| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 136471 | 2014-03-03 05:59:00 | Possible Trojan? | Poppa John (284) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1369202 | 2014-03-04 04:28:00 | This looks suss O4 - HKCU\..\Run: [FAV-S] C:\Documents and Settings\User\Application Data\svc-gkgn.exe These dont have to be in startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user') If you use teamviewer often its out of date. Its up to v9 something now |
Speedy Gonzales (78) | ||
| 1369203 | 2014-03-04 05:13:00 | If I download those two sites of W's onto a usb dongle from here & try to run them on the laptop, would that work? PJ Yep you can download from a clean PC to USB drive, ( thats how all my cleaning softwree is stored) Wont let me into antispyware , malwebytes etc. Classic sign its still infected as it kills any site that has software to remove. You can try starting the computer in safe mode with networking, run from the USB drive Rkill www.bleepingcomputer.com By rights running in safe mode sometimes stops the infections from running, BUT not always. If safemode with networking doesn't work try just safe mode, but some of those programs ( hitman Pro) needs a internet connection, so use that last. Once Rkill has run, then run the programs Listed from Here (malwaretips.com) #3 onwards, BUT after running Rouge Killer. FAILING all that there is another option, combofix, but it sometimes can do damage to the system that cant be repaired. Restore doesn't always work, sometimes infections go along for the ride. yesterday morning I was doing a job, it was one of those ransom infections, they have changed them, the little %#%* no longer use a .exe file , safe mode wouldn't work, safemode with command prompt the same, Kaspersky Rescue Disk failed. Lets say there was a good fight ;) Nod32 won in the end, then had to use the other programs to clean up the leftovers. |
wainuitech (129) | ||
| 1369204 | 2014-03-04 06:46:00 | I tried System Restore & wouldnt lose it. SOOOOO....I concede defeat & I will have to take it in to an expert. The question Is tho, how much do I spend on it? This m/c given to me by Barnabas, PF1 user, has done me proud for some time. Do I call it a day & look fora new one? The low end ones start about $499. Sigh. PJ |
Poppa John (284) | ||
| 1369205 | 2014-03-04 06:52:00 | Since teamviewer is on it, run it, then PM me the ID and password. I think we need to get rid of this file, if its still in startup svc-gkgn.exe | Speedy Gonzales (78) | ||
| 1369206 | 2014-03-04 07:14:00 | Since teamviewer is on it, run it, then PM me the ID and password. I think we need to get rid of this file, if its still in startup svc-gkgn.exe Speedy..I cannot open anything. The laptop is comletely locked into this Rogue. But thanks anyway. PJ |
Poppa John (284) | ||
| 1369207 | 2014-03-04 07:14:00 | Did you try running in safe mode and then run those programs ? You dont need to replace it due to an infection. Try downloading and running that Kaspersky Rescue Disk that was suggested in post #10 Its a bootable CD so will bypass the OS ( on bootup) It also has a reg editor in it, so the entry can be removed from reg, as well as a file manager soyou should be able to simply navigate to that file speedy suggested and delete it. ( or should be able to) |
wainuitech (129) | ||
| 1369208 | 2014-03-04 08:28:00 | W..I will try tomorrow, too tired now. I think it is going to be too much for me to do, too complicated. PJ | Poppa John (284) | ||
| 1369209 | 2014-03-04 08:59:00 | If you dont want to try the bootable CD, theres one program I've run only once before, it was used to boot a computer normally that was badly infected and had a stuffed Optical drive. ( couldn't run CD's) You can try if you want,www.vipreantivirus.com download it to USB drive, boot the computer into safe mode, then plug in the USB drive, open it, and run the exe, thats it, it will do the rest. (Assuming it runs) but must be in safe mode. Assuming it runs go have a long breakfast, lunch - what ever, it WILL take a while. Vipre did have some damn good antimalware programs till they bundled a antivirus with it, then it seemed to not as good, but it should pick up that infection. If it does run, then as long as it removes that file, try running the others to make sure. Doing a proper clean out can take hours. |
wainuitech (129) | ||
| 1369210 | 2014-03-04 10:40:00 | QUOTE=wainuitech;1191191]Finally got it out when rougeKiller detected it as a fake.[/QUOTE] Jeez WT, you are bloody hard on your make-up, I didn't even know you could buy rouge killer! Maybe you meant 'rogue killer', an easy mistake to make when you are knee deep in rouge. :D Cheers Billy 8-{) ;) |
Billy T (70) | ||
| 1369211 | 2014-03-04 18:53:00 | Jeez WT, you are bloody hard on your make-up, I didn't even know you could buy rouge killer! Maybe you meant 'rogue killer', an easy mistake to make when you are knee deep in rouge. :D :lol: |
wainuitech (129) | ||
| 1 2 3 4 | |||||