighter i got to supposedly destroy it. but my sites are still getting redirected I still can't update none of my other software.I've tried downloading Spyware doctor but can't update to run nor activate Malwarebytes at all.I tried downloading hijackthis but my computer just shuts down.

I can't fix on my own can someone help

Thanks
Mariojukjuk

A:I Believe I Have Troj/Rustok-N.....Help

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do ... Read more

Read other 23 answers
RELEVANCY SCORE 70.4

Have downloaded Spyware Doctor, but it can't seem to update (I read the trojan blocks Spyware removal programs?).

How do I go about removing it?

Tah,
jgb99

A:Troj/rustok-n

Hello jgb99 and to BleepingComputer!Lets see if we can get a bit more information on what problems/infections you computer may have.Can you please explain to me what complains do you have, pop ups/errors/problems with system performance?Lets do also a scan.MALWAREBYTES ANTIMALWARE-------------------------------------------Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" opt... Read more

Read other 13 answers
RELEVANCY SCORE 70.4

yea it basically won't let me watch videos and says i have Troj/Rustok-N. I did the dds scan thing and ill attach the results

A:Troj/Rustok-N

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. You are missing one of the DDS logs. If you did not save it, try that again. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and ... Read more

Read other 1 answers
RELEVANCY SCORE 70.4

Just got the infection, dunno what to do, i did a smit scan and got this, also maywarebytes is not working for me.
SmitFraudFix v2.417

Scan done at 4:54:00.65, Mon 06/01/2009
Run from C:\Program Files\Dell\DellDock\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? DNS Before Fix

HKLM\SYSTEM\CCS\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{13E021B3-6C39-4435-... Read more

A:Need help with Troj/Rustok-N!!!

Please post the information you sent via PM.

Read other 9 answers
RELEVANCY SCORE 70.4

I got a nasty virus by this name that my AVG doesn't detect. Is there a way I can get rid of it? When I try to go to any websites pertaining to removal (such as spybot) I am redirected to an error message. and it is the same 'error- server cannot be found' message for all those sites. but most websites function normally, not all though.

I also mistakenly downloaded winbluesoft to try and get rid of the first one, but now that program seems to be inhabiting my computer as well. I looked at the tutorial on this site about removal of it and downloaded malwarebytes anti-malware and it installed correctly, but my computer is unable to launch the program. when I click on the icon it just does nothing (after proper installation).

A:troj/rustok-n

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopme

Read other 1 answers
RELEVANCY SCORE 70.4

First of all I must say that I'm relatively new to PC's. I know how to manage and get around on them but have used a mac for most of my life so dealing with malware/spyware on a PC or security in general is completely new to me. Anyway, so I got a new Dell Laptop running on Vista, just started using the internet today, and already am getting messages saying my IP Address was infected with Troj/Rustok-n. The limited research I did said it was a bogus infection but that it meant I was infected in some other way or something? I guess it was trying to redirect me to some other site to have me download more malware? I'm not really sure. Many sources seemed to recommend me using HiJackThis... So I downloaded HiJackThis and ran a scan, I'm not sure which items to check/fix and dont want to screw anything up? Please help. Here is my report:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:28:25 AM, on 8/24/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (###)Boot mode: NormalRunning processes:C:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Dell Remote Access\ezi_ra.exeC:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exeC:\Windows\SysWOW64\RunDll32.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exeC:�... Read more

A:Troj/Rustok-n

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

Hi I think my computer is infected but when I scan the computer with norton it only shows up 1 tracking cookie. When I seach google and then press on links they get redirected to other pages. Sometimes messages pop up wanting me to download virus programs. when I went on youporn this message came up Your computer (IP: 96.23.96.185) generates attacking our servers DOS requests. This attack was provoked by the spyware/virus named "Troj/Rustok-N".

I have tried to download Malwarebyte's Anti-Malware but when I download it and try to start it nothing happens. Sometimes when I to download the program from other sites it will not let me. When I start the computer up 3 messages pop up in boxes telling me they couldn't find the link in the library.

Just wondering what I should do now.

A:Troj/Rustok-N

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check only the Files box: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Read other 1 answers
RELEVANCY SCORE 70.4

how do i get rid of this? please please help. my dns is messed up and i cant really look anything up plus i dont have the hardware to reformat my hd. heres the scan from dds

DDS (Ver_09-01-07.01) - NTFSx86
Run by Sam at 20:44:28.16 on Wed 01/07/2009
Internet Explorer: 7.0.6000.16757 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Ultimate 6.0.6000.0.1252.1.1033.18.958.401 [GMT -8:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: Norton AntiVirus *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\PostgreSQL\8.3... Read more

A:Troj/Rustok-N

Hello turk928,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Attention!Please do not run any other tool untill instructed to do so.Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.Please reply to this thread, do not start another.You might want to save this page on your bookmark, so you can find it again when you return.Firefox: Then click on Done.IExplorer: Then click on Add.Stay calm and everything will be just alright.I will be analyzing your log. I will get back to you with instructions after it is approved.Could you attach the attach.txt? If you didn't save it, you can rerun DDS.Question:Did you changed anything since previous post? How is the current condition of your computer?
Is this only computer you have or theirs another computer we can eventually use.
Do you have a Windows installation CD? Not that we need it now, just in case.With Regards,mas_pogi

Read other 4 answers
RELEVANCY SCORE 70.4

Please help!!! Losing my mind. No antivirus or any spyware seems to help.
DDS (Version 1.1.0) - NTFSx86
Run by Admin at 22:06:54.81 on Tue 12/30/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1426 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\... Read more

A:Troj/Rustok-N

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

we picked this troj/rustok-n up somewhere but when on different video sites i get the error
Your computer (IP: xx.xx.xxx.xx) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.

have tried malwarebytes, panda antivirus, kasperski, and avast with no luck finding this thing. we are running vista on a laptop. What should be the next step.

A:troj/rustok-n

Hi,please run part 1 S!Ri's SmitfraudFix Disable SpyBot first if running.Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 1 answers
RELEVANCY SCORE 70.4

how do i get rid of troj/rustok-N any help please let me know and i have vista

A:how do i get rid of troj/rustok-N?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

Read other 1 answers
RELEVANCY SCORE 70.4

When I go to "certain websites" I get a message that says this:
Your computer (IP: 99.178.226.120) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'
I have run my anti virus program (AVG FREE) and it doesn't show me anything. My AVG is out of date, when I try and update it, it says that it couldn't connect to the update server.

Here is my DDS log:
DDS (Ver_09-01-19.01) - NTFSx86
Run by Addison at 12:19:52.70 on Tue 01/27/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.1977.913 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Window... Read more

A:Troj/Rustok-N

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 3 answers
RELEVANCY SCORE 70.4

Every so often, sites that I am trying to access will not display the page that I requested, but instead give me this:


Quote:




Your computer (IP: [MY IP]) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.

We strongly recommend you to run your antivirus edition and, if necessary, check it for the latest updates available.

You may also download recommended software, which has been approved by a number of our surfers who encountered the same problem and used this software to overcome it.

Make sure your computer is protected before continue browsing. Without this antivirus software your computer becomes a pushover for hackers.

Leaving computer unprotected may lead to:
- Computer performance slowdown and operating system crash
- Serious drop of traffic caused by hidden advertising
- Leak of personal and credit card information
- The inappropriate use of your personal photos by web sites
- Using you machine as a source for spam spreading
- Infection spreading to other removable devices such as memory cards, writable CD and DVD disks
- Getting your cell phone infected through USB. The first sign of infection in your cell phone device will appear as sms-messages sent to paid numbers
- etc

Make sure you us... Read more

A:Troj/Rustok-N?

Hello and welcome to TSF.

HijackThis is not used as the initial scanning tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 70.4

I believe i have a virus /malware/spyware (or an easier way to say would be an infection) on my computer. I suposeidly have Troj/Rustok-N but my antivirus isnt doing anything to get rid of it. I am using avast! antivirus. I downloaded WiniBlueSoft to try to delete it but all its doing is telling me i have the virus and cant get rid of it because i have to buy it and now im getting spam messages from this. So here is my hijack this log and i would appreciate any help i could get. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:30 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\P... Read more

Read other answers
RELEVANCY SCORE 70.4

Guess I've had this for a while, since its causing browser redirects. Ran HJT a few times, cleaned it up. Got rid of some 017-HKLM files.Any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:36:15 AM, on 5/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\wudfhost.exeC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap... Read more

A:Troj-Rustok-N

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh hjt log, please.

Read other 2 answers
RELEVANCY SCORE 70.4

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2009 4:29:08 AM
System Uptime: 5/17/2009 2:34:58 PM (29 hours ago)

Motherboard: XFX | | XFX Nforce 680i LT
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 156 GiB total, 133.411 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&51
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&90
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_C55E10DE&REV_A2\3&2411E6FE&0&90
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT... Read more

A:Troj/Rustok-N

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

I think I got this nasty bug and would appreciate your expertise. I'm including my HJ logfile below. So far I can't update norton or spybot definitions so I feel like Im stuck.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:27 AM, on 2/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilt... Read more

A:Troj/Rustok-n

Read other 16 answers
RELEVANCY SCORE 70.4

ok so i have troj/rustok-n. I scanned w/ malware bytes heres log i removed and quarantinedMalwarebytes' Anti-Malware 1.33Database version: 1654Windows 5.1.2600 Service Pack 32/19/2009 10:00:08 PMmbam-log-2009-02-19 (22-00-08).txtScan type: Full Scan (C:\|)Objects scanned: 96777Time elapsed: 39 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 8Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70eb0798-8c6a-4cf6-b0bf-23caef0941f4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70eb0798-8c6a-4cf6-b0bf-23caef0941f4}\NameServer (Trojan.DNS... Read more

A:troj/rustok-n

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 3 answers
RELEVANCY SCORE 70.4

Hello Tech Support Guy(s),

I am having some difficulties with random redirects, namely when I click on links via search engine (google, yahoo, about, etc) I end up seeing webpages that I did not request. Also, once I can finally access these pages, I get messages saying that the website cannot allow me access because my computer will harm the website because of something called "Troj/Rustok-N." The message usually goes as follows:

"Your computer (IP: 70.230.239.130) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N'"

I recently dowloaded HJT to rid my computer of this program called "resycled\boot.com" but my Norton antivirus software seemed to have gotten rid of it, but my computer is painfully slow and will sometimes not even boot. I know this is not what your looking for as stated by the site rules, but...I'm desperate. I'm a student and I need my computer, so please do what you can with this or tell me what I should do otherwise.

Thank You,
Aleksandr

* * * *

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:54 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\W... Read more

Read other answers
RELEVANCY SCORE 70.4

Hey Guys. I got boned pretty hard. heres the DDS.

As for the problem itself, I got several emails from my college internet provider saying that I was infected, but I ran avast, McAfee, adaware, avg, and kaspersky. they all came up negative. Then I went on a few youtube-esque sites and they said I was infected with something called "Troj/Rustok N" and then they recommended winiguard.

any help would be appreciated!
DDS (Ver_09-02-01.01) - NTFSx86
Run by Joe Kim at 13:10:02.67 on Tue 02/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1392 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC�... Read more

A:Troj/Rustok N

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

Okay, trying again. Every so often, sites that I am trying to access will not display the page that I requested, but instead give me this:

Quote:




Your computer (IP: [MY IP]) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.

We strongly recommend you to run your antivirus edition and, if necessary, check it for the latest updates available.

You may also download recommended software, which has been approved by a number of our surfers who encountered the same problem and used this software to overcome it.

Make sure your computer is protected before continue browsing. Without this antivirus software your computer becomes a pushover for hackers.

