I could use a little bit of help. I know that I am infected with Win32:Neptunia-KH. I read the sticky about cleaning vs. reformatting and decided to reformat. Because I use my computer for online transactions I did a destructive system recovery (some program that my compaq came with) which basically restores the computer to the factory settings. My problem is that I think this trojan has infected my recovery partition because I still have the trojan after the destructive system recovery. I do not have much knowledge of computers and I am wondering if this is something I can fix myself. I know that I am not following the directions but I am literally pulling my hair out at this point and I was just wondering if this is something that would be relatively easy to fix or if I need to take it to a repair shop. Any help would be appreciated. Rick
Need help with trojan
- Thread starter rgw2354
- Start date
- Status
N3051M
Posts: 2,094 +3
if it has infected the recovery partition on your hdd, then you have a few options.. you can either do a full format and then reinstall windows on it with a proper windows cd, or attempt to clean the trojan up yourself and see how you go..
with the reformat, you basicaly wipe the hdd clean (usually including the recovery partition) using one of many utilities or the windows cd itself, then proceed to install windows over it. However, it may be difficult for you if you don't have a copy of windows and especially since that key is probably an OEM key, meaning only certain cds would work with it.. (sometimes true, but you can always try your luck). Extremely risky operation since you loose your safety net (recovery partition). Although do it if you have no regrets and can find your own workaround to this..
If you want to try and clean it up, read on: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
with the reformat, you basicaly wipe the hdd clean (usually including the recovery partition) using one of many utilities or the windows cd itself, then proceed to install windows over it. However, it may be difficult for you if you don't have a copy of windows and especially since that key is probably an OEM key, meaning only certain cds would work with it.. (sometimes true, but you can always try your luck). Extremely risky operation since you loose your safety net (recovery partition). Although do it if you have no regrets and can find your own workaround to this..
If you want to try and clean it up, read on: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Ok I have followed the 15 steps to the best of my abilities and my HJT log is attached. I have followed these steps twice because I don't think that I did it properly the first time. Panda did not report anything and avg and combofix both came back negative the second time around. Since avg and combofix came back negative so I am not posting the logs at this point. Thanks in advance to whoever is kind enough to review my HJT log, If you still require the combofix and avg logs let me know and I will post them asap.
Rick
Rick
Blind Dragon
Posts: 3,774 +4
Can you please post the combofix log as only somebody with experience reading combofix could tell if it was negative.
Also your Java Runtime needs updated
Update your Java Runtime Environment
Also your Java Runtime needs updated
Update your Java Runtime Environment
- This new release will overwrite previous installations and automatically update browsers to use this new release. The configuration files and program files folder used by Java Web Start have changed, but all your settings will remain intact after the upgrade, since Java Web Start will translate your settings to the new form.
Java SE Runtime Environment 6 Update 4 First Customer Ship
Simply enter your operating system and check agree to terms of service. Select ok
Then click directly on the file to download
This downloads the installer (hopefully to your desktop)
Locate and double click the installer jre-6u4-windows-i586-p-iftw.exe (or whichever installer you chose)
If someone would please review my HJT and combofix logs it would be appreciated. I ran a virus scan today with avast and nothing was detected but I need to use my computer for things that require it to be secure and I am still worried that it is not due to the fact that the virus was still present after a destructive system recovery.
Rick
Rick
Blind Dragon
Posts: 3,774 +4
Just to check
Show hidden files through windows explorer
Boot into Safe Mode
Go to Start, click Search, click All files and folders, and then click More advanced options. Click the check boxes to Search system folders and Search hidden files and folders.
In the search box for All or part of the file name please type csrsv.exe and csrsu.exe
If found let me know, if not everything else looks clean
Show hidden files through windows explorer
- Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
- On the Tools menu in Windows Explorer, click Folder Options.
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders and Turn Hide protected operating system files off.
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Go to Start, click Search, click All files and folders, and then click More advanced options. Click the check boxes to Search system folders and Search hidden files and folders.
In the search box for All or part of the file name please type csrsv.exe and csrsu.exe
If found let me know, if not everything else looks clean
- Status
Similar threads
