Win32/Loodok!generic.2 - Need Help!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by demon1300, Apr 22, 2008.

  1. demon1300

    demon1300 Private E-2

    Guys,

    My brother has given me his PC recently as it ammounted quite a number of viruses etc. I decided to blow away the machine, and full format it.

    Now upon re-installing windows, ive gotten to installing Java and it appears that my antivirus (VET by CA) has picked up this:

    Win32/Loodok!generic.2

    Now it says that its located here

    C:\documents & settings\%username%\local settings\Temp\nsjiE.tmp\System.dll

    This seems to be displayed when ever i try and run an executable, and is really pissing me off because i can't install AVG, Spybot etc to get rid of it.

    I've done a quick hijackthis log and also ran combofix, but that's about all i can come up with. Hopefully somone can help me with the info provided.

    Hope to hear from someone shortly!!
    Cheers, Rob
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    This is definitely not the place to install HJT: F:\Antivirus\HiJackThis.exe

    Please uninstall HJT as it will be properly installed when you do the following:

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. demon1300

    demon1300 Private E-2

    i didn't think that it mattered where HJT was run from? It was run of a USB key. Would this have any effect on teh scan?

    I've followed as much of the requested guide, its just that i can't scan anything becuase i can't install it!! All .exe's error and won't run.

    Cheers, Rob
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    HJT should be downloaded to C:\Program Files\HJT\analyse.exe .....malware can hide from it if not renamed.
    What happens if you try to remove:
    C:\documents & settings\%username%\local settings\Temp\nsjiE.tmp\System.dll

    ComboFIx downloads to your desktop....will that not run?

    Can you get on the web ---if so, Go to Bitdefender agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

    Click-on the Detected Problems tab. Then select Click here to export the scan report

    When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds