Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Help with virus named ztorsftdgh.vbs and remove others
New Posts  All Forums:Forum Nav:

Help with virus named ztorsftdgh.vbs and remove others - Page 2

post #11 of 26
Quote:
Originally Posted by Azjul View Post

I dont think i can get a sample of it because its embedded in the files or i'm just doing it wrong. biggrin.gif

Then get me one of the files!
post #12 of 26
Quote:
Originally Posted by NexusRed View Post

I like this process, but I usually boot into UBCD or Hiren's and then proceed.

Personally, I prefer the Kaspersky Rescue Disk over Hirens, but it does lack a lot of the features.

I get the nagging suspicion OP has a rootkit or even a simple registry key loading error.
Micro Mule
(11 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k MSI Z170I Gaming Pro AC Gigabyte GTX 1070 G1 Gaming 16GB GSkill Ripjaws V DDR4 3200 
Hard DriveCoolingMonitorPower
250GB Crucial MX200, 960GB Adata , 1TB WD Black Noctua NH-L12 LG 27UD68 4k Seasonic M12II 620W 
CaseMouseAudio
Corsair Obsidian 250D Logitech Performance Mouse MX Topping TP-30 Mk2, 2x Polk M10, Sony MDR-7506 
  hide details  
Reply
Micro Mule
(11 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k MSI Z170I Gaming Pro AC Gigabyte GTX 1070 G1 Gaming 16GB GSkill Ripjaws V DDR4 3200 
Hard DriveCoolingMonitorPower
250GB Crucial MX200, 960GB Adata , 1TB WD Black Noctua NH-L12 LG 27UD68 4k Seasonic M12II 620W 
CaseMouseAudio
Corsair Obsidian 250D Logitech Performance Mouse MX Topping TP-30 Mk2, 2x Polk M10, Sony MDR-7506 
  hide details  
Reply
post #13 of 26
Quote:
Originally Posted by Azjul View Post

sorry for the late reply guys and thanks for your comments. It might be my brothers usb stick, i dont want to reinstall windows because we have a lot of files there that we need.

It likely is. USB sticks can carry payloads of malware. It would be a good idea to make sure the USB drive is clean. Use this tool: http://labs.bitdefender.com/projects/usb-immunizer/overview/
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
post #14 of 26
Doesn't disabling autorun in Windows have the same effect as that "immunizer"?
4690K System
(12 items)
 
HTPC
(9 items)
 
HP dv6 laptop
(13 items)
 
CPUMotherboardGraphicsRAM
Core i5 4690K ASRock Z97 Extreme4 XFX Radeon 7950 32 GB DDR3-2133 
Hard DriveOptical DriveCoolingOS
Samsung 850 EVO SSD Samsung DVD/CD-writer Corsair Hydro H60 Windows 7 
MonitorMonitorPowerCase
ASUS PA248Q Dell U2412M XFX 850W Black Edition XXX Fractal Design Arc Midi 2 
CPUMotherboardGraphicsRAM
Pentium Dual Core E6700 MSI G41M-P33 Combo ATI HD4350 Kingston ValueRAM DDR3-1333 
RAMHard DriveOSMonitor
Kingston ValueRAM DDR3-1333 WD Caviar Blue Windows 7 64-bit Sony 32" TV set 
Case
Apex TX-381 
CPUGraphicsRAMHard Drive
Core i5 430M GT230M (1 Gb dedicated) 8 GB DDR3-1066 640 GB 
OSMonitor
Windows 7 Home Premium (64-bit) 15.6" 
  hide details  
Reply
4690K System
(12 items)
 
HTPC
(9 items)
 
HP dv6 laptop
(13 items)
 
