We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

virus 2nuk.com

Medium Priority
753 Views
Last Modified: 2013-11-22
sir
PC gets hanged and drastically slowa the pc. checked the PC and found out this particular file hidden "2nuk.com". i tried mcafee antivirus, stinger, spybot, nod32 but there was no success. i tried deleting the file manually, but it gets created again. i searched the registry for this file but nothing exists. can you please help me out in this matter.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007

Commented:
It's a PWS trojan and it comes with other files as well that's why when deleting that one file it gets recreated.
Use MalwareBytes and ComboFix and show us the log file... .

Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php 
 

Or just run Combofix
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
CERTIFIED EXPERT
Top Expert 2007

Commented:
It's a password and info stealer, so I would suggest changing all passwords that have been used in the infected system(using another clean pc).

Also scan with Flash_Disinfector.exe and follow the prompts.
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
k
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.