New Posts  All Forums:Forum Nav:

Trojan Help - Page 2

post #11 of 20
I think it's a false positive.
It's an Open Source Windows based installer utility and is associated with Win Amp.
http://sourceforge.net/projects/nsis/
    
CPUMotherboardGraphicsRAM
X4 965 ASUS M4A79 Deluxe 9800GTx2 2x2G OCZ Reapers 
Hard DriveOptical DriveOSMonitor
500G WD Black LiteOn CD/DVD R/W Win7 64 22'' ws Acer AL2223W 
KeyboardPowerMouse
MS KU462 Natural SS DA750 MS 5 button 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
X4 965 ASUS M4A79 Deluxe 9800GTx2 2x2G OCZ Reapers 
Hard DriveOptical DriveOSMonitor
500G WD Black LiteOn CD/DVD R/W Win7 64 22'' ws Acer AL2223W 
KeyboardPowerMouse
MS KU462 Natural SS DA750 MS 5 button 
  hide details  
Reply
post #12 of 20
Quote:
Originally Posted by lohoutlaw
I'm <////////=] guys,

I have done all that was suggested and more. From what i have read this is an unrecoverable virus which requires a reformat to get rid of it.

I've tried all of the suggestions above and it keeps loading it's self at boot up.

Please any more suggestions?
Turn off system restore run trend micro online virus scanner then back it up with the Spyware Doctor free trial to find all the strings in the registry.
PRONE
(19 items)
 
Cap't Crunch
(14 items)
 
 
CPUMotherboardGraphicsRAM
i7 3930k @ 5Ghz Msi X79A-GD45 Gigabyte Radeon 7950 Patriot Sector 7 
Hard DriveOptical DriveCoolingCooling
2xCorsair Force Series 3 Raid-0 LG DVDR/W Custom Water Loop Swiftech Apogee Drive II waterblock/pump 
CoolingCoolingOSMonitor
Swiftech MCRES-Micro Rev 2 Larkooler 240mm Rad server 2008 RC2 HP 2207HD 
KeyboardPowerCaseMouse
HP Classic wireless PC Power and Cooling Silencer Mk II 950W High P... NZXT Phantom...again lol HP Classic wireless 
Mouse PadAudioOther
MicroCenter Onboard TBA 
CPUMotherboardGraphicsRAM
2500k Maximus V Extreme Radeon 6950HD Avexir 
Hard DriveOptical DriveCoolingOS
Corsair Force 3 LG DVD RW Corsair H100i WIndowd 8.1 
MonitorKeyboardPowerCase
HP 2159M Logitech CX750M Cosair Carbide 540AIR 
MouseMouse Pad
logitech logitech 
  hide details  
Reply
PRONE
(19 items)
 
Cap't Crunch
(14 items)
 
 
CPUMotherboardGraphicsRAM
i7 3930k @ 5Ghz Msi X79A-GD45 Gigabyte Radeon 7950 Patriot Sector 7 
Hard DriveOptical DriveCoolingCooling
2xCorsair Force Series 3 Raid-0 LG DVDR/W Custom Water Loop Swiftech Apogee Drive II waterblock/pump 
CoolingCoolingOSMonitor
Swiftech MCRES-Micro Rev 2 Larkooler 240mm Rad server 2008 RC2 HP 2207HD 
KeyboardPowerCaseMouse
HP Classic wireless PC Power and Cooling Silencer Mk II 950W High P... NZXT Phantom...again lol HP Classic wireless 
Mouse PadAudioOther
MicroCenter Onboard TBA 
CPUMotherboardGraphicsRAM
2500k Maximus V Extreme Radeon 6950HD Avexir 
Hard DriveOptical DriveCoolingOS
Corsair Force 3 LG DVD RW Corsair H100i WIndowd 8.1 
MonitorKeyboardPowerCase
HP 2159M Logitech CX750M Cosair Carbide 540AIR 
MouseMouse Pad
logitech logitech 
  hide details  
Reply
post #13 of 20
Thread Starter 
Quote:
Originally Posted by The Duke
Do you know the exact name of the problem? If so goggle it and you may find links to "HiJackthis" posts on the issue. Some Trojans require a spicific utility to remove them.
NSIS trojan horse media extention

Yes i have googled and the results are the same.
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
post #14 of 20
Thread Starter 
Quote:
Originally Posted by PROBN4LYFE
Turn off system restore run trend micro online virus scanner then back it up with the Spyware Doctor free trial to find all the strings in the registry.
At work now, can you link me to these programs?
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
post #15 of 20
Do you have Win Amp installed, if so that is part of the game.
I could be wrong but I'm thinking either live with it or remove Win Amp.
    
