Gen-Nullo Trojan

Not sure what is going on with my system. But this is my second cry for help in less than two weeks. My logs are usually clean. The only change that I did make was to change from using Avira to AVG. So I'll start from there.

Yesterday AVG ran a full scan and it came up clean. No alerts went up during the entire day/night showing that it picked anything up. This now makes me now pleased with AVG. Last night I ran SuperAntiSpyware before going to bed...and let it run. This morning is showed that it had found a the Trojan Gen-Nullo and that it needed to be removed. I kept a log of that on desktop. Strange that AVG didn't pick that up. So I ran a scan of that folder and it did not pick it up. The log is clean. So I removed the Trojan via SuperAntiSpyware. I use MalwareBytes but on occasion (once a month) will run SuperAntiSprware to see if MB has missed anything. 99.9% of the time both of those logs are clean maybe except for a few trackings.

After AVG missing it I wasn't completely comfortable that it was completely gone so I ran the Malware programs and the logs are attached. I am attaching the SuperAntiMalware logs also. So things have shown on the logs that look like they need attention.

I am super careful where and what websites I go to...and especially what is downloaded. The only time (which is very rarely) I download anything is via Download.com and I always run the antivirus on it before I open it. Everything is up to date and ran on a weekly basis.

This is what SuperAntiSpyware found which I'll attach first and then the required logs.

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D3A05601-4E56-4A91-B0A1-2109F59F571B}\RP3\A0001063.EXE

 

Attached required logs.
The computer is a Dell and Windows XP and browser is Comodo Dragon.

Also since this morning I've been getting a pop up that states in more or less terms...Reminder, your computer is not backed up. There is a link to do so, I guess, but I just close it. I've never seen it before and I have a pop up blocker on. There is no company logo associated with it.

There was no TDSSKiller log as it showed nothing. Unless I'm not looking in the correct place for it. I found a folder with a few but they are marked quarantined.

 

Tim
Thanks for replying so quickly.

I ran Hitman Pro again but was unable to fix anything. The trial license has expired.

I did not do the system restore as I wanted to wait to hear from you.

The pc is running very slow. Pages are loading at a snails pace which was not the happening before this got onto the machine. As I stated I use Comodo Dragon and on my very old pc it's very quick unlike the other browsers.

I did uninstall AVG and used RevoUninstaller to remove everything that came with it. If it let that trojan through I'm not pleased with the performance.

 

Wasn't sure if you needed a copy of the current scan from Hitman. Attached.

Also I am still getting pop ups for :back up: Latest one states that my PC has free back up space. Click here! Of course, I just closed that down.

 

Managed to run what you requested but no without issues.

While running OTM a window popped up stating that it couldn't create:C:\Windows\System32\drivers\etc\Hosts. Otherwise that went without issue.

Here is the info you requested from those logs.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\81ZQH52N\SPSetup[1].exe not found.
File/Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit not found.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Folder move failed. C:\Program Files\Conduit\CT3306059\plugins scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Conduit\CT3306059 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Conduit\Community Alerts scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Conduit scheduled to be moved on reboot.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Then the next issue was I disabled System Restore and rebooted and went to enable and a screen popped up...stating it encountered a error. The screen closed so quickly I didn't catch everything but it was something to do the drivers and suggested I reboot again. I did and was able to enable.

Ran Hitman Pro and was unhappy to see that it found more this time than on the first logs.

Attached are the logs you asked for. Except I'm not seeing a log file for OTM. I have a folder named MovedFiles and there are folders inside of that. I have clicked and open each one and none of them have a log. Unless I'm not looking in the correct place. I attempted to upload the entire Moved Files folder but it wouldn't allow that. I'll keep looking and if I find it, will attach.

As far as the pc running. It's very slow to load after reboot. Once the Windows XP screen appears it turns black for what seems to be a minute or two, then goes to the Windows screen and slow loading.

Another issue is on the desktop or attempting to click on a program on the start menu...they are almost refusing it open and when they finally do it's taking forever.

