Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Help Removing Trojan Downloader Win32 Unruy

This is a discussion on Help Removing Trojan Downloader Win32 Unruy within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I hope I posted this information correctly. I need help removing the downloader trojan Win32 Unruy. My system is running


 
 
Thread Tools Search this Thread
Old 02-07-2011, 08:47 AM   #1
Registered Member
 
Join Date: Feb 2011
Posts: 3
OS: Visa Home



I hope I posted this information correctly. I need help removing the downloader trojan Win32 Unruy. My system is running Vista Home Edition. I've tried removing it with Malware bytes and the most up to date Mcafee. I'm attaching the logs from DDS. I'm hoping someone can please help me.
Attached Files
File Type: zip ark.zip (5.5 KB, 19 views)
File Type: zip attach.zip (1.8 KB, 13 views)
sgarbelman is offline  
Sponsored Links
Advertisement
 
Old 02-07-2011, 11:22 AM   #2
Security Team
Analyst
 
RPMcMurphy's Avatar
 
Join Date: Dec 2009
Location: Michigan
Posts: 2,045
OS: Windows Vista / Win 7



Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • GMER log
__________________


ASAP & UNITE Member
RPMcMurphy is offline  
Old 02-07-2011, 02:46 PM   #3
Registered Member
 
Join Date: Feb 2011
Posts: 3
OS: Visa Home



Thank you for helping me. The Gmer file was too large, 3.72 mgs, so I had to zip it. Please let me know what else I need to do. Thanks so much!!
Attached Files
File Type: zip gmer.zip (73.7 KB, 14 views)
sgarbelman is offline  
Sponsored Links
Advertisement
 
Old 02-07-2011, 05:53 PM   #4
Security Team
Analyst
 
RPMcMurphy's Avatar
 
Join Date: Dec 2009
Location: Michigan
Posts: 2,045
OS: Windows Vista / Win 7



sgarbelman:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log
__________________


ASAP & UNITE Member
RPMcMurphy is offline  
Old 02-07-2011, 09:52 PM   #5
Registered Member
 
Join Date: Feb 2011
Posts: 3
OS: Visa Home



I have disabled all of my security programs and I still cannot get Combo fix to run. I need some advice please.
sgarbelman is offline  
Old 02-08-2011, 12:19 PM   #6
Security Team
Analyst
 
RPMcMurphy's Avatar
 
Join Date: Dec 2009
Location: Michigan
Posts: 2,045
OS: Windows Vista / Win 7



Hi,

Please boot into the Safe Mode and try again.
__________________


ASAP & UNITE Member
RPMcMurphy is offline  
Old 02-13-2011, 08:30 PM   #7
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google Redirecting Virus (reposting after 2 weeks)
So when i ever i click on a link from a google search i am redirected to a new website. I haven't recently downloaded anything that i think maybe the cause. My computer is just an old hp running xp with 768mb ram. The problem happens in all browsers but the ones i use most are Firefox and...
blackbrawler Inactive Malware Help Topics 23 03-20-2011 07:12 PM
BSOD after removing virus
Hi About a month ago my PC was infected with a fake Microsoft Defragger virus which I then removed with Maladwarebytes (in safe mode). Everything seemed fine except certain window frames such the task manager had the same frame as what they had in safe mode. Then just a few days ago I left...
catdog7 Resolved HJT Threads 33 01-30-2011 07:01 AM
Trojan Horse Backdoor.Generic12.CJBK Help
Hello, I am running Windows XP Service Pack 3 and recently my AVG Virus Scan 9.0 found the following Trojan Horse which it cannot seem to get rid off: Trojan Horse Backdoor.Generic12.CJBK Please help me in eliminating this trojan. I followed the "First Steps" as requested and will post...
alegotgame Resolved HJT Threads 21 01-26-2011 11:51 PM
Citza, HKI####, wbx5thd2 Rootkit
Here, this ought to bake your cookies for Christmas. My other machine, whenever it is attached to the network, starts to send out mass email messages. I was not able to work on the problem for over a month due to being out of town when the problem started when my sister (a mac fanatic) used the...
EdSpencer Resolved HJT Threads 13 01-20-2011 01:50 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts