?
Solved

virus 2nuk.com

Posted on 2009-07-04
5
Medium Priority
?
726 Views
Last Modified: 2013-11-22
sir
PC gets hanged and drastically slowa the pc. checked the PC and found out this particular file hidden "2nuk.com". i tried mcafee antivirus, stinger, spybot, nod32 but there was no success. i tried deleting the file manually, but it gets created again. i searched the registry for this file but nothing exists. can you please help me out in this matter.
0
Comment
Question by:khalidgaffar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24776634
It's a PWS trojan and it comes with other files as well that's why when deleting that one file it gets recreated.
Use MalwareBytes and ComboFix and show us the log file... .

Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php 
 

Or just run Combofix
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24776654
It's a password and info stealer, so I would suggest changing all passwords that have been used in the infected system(using another clean pc).

Also scan with Flash_Disinfector.exe and follow the prompts.
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
0
 
LVL 13

Accepted Solution

by:
JeremySBrown earned 1000 total points
ID: 24777149
You might want to scan with Dr. Web Anti-Virus too...
http://www.freedrweb.com/
0
 

Author Closing Comment

by:khalidgaffar
ID: 31599751
k
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question