Please help me get rid of this naggin virus. Thanks.

Discussion in 'Windows 7' started by rimmi2002, Dec 9, 2010.

  1. rimmi2002

    rimmi2002 MDL Novice

    Aug 2, 2010
    15
    0
    0
    #1 rimmi2002, Dec 9, 2010
    Last edited: Dec 9, 2010
    Hi I recently downloaded something which seemed like a virus but I still clicked on it. I have bitdefender 2010 total security running. It detected the virus and stopped it. Then the next day my internet went down, I was getting cannot get DNS address on that computer only. All wifi connection were working fine. I resolved it by putting in static DNS address that i found as a solution on a random website where people were getting DNS errors. When I ran the virus scan it found 8 instances of trojan.nsis.agent.a virus which it quarantined.

    Now everytime I restart windows bitdefender it finds two instances of trojan.nsis.agent.a in searchprotocolhost.exe in the windows temp directory. It blocks and quarantines the files. It happens each time. So the source is still somewhere on the computer. Bitdefender and malware bytes find no viruses or trojans. Any suggestions of what else I can do?

    btw running windows 7 64 bit prof.

    Below is the log for Hijackthis

    Below is the address for Hijackthis

    pastebin.com/A2341nkF
     
  2. sam3971

    sam3971 MDL Guru

    Nov 14, 2008
    2,220
    303
    90
    It is hard to say for sure, it appears that by your Hijackthis log that there is no virus file running but the AV is unable to kill it completely so it revives at reboot. What I would suggest is to start your computer in safemode and run the virus scan. Hopefully that will remove the remainings that it cannot remove normally. If that still does not work then temporarily remove BitDefender and install another AV like Kaspersky to scan with that. I am sure though that most likely BitDefender will be able to remove this once and for all when you reboot your computer. Also click start and type "msconfig" without the quotes, then go to the startup tab and disable any entries that look strange to you if any.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. EneergE

    EneergE MDL Novice

    Dec 13, 2009
    15
    0
    0
    You may have a rootkit lurking, but definitely something that Bitdefender isn't capable of handling very well. Make a search for GMER and you can check for rootkits. Also, you can try a pass with Combofix (which uses GMER) and see if it will get rid of it. Otherwise, you can also boot into a third party environment. I've got website detailing how you can get rid of some nasty malware, but I don't want to spam it here. However, here's some tools you can try:

    MalwareBytes
    SuperAntispyware
    Hitman PRO 3.5 - Don't install this program, just run it portably. It does an excellent job at detecting rootkits. However, it's glitchy if you leave it running in the background. It crashes Explorer sometimes.
    Combofix - May pork your system if it removes a system file, so be careful.

    and you can also check out "Autoruns" from Microsoft to see a more detailed list on start up items.

    Download ProcessExplorer, open it, and go to View->Lower Pane View->Show DLLs. Select each process and see if there's anything loaded that shouldn't be (may have to research).

    Also, sometimes "sfc /scannow" in a CMD prompt will correct system files that have been modified, but don't count on it.

    Open CMD and type "netsh winsock reset" and reboot and see if your connection issues are fixed.

    Oh, and you may wanna uninstall your AV before you do all of this. This is usually the first thing I would do and then stick the AV back on there afterwards clean.
     
  4. JaguarXJ12

    JaguarXJ12 MDL Senior Member

    Jun 9, 2010
    425
    607
    10
    #4 JaguarXJ12, Dec 9, 2010
    Last edited: Dec 9, 2010
    You should have known the consequences from doing this from the very beginning, but I feel sorry for you so here's what I recommend:

    Search Google for "Active Killdisk" it's a very good tool for deleting all data on an HDD make sure to get the ISO file and burn it because it's an startupdisk when you boot the computer, follow the on screen instructions, basically what it does is to write zeros, there is other methods but this one is the freeware version and after that your HDD vill be empty.
    Restart after that and then reinstall Windows 7.
    This will probably with 99.99% chance remove the virus for you but make sure to backup all data before deleting the HDD.
     
  5. Riicckk

    Riicckk MDL Novice

    Jan 20, 2009
    13
    4
    0
    Just run Malwarebytes or SpyHunter 4. They will get rid of your problem.
     
  6. sam3971

    sam3971 MDL Guru

    Nov 14, 2008
    2,220
    303
    90

    Ya maybe but don't say that for sure dude, some rootkits are very sufisticated and hard as hell to remove, Even MBAM could not detect the one that I had and SpyHunder I cannot say cause I never used it. I would still say using some live boot disk with either the Kaspersky AV or the ESET AV so nothing runs other then the programs on the disk, that is the best way to detect viruses but you need to get ahold of those disks. Both ESET SS and Kaspersky lets you create them from their software suite options. They are very useful in tight situations.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. JaguarXJ12

    JaguarXJ12 MDL Senior Member

    Jun 9, 2010
    425
    607
    10
    You guys really trust all these Spyware/AV/Malware scanners out there? I mean some scanners can pick up a threat one moment while the others can't yet it's the same threat which should be recognized by all of them (In theory)

    I for sure don't trust them enough to have my HDD filthed with it and I think all you really need is a strong and solid firewall setuped correctly *Don't know if to raise flame shield or not*

    Then again it's all about common sense when surfing the web, some sites should not be visited, somethings should not be clicked or downloaded no matter what.