CPUMotherboardGraphicsRAM
X4 965 ASUS M4A79 Deluxe 9800GTx2 2x2G OCZ Reapers 
Hard DriveOptical DriveOSMonitor
500G WD Black LiteOn CD/DVD R/W Win7 64 22'' ws Acer AL2223W 
KeyboardPowerMouse
MS KU462 Natural SS DA750 MS 5 button 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
X4 965 ASUS M4A79 Deluxe 9800GTx2 2x2G OCZ Reapers 
Hard DriveOptical DriveOSMonitor
500G WD Black LiteOn CD/DVD R/W Win7 64 22'' ws Acer AL2223W 
KeyboardPowerMouse
MS KU462 Natural SS DA750 MS 5 button 
  hide details  
Reply
post #16 of 20
Quote:
Originally Posted by lohoutlaw
At work now, can you link me to these programs?
http://housecall.trendmicro.com/
http://www.pctools.com/spyware-doctor/
PRONE
(19 items)
 
Cap't Crunch
(14 items)
 
 
CPUMotherboardGraphicsRAM
i7 3930k @ 5Ghz Msi X79A-GD45 Gigabyte Radeon 7950 Patriot Sector 7 
Hard DriveOptical DriveCoolingCooling
2xCorsair Force Series 3 Raid-0 LG DVDR/W Custom Water Loop Swiftech Apogee Drive II waterblock/pump 
CoolingCoolingOSMonitor
Swiftech MCRES-Micro Rev 2 Larkooler 240mm Rad server 2008 RC2 HP 2207HD 
KeyboardPowerCaseMouse
HP Classic wireless PC Power and Cooling Silencer Mk II 950W High P... NZXT Phantom...again lol HP Classic wireless 
Mouse PadAudioOther
MicroCenter Onboard TBA 
CPUMotherboardGraphicsRAM
2500k Maximus V Extreme Radeon 6950HD Avexir 
Hard DriveOptical DriveCoolingOS
Corsair Force 3 LG DVD RW Corsair H100i WIndowd 8.1 
MonitorKeyboardPowerCase
HP 2159M Logitech CX750M Cosair Carbide 540AIR 
MouseMouse Pad
logitech logitech 
  hide details  
Reply
PRONE
(19 items)
 
Cap't Crunch
(14 items)
 
 
CPUMotherboardGraphicsRAM
i7 3930k @ 5Ghz Msi X79A-GD45 Gigabyte Radeon 7950 Patriot Sector 7 
Hard DriveOptical DriveCoolingCooling
2xCorsair Force Series 3 Raid-0 LG DVDR/W Custom Water Loop Swiftech Apogee Drive II waterblock/pump 
CoolingCoolingOSMonitor
Swiftech MCRES-Micro Rev 2 Larkooler 240mm Rad server 2008 RC2 HP 2207HD 
KeyboardPowerCaseMouse
HP Classic wireless PC Power and Cooling Silencer Mk II 950W High P... NZXT Phantom...again lol HP Classic wireless 
Mouse PadAudioOther
MicroCenter Onboard TBA 
CPUMotherboardGraphicsRAM
2500k Maximus V Extreme Radeon 6950HD Avexir 
Hard DriveOptical DriveCoolingOS
Corsair Force 3 LG DVD RW Corsair H100i WIndowd 8.1 
MonitorKeyboardPowerCase
HP 2159M Logitech CX750M Cosair Carbide 540AIR 
MouseMouse Pad
logitech logitech 
  hide details  
Reply
post #17 of 20
Thread Starter 
Quote:
Originally Posted by The Duke
Do you have Win Amp installed, if so that is part of the game.
I could be wrong but I'm thinking either live with it or remove Win Amp.
No Win Amp. But some one ((no one wants to admit to it))installed Super slots casino on my system on Tuesday. I finally got that program ((Super slots casino)) of my PC on Thursday.

Thanks i will give it a shot when i get home
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
post #18 of 20
Quote:
Originally Posted by lohoutlaw
No Win Amp. But some one ((no one wants to admit to it))installed Super slots casino on my system on Tuesday. I finally got that program ((Super slots casino)) of my PC on Thursday.



Thanks i will give it a shot when i get home
that could be Java script...like that Wild Tangent thingy...LOL
I have a sibling who wonders why I uninstall it everytime I come over to fix her PC...hmmm
Check the Common Files folder in the Program files...gotta be inside with the ever ready self install file...
PRONE
(19 items)
 
Cap't Crunch
(14 items)
 
 
CPUMotherboardGraphicsRAM
i7 3930k @ 5Ghz Msi X79A-GD45 Gigabyte Radeon 7950 Patriot Sector 7 
Hard DriveOptical DriveCoolingCooling
2xCorsair Force Series 3 Raid-0 LG DVDR/W Custom Water Loop Swiftech Apogee Drive II waterblock/pump 
CoolingCoolingOSMonitor
Swiftech MCRES-Micro Rev 2 Larkooler 240mm Rad server 2008 RC2 HP 2207HD 
KeyboardPowerCaseMouse
HP Classic wireless PC Power and Cooling Silencer Mk II 950W High P... NZXT Phantom...again lol HP Classic wireless 
Mouse PadAudioOther
MicroCenter Onboard TBA 
CPUMotherboardGraphicsRAM
2500k Maximus V Extreme Radeon 6950HD Avexir 
Hard DriveOptical DriveCoolingOS
Corsair Force 3 LG DVD RW Corsair H100i WIndowd 8.1 
MonitorKeyboardPowerCase
HP 2159M Logitech CX750M Cosair Carbide 540AIR 
MouseMouse Pad
logitech logitech 
  hide details  
Reply
PRONE
(19 items)
 
