TechSpot

Virus problems.

By MISHA8725
Feb 4, 2007
  1. I have been a tech for a little while now and my friend gave me her computer o fix. The computer would be over taxed, freeze, and then blue screen. I had to use BartPE just to boot the computer up. Then I was able to get it into safe mode. Change the File Views so that it shows hidden and system files, all the sudden these .t files were everywhere. I ran a search on the computer itself for all files with .t it showed 30,000 found at that point it crashed again. Absolutely nothing is working. I am clueless as to how to get rid of this. Some of the .t files are named like this(but there are a million variants!) gmxjomak.t, vrstekbp.t, dgyrwhxx.t, pfukkxnw.t, and myvsnpkq.t I also noticed that have nordsys.exe in the processes. Can somebody please help?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I have moved your thread to the correct forum.

    Filename: NORDSYS.EXE
    Command: C:\Windows\System32\NORDSYS.EXE
    Description: Added by the WORM_NUWAR.PO worm.

    As you can see from the above, the system is infected.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log and an AVG Antispyware log.

    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Regards Howard :wave: :wave:

    This thread is for the use of MISHA8725 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. MISHA8725

    MISHA8725 TS Rookie Topic Starter Posts: 54

    is that really the best place to put this?

    Does that fix help the .t files also?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t say whether it`ll help with those files or not as yet. I`ll know more once I`ve seen the log files I requested. However, it does seem likely that those files are there as a result of malware. I`ve got a feeling that in addition to the worm, there`s a possibility of a rootkit infection as well. Obviously something`s causing those files to appear.

    Depending on what other nasties show up on the system, it may be better just to reformat and start again from scratch. Obviously it`s up to you as to whether you want to try and clean the system or not.

    Regards Howard :)

    This thread is for the use of MISHA8725 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. MISHA8725

    MISHA8725 TS Rookie Topic Starter Posts: 54

    I tried everything that I could think of. I have never had to wipe out a computer before. But this is one of the nastiest things I have ever come across. No matter what it replicates itself all over the whole computer. There is no fixing it what so ever. Time to admit my defeat. Thank you for the help.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok mate, no problem.

    For what it`s worth, I think you`ve probably made the correct decision.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of MISHA8725 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. MISHA8725

    MISHA8725 TS Rookie Topic Starter Posts: 54

    I had a friend come over last night. He had a pretty good idea. We slaved the hard drive and ran the virus scan on the drive. It cleaned it off completely. Tonight we are going to go through it piece by piece and make sure it is completely clean then take it from there.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...