CPUMotherboardGraphicsRAM
Core i5 4690K ASRock Z97 Extreme4 XFX Radeon 7950 32 GB DDR3-2133 
Hard DriveOptical DriveCoolingOS
Samsung 850 EVO SSD Samsung DVD/CD-writer Corsair Hydro H60 Windows 7 
MonitorMonitorPowerCase
ASUS PA248Q Dell U2412M XFX 850W Black Edition XXX Fractal Design Arc Midi 2 
CPUMotherboardGraphicsRAM
Pentium Dual Core E6700 MSI G41M-P33 Combo ATI HD4350 Kingston ValueRAM DDR3-1333 
RAMHard DriveOSMonitor
Kingston ValueRAM DDR3-1333 WD Caviar Blue Windows 7 64-bit Sony 32" TV set 
Case
Apex TX-381 
CPUGraphicsRAMHard Drive
Core i5 430M GT230M (1 Gb dedicated) 8 GB DDR3-1066 640 GB 
OSMonitor
Windows 7 Home Premium (64-bit) 15.6" 
  hide details  
Reply
post #15 of 26
Quote:
Originally Posted by Quantum Reality View Post

Doesn't disabling autorun in Windows have the same effect as that "immunizer"?

The immunizer cleans the infections on the USB.
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
post #16 of 26
Thread Starter 


here's a pic of the path of the suspected virus but there are no files like it.right about now i would consider it being a registry file error because i think most or if not all of the malware are already removed except for the one above,also it doesnt lag anymore and the only thing thats happening is during startup it stays about 10 secs on "welcome" and after that you can open applications and games without waiting for programs to start up.

really appreciate the help guys,thanks to all for the insights and knowledge regarding this issue
post #17 of 26
Quote:
Originally Posted by Azjul View Post



here's a pic of the path of the suspected virus but there are no files like it.right about now i would consider it being a registry file error because i think most or if not all of the malware are already removed except for the one above,also it doesnt lag anymore and the only thing thats happening is during startup it stays about 10 secs on "welcome" and after that you can open applications and games without waiting for programs to start up.

really appreciate the help guys,thanks to all for the insights and knowledge regarding this issue

It looks like "DAEMON Tools Pro" is some kind of disk image editor. Did you install that?
post #18 of 26
false
Quote:
Originally Posted by The Hundred Gunner View Post

It looks like "DAEMON Tools Pro" is some kind of disk image editor. Did you install that?
\

You are correct. Its an ISO mounting and burning utility.

Ive seen it bring some friends named Conduit Search Protect and MindSpark Interactive onto systems on occasion.

And they lead to more.
Micro Mule
(11 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k MSI Z170I Gaming Pro AC Gigabyte GTX 1070 G1 Gaming 16GB GSkill Ripjaws V DDR4 3200 
Hard DriveCoolingMonitorPower
250GB Crucial MX200, 960GB Adata , 1TB WD Black Noctua NH-L12 LG 27UD68 4k Seasonic M12II 620W 
CaseMouseAudio
Corsair Obsidian 250D Logitech Performance Mouse MX Topping TP-30 Mk2, 2x Polk M10, Sony MDR-7506 
  hide details  
Reply
Micro Mule
(11 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k MSI Z170I Gaming Pro AC Gigabyte GTX 1070 G1 Gaming 16GB GSkill Ripjaws V DDR4 3200 
Hard DriveCoolingMonitorPower
250GB Crucial MX200, 960GB Adata , 1TB WD Black Noctua NH-L12 LG 27UD68 4k Seasonic M12II 620W 
CaseMouseAudio
Corsair Obsidian 250D Logitech Performance Mouse MX Topping TP-30 Mk2, 2x Polk M10, Sony MDR-7506 
  hide details  
Reply
post #19 of 26
Take a look at the computer with Fabar Service Scanner: http://www.bleepingcomputer.com/download/farbar-service-scanner/ , also use open a command prompt as administrator and type in sfc /scannow and press enter, this will check for corrupted windows files and fix them. It would be a good idea to take a look with AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/ .
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
post #20 of 26
Quote:
Originally Posted by PhilWrir View Post

false
\

You are correct. Its an ISO mounting and burning utility.

Ive seen it bring some friends named Conduit Search Protect and MindSpark Interactive onto systems on occasion.

And they lead to more.

Did he install it, though? And do you mean it installs that other software without user consent? What you're saying sounds very generic; we're trying to figure out whether it's malicious or "potentially unwanted software" lol
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Help with virus named ztorsftdgh.vbs and remove others