Cap't Crunch
(14 items)
 
 
CPUMotherboardGraphicsRAM
i7 3930k @ 5Ghz Msi X79A-GD45 Gigabyte Radeon 7950 Patriot Sector 7 
Hard DriveOptical DriveCoolingCooling
2xCorsair Force Series 3 Raid-0 LG DVDR/W Custom Water Loop Swiftech Apogee Drive II waterblock/pump 
CoolingCoolingOSMonitor
Swiftech MCRES-Micro Rev 2 Larkooler 240mm Rad server 2008 RC2 HP 2207HD 
KeyboardPowerCaseMouse
HP Classic wireless PC Power and Cooling Silencer Mk II 950W High P... NZXT Phantom...again lol HP Classic wireless 
Mouse PadAudioOther
MicroCenter Onboard TBA 
CPUMotherboardGraphicsRAM
2500k Maximus V Extreme Radeon 6950HD Avexir 
Hard DriveOptical DriveCoolingOS
Corsair Force 3 LG DVD RW Corsair H100i WIndowd 8.1 
MonitorKeyboardPowerCase
HP 2159M Logitech CX750M Cosair Carbide 540AIR 
MouseMouse Pad
logitech logitech 
  hide details  
Reply
post #19 of 20
Thread Starter 
Look what i found Will try it tonight, Prey for me please.

Quote:
Re: Nsis Media Pop-ups

--------------------------------------------------------------------------------

You will need to save the below information locally to a text file or print it because I will be telling you to disconnect from the internet soon!

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files".

NOW DISCONNECT YOUR PC from the internet by unplugging the cable.


Once you are disconnected from the internet and you have saved the file double click it and allow it to merge with the registry.

Quote:
REGEDIT4

[-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\ CurrentVersion\\App Management\\ARPCache\\NSISMedia]
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\ CurrentVersion\\Explorer\\ShellExecuteHooks]
"{F28439F2-4996-41B8-8BD0-22789780DE81}"=-
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"=-
[-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\ CurrentVersion\\Uninstall\\NSISMedia]
[-HKEY_LOCAL_MACHINE\\SOFTWARE\\NSIS]
[-HKEY_LOCAL_MACHINE\\SOFTWARE\\NSIS\\Media]

Look for the below files and them if they exist, delete them(if you cannot delete it right now, boot into safe mode and see if you can delete them):
C:\\Program Files\\Mozilla Firefox\\chrome\
sis.jar
C:\\Windows\\A~NSISu_.exe
c:\\windows\\system32\\krnsvr32.dll
c:\\windows\\system32\\wmdmb32.dll

Just stay in safe mode if at any point you need to boot to safe mode to delete any files.


Now delete the below folder and everything in it. (if you cannot delete it right now, boot into safe mode and see if you can delete it)
C:\\Program Files\\Common Files\\NSIS

Now create the same folder as we just deleted (the NSIS folder) then right click on the folder from Windows Explorer and select Properties. Change the Attributes to have Read-only selected and also put a check in the Hidden box. (Note the Read-only option should already be set after creating the folder.)


Now delete all files & subfolders in the below folder (downloading things like this is a sure way to have malware problems):
C:\\Documents and Settings\\Mike\\Local Settings\\TEMP

Note Windows may block deletion of a few files from the current date in the above folder.

Now reboot into normal mode but do not reconnect to the internet yet. Just check to see if the problem files have come back or not. Hopefully the NSIS folder we recreated is empty.

Now connect to the internet and again check the status of the NSIS folder.

Now come back and tell me what happened.

Questions: Did you ever have Foxie Browser Suit with Security Firewall installed?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."

--------------------------------------------------------------------------------
Last edited by chaslang : 08-09-06 at 19:54.
POST SOURCE
THREAD SOURCE
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
post #20 of 20
Thread Starter 
It worked

Man this is one nasty virus. I worked on my PC for 4 days ((evenings)) now and i am free. Our should i say my baby is free!

I'm throwing you all a thank you for your posts and help, and especially want to thank Anti-Spyware-Man = chaslang from Major Geeks for posting this to the web and sharing his talent with me ((us)).

PS:
Reps to all for the attept.
If i could rep you ((The Duke)) i would. Thank You!
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
My BFG
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E6600 EVGA 680i SLI NF68 2 X 8800GTS 640MB in SLI G.Skill PC6400 DDR2 800Mhz 
Hard DriveOSMonitorKeyboard
250g SATA2 16Mb Windows XP home 20.1 Wide Screen Saitek Eclipse 
PowerCaseMouse
OCZ GamerXtream 700W Thermaltake Armor MS Optical 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows