|
Help: Trojan-Dropper.win32.docb Sigh... Somehow I got infected with this trojan and it's causing a lot of problems on my computer. Here is the Hijackthis log below. It seems it has infected Kaspersky itself. Is there any chance of removing this trojan without formatting? I've "fixed" a few items already. The ones below I'm not too sure about what to do with. Quote:
|
scan it in safe mode |
Boot up in safe mode and remove these with Hijackthis: F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\prog ram files\microsoft\watermark.exe O4 - HKCU\..\Run: [{4BF8A933-24A6-82F5-0DE2-5C86FA452DC5}] "C:\Documents and Settings\Kenjai\Application Data\Payp\ciwiy.exe" O4 - HKCU\..\Run: [mssend] "C:\Documents and Settings\Kenjai\Application Data\xssend2\svcnost.exe" O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe Delete the files as well. But you might be pretty much screwed. If this is the similar strain of virus that I dealt with a couple months ago that dropped the watermark.exe file, it infects all or most the .exe, .dll and .html files on your system... so even if you get rid of the stuff above, once you run one of the infected files, they'll all come back. It's a nasty mofo. If you have any .html or .htm files no your system, open one up with notepad and see if there's some strange code in there. If there is... I would personally recommend to reinstall the system. Seriously. |
^ damn that's one bitch of a virus |
Okay, I'll try the safe mode thing first, if it doesn't work then I'll format it. If I resort to that, is it safe to copy over some personal files like pics and videos? Obviously I'll avoid .exe and .dll files. |
Quote:
Seriously, this thing is one bad mother. Maybe you can burn the picture and videos to a DVD? I think that would be safer than a USB drive. |
Most of my pictures are still in raw form. It's going to forever copy to DVD's. I was thinking starting fresh in a new drive, but I'm worried that the anti-virus won't be powerful enough to stop the virus after I connect the infected drive to recover the pictures. I'm curious as to how I caught this virus. I haven't downloaded much in the past couple of weeks, but I'm not the only one that uses this computer. Everything was fine until one day Kaspersky started popping up warnings about programs that I normally trust. |
I caught a version of the Ramnit virus that was like zero-day from some Korean website... when I got it and tried researching it, there was NO information about Ramnit + watermark.exe whatsoever. My Symantec Antivirus was completely useless in stopping it, but then again, from what I read, most antivirus software is. I used information from an old strain where it dropped a file called desktoplayer.exe instead, and I was fortunate to be able to contain it fast enough so that it didn't affect any critical system .exe and .dll files. I deleted all the infected files, and my laptop has been fine since. If you search "Ramnit watermark.exe" on Google, the second link on MajorGeeks is what I wrote. |
Try this before you format, it's worked wonders for me. I've fixed 3 of my co-workers computers and my gf's laptop. Make sure you run the update before running the scan. http://www.malwarebytes.org/ |
Quote:
|
This happened to me 2 weeks ago. I tried everything, and eventually did a system restore. |
Remove System32. Posted via RS Mobile |
try combofix before formatting: http://www.combofix.org/download.php |
Combofix is useless with 64-bit OS.. :( |
| All times are GMT -8. The time now is 11:39 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
SEO by vBSEO ©2011, Crawlability, Inc.
Revscene.net cannot be held accountable for the actions of its members nor does the opinions of the members represent that of Revscene.net