Leaving computer unprotected may lead to:
- Computer performance slowdown and operating system crash
- Serious drop of traffic caused by hidden advertising
- Leak of personal and credit card information
- The inappropriate use of your personal photos by web sites
- Using you machine as a source for spam spreading
- Infection spreading to other removable devices such as memory cards, writable CD and DVD disks
- Getting your cell phone infected through USB. The first sign of infection in your cell phone device will appear as sms-messages sent to paid numbers
- etc

Make sure you use effective ant... Read more

A:Troj/Rustok?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have three antivirus programs installed and running, AVG, Comodo, and Spyware Doctor. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the others via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 70.4

I'm sure one of the first steps is to post a hijack log, which i can't do; unfortunately. I can't open IE, Hijackthis, any sort of folder (My Computer, System 32, Documents and Settings, Control Panel, etc) I used the Task Bar Manager to get as far as My Computer and then it automatically freezes up once i hit the Local Drives. I'm almost positive it's something of the sort of "Troj/Rustok-N" but also, in retrospect i did download what was supposed to be a PS4 patch from download.com and it was actually WiniGuard? Or something to that affect, like a psuedo-virus software that's actually malware. Originally it renamed one of my files "wininet.dll" and then i had trouble starting up. I've fixed that and replaced the file and i thought i got rid of it all together but now what i mentioned before is happening along with a pop up that comes ever so often with very odd grammatical errors (i'd give you a screen shot but that's not working either.)

//

Microsoft Windows

Your computer is low on Memory!

It can happened because this computer is infected by viruses. Save your files and press "Close programs" button. You must install any anti-virus software and check this computer!

//

I realize it's pretty much impossible to help without a log or access to programs; but it's a school laptop so i don't have any sort of disk to wipe the memory or re-install the drives. (and i'd really like to get back to my work before the next couple weeks it... Read more

Read other answers
RELEVANCY SCORE 70.4

I don't even know what it is.. I only get it when trying to use IE with ww.redtube.com.. yes I'm a porn addict sry

A:'Troj/Rustok-N'

Hello.I don't even know what it is.. I only get it when trying to use IE with ww.redtube.com.. yes I'm a porn addict sryPornographic sites, cracks, keygens etc... are notorious for carrying malware infections, browser hijacks etc... Some may not, but I can say 99% do. It would be best if you format/reinstall your computer now as it's probably compromised now...I will not help you if you continue to go to sites like that. You will just be re-infected again and that will be a waste of my time and other experts time when we could be helping someone else that would understand and follow the rules, so we can clean them up so they can go!I would like you to reply back telling me you understand this and follow my instructions. If not, then I will not be helping you. If you would like to continue, please follow the instructions on the Preparation guide before running Hijackthis.With Regards,Extremeboy

Read other 3 answers
RELEVANCY SCORE 70.4

i have had Troj/Rustok-N in the past but now i think i have a new type in the past i just got rid of it with combo but now it dosnt workLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:17:06 AM, on 5/9/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - H... Read more

A:Troj/Rustok-N need help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

I've been to a few places trying to get rid of this can you guys please help me???

A:I need help with Troj/Rustok-N please help

Never mind. I am pretty sure I got Rustock and a few other baddies out of my system. Thanks to anyone who was going to help.

Read other 2 answers
RELEVANCY SCORE 69.6

I dont wanna waste ur precious time guys.

1. I use IBM R50E wtih 40gb , 256mb ram, 1.6ghz intel M.
2. Using avast! 4.8
3. Avast! did find a problem in my memory asked me to run the program at kind of saf mode(?) i said ok, it moved some trojans to the chest.
4. It couldnt remove,repair,delete e.tc. 2 files. these were c:/....mozzila firefox/iamfamous, and a .tmp file that i cant remeber now. SO I BASICALLY CHOSE TO IGNORE those 2 infections.Cause it didnt allow me to delete,repair e.t.c

Here is the log. THANKS VERY MUCH FOR YOUR help without any benefit !

A:Troj Rustok- N (LOG POSTED)

no help ?

Read other 3 answers