Also I need to search for folder and while the search was running it put shortcuts of almost everything in the search.

Thanks for your help and time.

 

TimW

Update for the last post.

"Except I'm not seeing a log file for OTM."

I just found a screen behind my browser that states there was a error and no logs were created. So I guess that explains why I couldn't find them.

 

Ran both programs and that went smoothly.
The logs look good.

Attached.

Again thanks so much.

 

File is deleted.

Everything seems to be running 99% better, everything is loading quicker and folder's are opening all of which were a issue.

The only lingering issue and I don't know if it's related to what was going on. My desktop icons disappear and come back. For example if I minimized the browser the icons will disappear then come back a few at a time.

Otherwise everything seems to be running super. I've been on the computer for a good amount of time today and no issues other than the icons.

One other thing was I had uninstalled AVG when this issue began, mainly because I was annoyed that it missed finding this Trojan and installed Avast but had to change back to AVG as the Avast was bogging down my very old and short of memory computer. So that was a no brainier as far as issues though I prefer using Avast over AVG.

I can't thank you enough for all your help and guidance and especially patience.

 

Carried through with the rest of your directions.

Will post in the software forum if the issue continues past today.

Again, thank you. You and your staff provide a invaluable service and I'm more than grateful to be able to use it when necessary.

Have a great week.

 

TimW

The computer is running fine with the exception of constant "page not responsive". It was a ongoing issue with Firefox and Chrome so I switched to Comodo Dragon which was much quicker and that issue seems to be gone but has now reared it's ugly head.

I have a question, as you were so helpful in getting my machine clean. Usually when I run MalwareBytes or SuperAntiSpyware they come up clean or will have a few tracking cookies.

When the Gen-Nullo was discovered it was found by SuperAntiSpyware and the AVG has missed it. I had always used Avast but my computer is "vintage" and memory is a issue but right now a new computer is out of the question. I found that Avast was bogging down the pc so I switched to AVG and it doesn't seem to interfere with it as much.

Last night I set MalwareBytes up to do a full scan so it would be complete by morning and it found 24 PUP's. I was amazed...and now I'm wondering if it has anything to with AVG or not. I surf very safely, don't download anything (especially music/video's)and if I do on a rare occasion always check to see if it's clean of virus/or malware before I open it and I usually go to the same websites.

Is there a way to keep this stuff from getting on the computer or could it be AVG is missing things? Seems strange to me that all this has occurred since using it a few weeks ago. I've attached the files from the scan just in case you needed to see them.

Thanks.

 

Thanks for replying so quickly.

Sorry I should have stated that I had MBAM fix what it found.

I ran Junkware Removal Tool and it found one item to delete. I'm clueless at to what is or how it got on the pc.

Running a follow up MBAM and will post what it or if find anything.

 

I ran MBAM and it came up clean. Have attached.

Any ideas why suddenly my computer seems to be getting hit? The only change as I said was going from Avast to AVG and not sure if that is the issue, that maybe AVG is missing things it shouldn't.

I surf safely, don't download and basically go to the same sites. The AVG is always enabled and I run MBAM and CC Cleaner weekly. I also have SpywareBlaster installed and keep it up to date.

 

chaslang
I'm well aware of what the logs showed and I would doubt that they lied. That was never in question. It's one thing to knowingly install stuff on your computer without knowing your are asking for trouble/issues.

So in my defense I will have to say they were installed unknowingly. As I stated more than once, I don't download music, video's, games and any other programs. The only programs I install are those that are recommended for the safety of the computer. And as I stated, I always run my antivirus and MABM on the files before I open them or anything else. I don't click on links in emails or on websites that I don't trust 100%. Actually about the only thing I do download are digital images to color and they are always from a trusted site and I always run my antivirus and malware program before opening even though I have been purchasing them from this person for years, you just never know what could be on another persons or companies computer/files.

As I also stated it seems strange that these infections appeared after I changed from using Avast and installed AVG, from Download.com, made sure the files were clean before I opened them, that the issue started. In fact, as I stated, AVG missed these completely. It could be a coincidence or not but it's strange that these two events started after using AVG and the Trojan was not picked up by AVG.

I've never heard of TopArcadeHits, so I know I did not install that on my computer. I will search my history to see what sites I went to on the days you have stated to see if I can get to the bottom of how this got on my computer. As I stated, my logs are usually clean except for a few tracking cookies. As far as what logs were attached or not, I attached the two logs that were requested by TimW. I didn't attach any further logs, as they have not been requested and I was not having computer issues that made me suspect that more malware had been installed. I was waiting for his next reply to see if he was going to suggest running anything else.

 

Ran and logs attached.

 

chasling
Thank you for taking the time to explain this. It now makes more sense and though I appreciated the service you provide greatly, the last you and your staff want to see if people coming back for the same issues constantly.

I'm more than convinced this issue of repeat infection started with my choice of using AVG and their Safe Search.

Perhaps you could suggest a free antivirus that is free of this malware but won't bog down my "vintage" computer. It is low on memory but replacing the computer anytime soon is out of the question and I don't know if it's worth spending money to add more memory. I do notice the op out on a great deal of programs and always make that choice.

Ran the suggested programs and logs attached. Move It was ran successfully.

I was amazed to see how much you wanted OTM to move. This and all the other programs were run when I found the Gen-Nullo, how come they weren't picked up then?

Everything seems to be working fine except my constant page not repsonsive which is a never ending issue no matter what browser I install.

 

Well I've tried every other protection software, I guess it wouldn't hurt to try this and see if it doesn't bog down the computer as much as the others. Nothing to loose by trying it.

I think it's at least 10 years old and other than the lack of memory everything else runs great. I just don't know if it's worth it to invest in adding memory. And replacing the computer is not on my list of I can afford this, right now. It now makes more sense why I constantly get the "page unresponsive error"...just not enough memory. They are making online time painful, as I can get hit with 20 just while trying to read a email. I've asked several people on forums about this issue and they all had a different explanation.

Thanks for explaining and taking the time to help with my performance issue. I was thinking it was malware connected and that alarmed me, so I thought I would ask.

I don't see any other issues so completed what you suggested.
Again, thank you and TimW for all your help and for going the extra mile to explain some things that I was confused on.

 

TimW
I will check that out and see what it states about my computer. My only concern is the advanced age of the computer. It is really worth invested any money into...but if added some Ram would alleviate the issue with it being so slow it would be worth it.

Thanks.
Sande

 

I will check and see about the hard disk tests.
It's actually only about a year maybe year and half old. I had to replace the original one and did that myself.

I did check Crucial and it's not nearly as costly as I had thought. 1GB is $25, so that really could be a option that I can handle financially.

Again thanks for all your and TimW's help, it's invaluable.

 

I ran the Crucial test one more time to double check what I could order. This is the test results. So I can order 2 1GB or leave the 512MB and order one 1GB. With the age of the computer and issues I've been having with performance, I ordered two 1GB's.

Thanks for all your help and suggestions.

Memory Type: DDR PC2700, DDR PC3200, DDR (non-ECC)
Maximum Memory: 2GB
Currently Installed Memory: 512MB
Total Memory Slots: 2
Available Memory Slots: 1

 

Good to hear.

After I get the new RAM installed, I'll post and let you know how things are working.

I also took your advice and ran a test on the hard disc and it past 100%, temp was 42 and it found no errors on it. So that was good news.

Have a great weekend.

 

Re: Gen-Nullo Trojan Update

chasling and TimW

Ordered the new memory and it arrived today. To start I am not on the computer that has been having the issue, I had to borrow my grand daughters. As I had installed a hard drive and replaced the DVD drive in the computer I wasn't uncomfortable opening the machine and installing the new memory.

It couldn't have been easier and it took seconds to complete. Shut the pc and while I had it disconnected, gave it a clean with the canned air I always use. Hooked all cables back, turned the pc on and from there it went downhill...from a slow machine to no machine.

Sorry if this is long but I said I would update you. The Dell screen came up, a black screen came up and stated that a change in memory had been detected and I'm like, Yes! It worked. From there a black screen came up stating that the Primary Drive was not detected, press F1 or F2 to set up. I pressed F1 and it went to the screen asking what Windows you wanted to us. There was only 2 options...debugged or Windows XP Home Edition. Though there use to be a 3rd...last known configuration, that was missing. I chose Home Edition and expected it to go to the Windows screen and load. It did not. It just sat there. I shut the pc down, rebooted and the same thing. So I'm like what possibly could have gone wrong. I simply snapped in the new memory. I shut it down again, unplugged it from it's electric source and walked away for a hour or so. Came back and powered it back up and it did the same thing. At this point I'm not happy and thinking everything that wasn't backed up is trapped in there on a machine I don't want to invest any more money in.

The hard disc were found to have no errors, I added the memory we talked about...what now. So I rebooted once again. Was finally able to get into F12 and checked everything and the only change was that it recognized the new memory upgrade. I exited out of there, got back to the Dell screen, hit F1 as suggested and a black screen appeared that states that a file in Windows is corrupted....system32 and needs to be repaired. Grrrr! So I called Dell they ran a few diagnostic tests and had me do a few other things but we've not been able to get past this Windows corrupt file screen.

Needless to say I'm not very happy, beyond pissed off and at a loss to how this happened by just adding memory. Is it just bad timing or is one not connected to the other. Dell's only suggestion was to run the installation disk (if I can lay my hands on it)and attempt to repair the corrupt file and hope that my data is not lost and I'll have a clean install.

So right now..I am without a computer. Did adding the memory have anything to do with this or is it just ironic that it happened when I installed the memory?

Thanks for any help, suggestions and should I post this in a different forum or hurl it over the balcony hoping that it doesn't land on a person or car....lol!

 

Re: Gen-Nullo Trojan+Update

Okay...the beast is alive!

I just never give up when it comes to fixing or doing things.

Let's just say it was a duh! moment that caused the issue. One should not attempt to repair their computer on the floor with a 2 year old grandson and his puppy running around. But I did...I wanted it done.

The memory sticks were in silver packages and I cut those open, opened the computer and removed the old memory. Installed one of the news one and the baby was running and tripped and when I came back I must have picked up the old one instead of the second new one.

Well it didn't work I had opened it, made sure they were seated so that wasn't the issue. So I was thinking what could have gone wrong, Windows worked perfectly before I installed it. So I opened it and removed the two new memory sticks only to discover that one was new and one was the old one..as the new ones have Crucial labels on them. Duh! So praying that I discovered the issue, made sure the two sticks were installed, put the cables back on and hoped for the best. The Dell screen came up, Windows came up! The beast is alive and hopefully much quicker. I still have to hook the router back up to it as I have it hooked to my granddaughter's laptop.

Just wanted to update you and let you know that I fixed it.

 

chasling

Just wanted to let you know after I finally got the memory installed properly, see posts before this, that the computer is super quick. Like it is new and not 9+ years old. I was really amazed after I got the router hooked back up that it is a fast as it is. I expected some improvement but not this fast. The pages are loading in a blink of the eye and I've not had one pop up stating the page is non responsive which I was having tons of every day.

The best change is that it's no longer bogged down if a program, for example AVG is updating. It was almost impossible to even go from one website to another when it was updating.

I can't thank you enough for taking the time to explain it all to me even though it was not associated with my malware issue at the time. That is going up the call of duty...and I am more than grateful for the service MajorGeeks provides free of charge. Once again, you and your team are a life saver.

I know that donations are not accepted but I did read that donations to a favorite charity are...so I will make a donation to that, it's the least I can do.

Again, thank you!

:drink are on me....!

 

And here when I didn't see you around I thought you were lucky enough to be on vacation. Too much work is never fun.

As always the recommendations from you and your amazing team are always spot on, not once have I been steered in the wrong direction or given bad advice.

Much as I like this place, hopefully I won't have to be posting anytime soon.