Jump to content

Recommended Posts

Hi - My computer (MS Security Essentials) is reporting that I have the virus TrojanDownloader:Win32/Unruy.H

I can't remember exactly what I did to get it - was trying out the new 'apps' in Google Chrome - looking for game to try. So I've spent most of today trying to resolve the issue. When removing the threat with MSSecEssentials - it will come back again like every 5 to 10 minutes. Performed scans etc and I look pretty clean other than that.

I have windows 7 32 bit.

Symptoms are -

The virus continues to pop up even after deleting.

I can't start or stop my windows firewall.

I can't do anything it seams with the firewall and related software in windows. Nothing responds - or saying something like couldn't load component or telling me to go start the process.

I can't find any process in my process list to turn on - they are missing.

IE 8 totally doesn't respond - I've been using Chrome instead.

So I have followed the post found here on a similar issue that was solved:

http://forums.malwarebytes.org/index.php?showtopic=100644

TDSSKiller only found 3 things that seemed okay to me.

I selected Skip on everything.

Now I'm running Combo fix. It mentioned Rootkit activity and wanted restart so I did that. It's now on Stage 47 at 9PM... was on stage 43 at 4PM. So it's taking a long time. Reading the tutorial on combofix - I thought it would be a good idea to start this post and seek advice once the results are in as it seems it will not be trivial.

I'm horribly inexperienced in working with viruses. I try to remain cautious and other than that - I've always depended on Security Essentials to protect me - always keeping things updated.

I built the computer about 2-3 years ago - it has Raid 5 with 5 740Gig disks. I have a ton of data I really don't want to lose - Please Help!! I can't imagine starting from scratch!

Thanks in advance,

Dan C.

Link to post
Share on other sites

Combo Fixed has finished - but need to work on the computer it seems. I cannot open any text documents or notepad - it says "Illegal operation attempted on a registry key that has been marked for deletion." Any help figuring this out is appreciated. Until then I probably won't be able to attach a log even after I get the internet connection working again.

Thanks,

Dan C.

Link to post
Share on other sites

Couldn't get my network fixed after running ComboFix. I caved in and did a system restore to couple days ago - this wouldn't work through windows but was able to do it through F8 on startup. I also ran

sfc /scannow

Due to someone else having similar issue on this forum - where the Win 7 Security Manager and related processes are just missing.

http://www.bleepingcomputer.com/forums/topic394213.html/page__p__2224866__fromsearch__1#entry2224866

So the restore seems to work for now. Having some new firewall issues trying to connect my work through Citrix....

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Okay. Here's my standard prevention speech:

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.