Jump to content

Malwarebytes Anti-Malware NOT removing virus registry


Recommended Posts

I have this trojan called nissan.exe that is hiding in my C:\RECYCLER folder on my hard drive and I cannot get to it. MBAM finds the thing in the registry and will say it has been removed, but I can scan it again and there it is again. I can look it up in the registry via regedit and see it right after it was supposed to have been removed and see it there. I can delete the registry from regedit and after I close regedit, it puts itself back there AGAIN.

It's hidden under the registry entry "taskman".

I've tried running MBAM in normal Windows AND in Safe Mode and it WILL NOT remove it. Everything I have done, I have tried under Safe Mode and normal Windows, but NOTHING seems to be working. I also tried the command line using the "rd" command, going all the way to the nissan.exe and it would not let me do it. It said either invalid name or access denied, I honestly can't remember which, only that it didn't work.

I have tried to go into the Task Manager and via the New Task button go to C:\RECYCLER, but the folder appears empty. I have the view options set to see protected system folders AND hidden files and folders. I cannot see C:\RECYCLER in MyComputer AT ALL. The only reason that I know that Nissan.exe is in that folder is I can see it in Symantec, but Symantec does not recognize it as a valid virus. I have no idea why.

PLEASE help me to remove this file. I cannot get rid of it. Here is the "Registry Values Infected:" line from the log. I don't dare to connect the computer to the Internet or my router at all or plug anything into it because this is a DETERMINED worm to get rid of. I've been working on removing rootkit.tdss from the computer for the past two days and had to go into Safe Mode to delete the .sys file just to get rid of most of it. I don't want to go through all of that again. But here's that line ...

REGISTRY VALUES INFECTED:

HHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CurrentVersion\winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully

The log in the scan I did before that had the SAME infected registry being listed along with a file in system32\drivers called str.sys. I deleted that file in Safe Mode and it did not show up in the scan right after that, but the registry DID SHOW UP.

PLEASE HELP ME. I am at my wits end and trying to control myself from throwing it out the window.

Link to post
Share on other sites

Hello CapnNismo and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.