|
| |||||||||
| Tags: |
Sponsored Links
Backdoor:WinNT/Rustock.AN keep moving?
Windows Security
 |
| | Thread Tools | Search this Thread |
|
| |||||||||
| Tags: |
|
| | Thread Tools | Search this Thread |
|
#1
04-08-2009
| |||
| |||
| Backdoor:WinNT/Rustock.AN keep moving?
Is there a way to completely remove Backdoor:WinNT/Rustock.AN? I used Windows Defender and everytime it says to reboot to complete removal and after reboot it will show a success but a scan later will reveal that Backdoor:WinNT/Rustock.AN is still there. Thanks.  |
|
#3
04-08-2009
| |||
| |||
| Re: Backdoor:WinNT/Rustock.AN keep moving?
Use my Remove-it software. Choose yes for all options when prompted. Download it here http://www.ms-mvp.org/ -- The Real Truth http://pcbutts1-therealtruth.blogspot.com/ *WARNING* Do NOT follow any advice given by the people listed below. They do NOT have the expertise or knowledge to fix your issue. Do not waste your time. David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos. "cacheboy75" <cacheboy75@discussions.microsoft.com> wrote in message news:F7C8142B-0CB7-439A-B59F-C78C400956D3@microsoft.com... > Is there a way to completely remove Backdoor:WinNT/Rustock.AN? > > I used Windows Defender and everytime it says to reboot to complete > removal > and after reboot it will show a success but a scan later will reveal that > Backdoor:WinNT/Rustock.AN is still there. > > Thanks. |
|
#4
04-08-2009
| |||
| |||
| Re: Backdoor:WinNT/Rustock.AN keep moving?
The Liar & Thief non-mvp wrote: > Use my Remove-it software. We don't think so. Pete -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] |
|
#5
04-08-2009
| |||
| |||
| Re: Backdoor:WinNT/Rustock.AN keep moving?
In article <oMmdnXEZ3Om7GerXnZ2dnUVZ_vSdnZ2d@giganews.com>, trt@void.com says... > Use my Remove-it software. Choose yes for all options when prompted. > Download it here > Why would anyone trust anything from your website? You've exposed yourself as the PIRATE/THIEF we all have said you are. The file you claim to have known about, claim to have submitted to anti- virus sites, the file named "obatssrsghde.exe" was a marker inserted into Stuarts batch file you stole from him, it was is a KEY that proves you're a thief: For those that don't know, Stuart inserted the obatssrsghde.exe marker into his batch file to prove, to the community, that PCBUTTS1 / The Real Truth MVP is actually a lying thief, and PCBUTTS admitted in his own post that he created the marker and claimed to know what it was - even claimed to have submitted the malware to anti-virus vendors, but the joke was on him, Stuart told everyone in the community about it BEFORE it appeared in PCBUTTS1 download.... There is no actual file named obatssrsghde.exe in the malware community, it was a ruse. The key is in the spelling: obatssrsghde.exe pcbuttsthief If you change (add) 1 character to each letter you will see that "obatssrsghde" is actually the marker "pcbuttsthief" - proving that PCBUTTS1 is a thief. Are there other markers - YES, does PCBUTTS1 know about them - know, they've been there for a long time, but this is the most obvious one. Face it Chris/PCBUTTS1/TRT, you've exposed yourself in public. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free@rrohio.com (remove 999 for proper email address) |
|
#6
04-08-2009
| |||
| |||
| Re: Backdoor:WinNT/Rustock.AN keep moving?
