Jump to content

Recommended Posts

Ok, I've been working on this for several hours now and I'm at a wall.

This morning TrendMicro reported it had blocked two malicious threats. I didn't notice the names, but after x-ing out of the notification window I found that all my icons were dead. That is to say, I could not start a single program. In explorer, all my .exe files were also blocked from opening by the error "This file does not have a program associated with it for performing this action...". I could not open the CMD prompt or run regedit. Finally, I was able to launch CMD by going to the task manager and holding down ctrl + new task (possibly a backdoor command the virus overlooked??). That let me into Regedit, where I searched out the HKEY_CLASSES_ROOT>Shell>Open>Command for .exe and exefile and changed the properties to "%1" %*. This solved the file allocation problem and allowed all my programs to start opening again.

After restarting, I've decided that the effects of the virus are still present. ALL my .exe files are categorized as NJi files now. In the file properties of all my executables, the file type says "NJi (.exe file)". Also, when I right click the file, the first two options would normally be Open or Open With. Open with is missing, and now there are two identical Open commands. The only desciption I can find online of a NJi file is that it runs with Nero, which I've never had installed.

Though all the programs do open now, I just downloaded Malwarebytes (for the first time) and that one file will not launch and install. I also changed the extension to .com with the same result. Error ShellExecuteEX failed; code 1155. No application is associated with the specified file for this operation. I haven't found any other NJi/exe files that won't launch their respective programs. I'm currentlty running a full scan with TrendMicro, though a quickscan uncovered nothing. Looking back at my weekly full scans, a spike in blocked malware and viruses has appeared from 12.28 through today, with a very low count previous (only 3 web threats blocked befiore 12.28).

The forum post I followed up till this point is below:

http://social.techne...f5-89021ab5fa0e

Any information or advice would be greatly appreciated. I fear my computer may be taken over again soon if I don't find the root problem

Attach.txt

DDS.txt

Link to post
Share on other sites

  • 1 month later...

Step 1

Save and close any work documents, close any apps that you started.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

For 64-bit Windows systems:

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft.com/downloads/details.aspx?familyid=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Step 2

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Report only

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 3

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the contents of last MBAM scan log into reply, plus the Stinger log, and MS MSRT log.

RE-Enable your anti-virus program.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.