Nestsky Virus - Page 5
Page 5 of 7 FirstFirst ... 34567 LastLast
Results 61 to 75 of 93

Thread: Nestsky Virus

  1. #61
    Join Date
    Dec 2009
    Posts
    63
    So far I haven't had any page rerouting or virus scanner pop-ups. The blue screen and automatic shut down has also stopped. Should I delete any programs or run any scans (malware/super-anti)?

    Thank you very much for your help.

  2. #62
    Join Date
    Dec 2009
    Posts
    63
    When I right click in google a page popped up that says "PCScanner2010 is detecting security risks". It's random and doesn't do it everytime.

  3. #63
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Quote Originally Posted by Thexy View Post
    When I right click in google a page popped up that says "PCScanner2010 is detecting security risks". It's random and doesn't do it everytime.
    Take a look at your last Avenger log you posted, then at the log posted here; http://discussions.virtualdr.com/sho...1&postcount=32
    Can you tell me why the formatting s so different?
    Do a search on your pc for the pcscanner2010 on your pc.

  4. #64
    Join Date
    Dec 2009
    Posts
    63
    I did notice it looks different. I did not enter a string it it. Norton found this virus but said I would have to manually remove it:
    Iastor.sys.vir
    Backdoor.Tiderv.I!inf

  5. #65
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Where does it find the file? If it is in the C:\qoobox\quarantine folder, do not worry about it, as it is in quarantine.
    If your pc is running ok otherwise, let's leave it a day to make sure, then I will show you how to remove Combofix.

  6. #66
    Join Date
    Dec 2009
    Posts
    63
    I have attached the Norton screen shots...
    Attached Files Attached Files

  7. #67
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    It is better if you save those to jpeg format as not everyone has MS Word .

    Ok. We will try uninstalling Combofix to see if the warnings disappear. Hurrah to Norton for finding a problem, but not letting us know where it is.

    ====

    • Click START then RUN
    • Now type [b]Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

      ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


  8. #68
    Join Date
    Dec 2009
    Posts
    63
    Yes, it does look weird. But for some reason, I feel as if the virus is still here. Sometimes my page would go out and althought I've only ran Avenger once, it runs different..with a "blink".

    ComboFix has been removed..

    I attached the .jpeg images if you needed them. Norton has been a great help with this...I've had the service for about 2 months now and I update and scan daily (sometimes twice a day) and it still doesn't do anything about viruses. What was I thinking trying to be proactive??
    Attached Images Attached Images

  9. #69
    Join Date
    Dec 2009
    Posts
    63
    I removed FireFox because it started acting weird. I have been using Chrome and when I try to reply and "go advanced", the scroll bar and buttons freeze. But I am able to click on the task/tool bar, but now actually in the window. So now I am using IE, but I keep getting an error message saying IE stopped working and then "close program". I click the "close program" button but IE still stays open.

  10. #70
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    By my count, The Avenger should have been run 3 times.

    ==

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:


  11. #71
    Join Date
    Dec 2009
    Posts
    63
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=89f108df6270134796a7b196b2ccb044
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-12-22 04:00:55
    # local_time=2009-12-21 10:00:55 (-0600, Central Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 63046245 63046245 0 0
    # compatibility_mode=1536 16777215 100 0 0 0 0 0
    # compatibility_mode=3588 16777214 85 90 111463 6136429 0 0
    # compatibility_mode=5892 16776574 100 100 0 98054340 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=177994
    # found=0
    # cleaned=0
    # scan_time=7642

  12. #72
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Nothing found there. Might want to try the Kaspersky scanner too.

    Do you have your Vista CD? You may have to do a repair install to fix the error's you are getting.

  13. #73
    Join Date
    Dec 2009
    Posts
    63
    I will download Kaspersky now.....but no, I do not have a Vista CD.

  14. #74
    Join Date
    Dec 2009
    Posts
    63
    So far this is what Kaspersky has detected (it is still running)...

    Full Scan: stopped 43 minutes ago (events: 2, objects: 5088, time: 00:05:03)
    12/22/2009 12:13:38 AM Task stopped
    12/22/2009 12:08:35 AM Task started
    Full Scan: running (events: 7, objects: 182497, time: 00:30:03)
    12/22/2009 12:16:13 AM Task started
    12/22/2009 12:26:54 AM Task stopped
    12/22/2009 12:27:00 AM Task started
    12/22/2009 12:53:37 AM Detected: Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf/data0000
    12/22/2009 12:56:28 AM Deleted: Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf
    12/22/2009 12:56:28 AM Detected: HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf/data0001
    12/22/2009 12:56:28 AM Cannot be quarantined: HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf
    Quick Scan: completed 37 minutes ago (events: 2, objects: 5177, time: 00:03:31)
    12/22/2009 12:19:45 AM Task completed
    12/22/2009 12:16:14 AM Task started
    Objects Scan: stopped 30 minutes ago (events: 2, objects: 3, time: 00:00:28)
    12/22/2009 12:26:29 AM Task stopped
    12/22/2009 12:26:01 AM Task started
    Objects Scan: running (events: 5, objects: 175885, time: 00:30:28)
    12/22/2009 12:26:35 AM Task started
    12/22/2009 12:53:37 AM Detected: HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf/data0001
    12/22/2009 12:53:37 AM Detected: Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf/data0000
    12/22/2009 12:56:28 AM Cannot be deleted: Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf Object not found
    12/22/2009 12:56:28 AM Detected: HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf/data0002
    Attached Files Attached Files
    Last edited by Thexy; December 22nd, 2009 at 02:00 AM.

  15. #75
    Join Date
    Dec 2009
    Posts
    63
    Here is the detailed report after Kaspersky finished:

    Status: Absent (events: 3)
    12/22/2009 12:56:54 AM Not found virus HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf High
    12/22/2009 12:56:54 AM Not found virus HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf//data0001 High
    12/22/2009 12:56:54 AM Not found virus HEUR:Exploit.Script.Generic C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-u3d.pdf//data0002 High
    Status: Deleted (events: 2)
    12/22/2009 12:56:28 AM Deleted Trojan program Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf High
    12/22/2009 12:56:28 AM Deleted Trojan program Exploit.JS.Pdfka.auq C:\Users\Paige\AppData\Local\temp\plugtmp\plugin-all.pdf//data0000 High

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •