Help with ntos.exe trojan

Discussion in 'Malware Help (A Specialist Will Reply)' started by cocode36, Jun 22, 2008.

  1. cocode36

    cocode36 Private E-2

    Hello, any help that people can offer on this will be massively appreciated!

    AVG recently discovered the ntos.exe infection but couldnt remove it. I managed to locate the file in windows/system32 and hit delete. It was in use by another program (winlogon.exe) so I CTRL-ALT-DEL and ended winlogon.exe. Sent ntos.exe to the Virus Vault and then rebooted. I have deleted ntos.exe from the Virus Vault and AVG isnt picking up the trojan anymore.

    I have read about the virus and heard its a pretty nasty one, is this enough to get rid of it? Can anyone suggest any programs I should run to check for its removal?

    Thanks in advance.
     
    cocode36, Jun 22, 2008
    #1
  2. cocode36

    cocode36 Private E-2

    Just to update you guys.. I ran AVG and it found the same trojan (SHeur.BRDU) in a temp folder and managed to delete it. At the minute am running AVG, Ad-ware and SuperAntiSpyware programs to ensure removal.
     
    cocode36, Jun 22, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jun 22, 2008
    #3
  4. cocode36

    cocode36 Private E-2

    Logs attached.
     

    Attached Files:

    cocode36, Jun 24, 2008
    #4
  5. cocode36

    cocode36 Private E-2

    Other logs attached.

    Apologies for not doing it in the first place, all steps now followed! Thanks for your help.
     

    Attached Files:

    cocode36, Jun 24, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Other than uninstalling your old Java (Java(TM) SE Runtime Environment 6) and downloading and installing : Java Runtime 6

    Your logs look clean.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2. Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, Jun 24, 2008
    #6
  7. cocode36

    cocode36 Private E-2

    Top man. Thank you very much.
     
    cocode36, Jun 25, 2008
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are quite welcome.....safe surfing. :)
     
    TimW, Jun 25, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds