Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] trojan:win32/renos.n


  • This topic is locked This topic is locked
112 replies to this topic

#1 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 30 September 2009 - 06:40 AM

please help. for the last 3 days windows defender pops up saying high alert virus- Trojan:win32/renos.n i am unable to access any antivirus software, it says i don't have permission even when ran as admin. ad-aware won't open-failed to connect to service? avg is off and won't turn on. unable to access hijack this. permission denied. also windows message pops up randomly: msa.exe stopped working. if you can help in any way i would really appreciate it. i regularly update and run scans on all my antivirus software: avg, ad-aware, cc cleaner, spybot. i also update windows regularly. not sure how this happened? -jen

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 30 September 2009 - 10:59 AM

Hi,

Please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT


To fix the permission issue

Download Inherit and save it to your desk top
Drag each of the exe files that you are unable to run into Inherit.exe (must be the exe - not the shortcut)
Then wait for it to say "OK"

NEXT


  • Please save Win32kDiag to your desktop.
  • Double-click on it to run a scan.
  • When it's finished, there will be a log called Win32kDiag.txt on your desktop.
  • Please open it with notepad and post the contents here.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 30 September 2009 - 07:57 PM

i downloaded exehelper but cannot find it on my computer to open it and run the fix. it says it's completed downloading but not in my dowload folder?

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 October 2009 - 02:48 AM

Please run this program instead, then move on to the others

Please download exe_fix and save it to your desktop

Double click on exe_fix.com to run it.

Type the number 1 at the prompt and allow the tool to run

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 October 2009 - 07:38 AM

it's doing the same thing, i click on it to dowload, a box pops up asking me if i want to save file (gives me no option where to save file to), i click "yes", it scans for viruses and says download complete. i open my download file and none of these programs are there. i cannot find them on my computer.

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 October 2009 - 10:04 AM

If you are using Firefox, make sure that your download settings are as follows:

Tools->Options->Main tab

Set to "Always ask me where to Save the files".

Then make sure you choose "Desktop" as the location to save the files

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 October 2009 - 03:57 PM

i did what you said, exe_fix is now on my desktop..i double click on it-a blue screen flashes and then disappears.

Edited by entropy1120, 01 October 2009 - 04:00 PM.


#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 October 2009 - 04:09 PM

Hi, That is what it should do, move on to the next set of instructions Thanks

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 October 2009 - 04:16 PM

inherit_exe- i downloaded and saved it to my desktop. it is not there.

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 October 2009 - 05:36 PM

Please save the files directly to your C:\ drive, then navigate to your C:\ drive and locate the programs and run then, work through from the beginning: exeHelper, Inherit then Win32kDiag

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#11 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 October 2009 - 07:10 PM

it won't let me save to my c: drive. says i don't have permission. it asks me if i want to save to my "jennifer" file in c: drive i click yes and it is not there. it is doing that with all 3 you asked me to dl. i am the only user on this computer, so it should be set to admin right?

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 October 2009 - 07:14 PM

The infection is messing with your permissions.

The inherit program should resolve that, but if you cannot save anything to your computer it is going to be more difficult.

If you have access to another computer please download the following program to the other computer and transfer it to the infected computer via USB - run the program from the USB.



Download Combofix from either of the links below. You must rename it to combo-fix.com before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

Link 1
Link 2

-----------------------------------------------------------


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

    -----------------------------------------------------------

  • Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

-----------------------------------------------------------


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 October 2009 - 07:19 PM

i don't have another computer.

#14 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 October 2009 - 07:30 PM

Do you have a USB you can save it to?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#15 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 October 2009 - 07:31 PM

i can get access to another computer tomorrow, should i dl all 3 original files and save to usb? or just combofix.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users