Author Topic: Horrible Win32: Downloader NUA Trojan. Please Help!  (Read 5383 times)

0 Members and 1 Guest are viewing this topic.

Offline pennylane909

  • Jr. Member
  • **
  • Posts: 23
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #15 on: April 08, 2012, 07:27:16 PM »
Also i ran the TDSKILLER and found 5 threats.... none curable

:(

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #16 on: April 08, 2012, 07:27:49 PM »
Quote
Hi DonZ63,

Do not give a misreprentation of the facts here
Lighten up, dude. I meant Avast forum malware specialist. My mistake. Go have a cool one and chill out.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36325
  • Weihrauch Airguns
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #17 on: April 08, 2012, 07:28:20 PM »
@pennylane909.

You need to start your own topic...

Follow the guide here and attach the logs
http://forum.avast.com/index.php?topic=53253.0

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #18 on: April 08, 2012, 07:28:54 PM »
Hi pennylane909 could you run aswMBR and OTL as per this thread and start your own topic... As soon as you have posted I will have a look see
http://forum.avast.com/index.php?topic=53253.0

Back to Jeff  ;D

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #19 on: April 08, 2012, 07:44:41 PM »
Hi jibbyreznor,

Rerun TDSSKiller and when you get to the new log please attach that.  :)


Offline jibbyreznor

  • Newbie
  • *
  • Posts: 19
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #20 on: April 08, 2012, 07:48:18 PM »
Attached is the TDS Log Jeffe

Thanks again for your help

Jamie

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #21 on: April 08, 2012, 07:52:09 PM »
No...I meant run a new scan with TDSSKiller and attach the new log.  Sorry if I didn't explain well enough.  :)

Offline jibbyreznor

  • Newbie
  • *
  • Posts: 19
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #22 on: April 08, 2012, 08:06:54 PM »
Sorry mate didn't realise you wanted a new one. Here it is. It didn't find anything.
Still no CD drive, have no idea whats happened there!

Thanks again.

Offline pennylane909

  • Jr. Member
  • **
  • Posts: 23
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #23 on: April 08, 2012, 08:27:48 PM »
Sorry i posted it in this because i have the exact same virus....

Offline jibbyreznor

  • Newbie
  • *
  • Posts: 19
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #24 on: April 08, 2012, 08:30:18 PM »
Quick Update, CD Drive has returned. Used Microsofts FIXIT program and it has returned :) Virus remains though.

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #25 on: April 08, 2012, 10:49:50 PM »
Hi jibbyreznor,

Seeing as how you seem to have Ramnit this may be very tricky.  Ramnit is a file infector and there is no telling the degree to which your system is infected unfortunately.  This is only my opinion, but if it were my system and I were infected with Ramnit I would format and reinstall my operating system.  If you would like to continue and attempt to clean your system do the following:


Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.


  • Use arrow keys to select  DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.


  • The programme will now scan for and cure/delete any malware that it finds.  Allow it to do so 
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

Offline jibbyreznor

  • Newbie
  • *
  • Posts: 19
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #26 on: April 09, 2012, 02:44:20 PM »
Hi,

I ran DR.Web it picked up some stuff then cured or quarantined it.  But the issues still remain. I have attached the latest OTL log for you to take a look at.

Thanks again for your help,

Jamie

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #27 on: April 09, 2012, 03:04:18 PM »
Hi,


Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
5. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.
---------

Offline jibbyreznor

  • Newbie
  • *
  • Posts: 19
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #28 on: April 09, 2012, 04:30:55 PM »
Hi, ran combifix, attached is the log. Not sure if running it was meant to solve anything, but it hasn't.

Jamie

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Horrible Win32: Downloader NUA Trojan. Please Help!
« Reply #29 on: April 09, 2012, 04:54:42 PM »
      Hi,

      Let's see to what extent Ramnit has infected your system.

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



[list=1]
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/
----------