nulware.exe

[JoeM076]

My anti-virus program, AVG, recently detected a virus after I accidentally downloaded one of those smiley programs, long story...and now I cannot figure out how to get rid of it. The name of the file is nulware.exe and it is in the folder system32. I looked at almost every file in the folder, and I STILL cannot find the virus. I deleted all of the associated files that came along with the program in the registry and in the rest of my computer. Even after doing all of this, the virus is still present. Is it "hiding", so I cannot see the actual file?! If anyone knows any method or program that can get rid of the adware/virus, that would be great!

-By the way, the name of the company is FunWebProducts.

By the way, I am currently working on the process to find the infected files using howard_hopkinso's step-by-step process, so I will have the logs up later today to make the detection easier.

Ok so here are my HiJackThis, ComboFix, and AVG Anti-Spyware logs attached to this post. I hope someone can help get rid of this "FunWebProducts"/"MyWebSearch"/nulware virus.

Sorry about all of these posts, I just want to keep the people who are reading this thread up-to-date with my problem.

- The good news is that AVG Virus Protection is not finding the nulware.exe file anymore. The bad news is that AVG Anti-Spyware is still finding infected cookies on my computer.

 

[Rik]

I cant see any problems in your HJT log, is your system running fine or does it have problems still?



This thread is for the use of JoeM076 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

nulware.exe
_MSRSTRT.EXE

Close task manager.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

These are the filepaths you need to enter into Killbox.

C:\Windows\_MSRSTRT.EXE
C:\Windows\System32\nulware.exe

Once your system has rebooted, rehide your protected OS files.

Post a fresh Combofix log and let us know if you`re still having any problems.

Regards Howard

This thread is for the use of JoeM076 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[JoeM076]

It seems that nulware.exe is gone, and no other spyware or viruses are detected in my computer. Thanks for all of the help!

- I don't know if this is an issue or not, but everytime I run Combofix I get a message saying that Reg.exe has stopped working. Combofix will not continue unless I click on close.

- In this post I attached a fresh Combofix log, and here the link to a screenshot of the Reg.exe and Combofix problem:

- http://i171.photobucket.com/albums/u318/PCRYJ/Combofix.jpg

 

[howard_hopkinso]

I`m not sure what caused the Combofix error, but it seems to be fine now.

Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.

Then, navigate to the following reg key and right click on it. Choose delete.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nulware]
C:\Windows\System32\nulware.exe

Close regedit and reboot your computer.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of JoeM076 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.