Nasty is the word. Even AVG can't do much. Gosh I hate rookit. What is assisted removal? "David H. Lipman" wrote: > From: "cacheboy75" <cacheboy75@discussions.microsoft.com> > > | Is there a way to completely remove Backdoor:WinNT/Rustock.AN? > > | I used Windows Defender and everytime it says to reboot to complete removal > | and after reboot it will show a success but a scan later will reveal that > | Backdoor:WinNT/Rustock.AN is still there. > > | Thanks. > > Rustock is a NASTY RootKit. > > I strongly suggest assisted removal. > > > > Download and execute HiJack This! (HJT) > http://www.trendsecure.com/portal/en...HJTInstall.exe > > Then post the contents of the HJT log in your post with a full explanation of your problem > and what you have done to date in one of the below expert forums... > > { Please - Do NOT post the HJT Log here ! } > > Forums where you can get expert advice for HiJack This! (HJT) Logs. > > NOTE: Registration is REQUIRED in any of the below before posting a log > > Suggested primary: > http://www.thespykiller.co.uk/index.php?board=3.0 > > Suggested secondary: > http://www.bleepingcomputer.com/forums/forum22.html > http://www.malwarebytes.org/forums/i...hp?showforum=7 > > Suggested tertiary: > http://www.dslreports.com/forum/cleanup > http://www.cybertechhelp.com/forums/...splay.php?f=25 > http://www.atribune.org/forums/index.php?showforum=9 > http://www.geekstogo.com/forum/Malwa..._Here-f37.html > http://gladiator-antivirus.com/forum...?showforum=170 > http://forum.networktechs.com/forumdisplay.php?f=130 > http://forums.maddoktor2.com/index.php?showforum=17 > http://www.spywarewarrior.com/viewforum.php?f=5 > http://forums.spywareinfo.com/index.php?showforum=18 > http://forums.techguy.org/f54-s.html > http://forums.tomcoyote.org/index.php?showforum=27 > http://forums.subratam.org/index.php?showforum=7 > http://www.5starsupport.com/ipboard/...p?showforum=18 > http://aumha.net/viewforum.php?f=30 > http://makephpbb.com/phpbb/viewforum.php?f=2 > http://forums.techguy.org/54-security/ > http://forums.security-central.us/forumdisplay.php?f=13 > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > > |
|
#7
04-08-2009
| |||
| |||
| Re: Backdoor:WinNT/Rustock.AN keep moving?
From: "cacheboy75" <cacheboy75@discussions.microsoft.com> | Nasty is the word. Even AVG can't do much. Gosh I hate rookit. | What is assisted removal? Asssisted removal is going to one of the Expert Forums I suggested (and posted again) where there are people willing and able to assist you one-on-one in removing the Rustock. Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en...HJTInstall.exe Then post the contents of the HJT log in your post with a full explanation of your problem and what you have done to date in one of the below expert forums... { Please - Do NOT post the HJT Log here ! } Forums where you can get expert advice for HiJack This! (HJT) Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://www.malwarebytes.org/forums/i...hp?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.geekstogo.com/forum/Malwa..._Here-f37.html -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
|
#8
05-08-2009
| |||
| |||
| Re: Backdoor:WinNT/Rustock.AN keep moving?
Cannot access thespykiller.co.uk site. It took quite long and gets timeout. Is this site blocked? "David H. Lipman" wrote: > From: "cacheboy75" <cacheboy75@discussions.microsoft.com> > > | Nasty is the word. Even AVG can't do much. Gosh I hate rookit. > > | What is assisted removal? > > Asssisted removal is going to one of the Expert Forums I suggested (and posted again) > where there are people willing and able to assist you one-on-one in removing the Rustock. > > Download and execute HiJack This! (HJT) > http://www.trendsecure.com/portal/en...HJTInstall.exe > > Then post the contents of the HJT log in your post with a full explanation of your problem > and what you have done to date in one of the below expert forums... > > { Please - Do NOT post the HJT Log here ! } > > Forums where you can get expert advice for HiJack This! (HJT) Logs. > > NOTE: Registration is REQUIRED in any of the below before posting a log > > Suggested primary: > http://www.thespykiller.co.uk/index.php?board=3.0 > > Suggested secondary: > http://www.bleepingcomputer.com/forums/forum22.html > http://www.malwarebytes.org/forums/i...hp?showforum=7 > > Suggested tertiary: > http://www.dslreports.com/forum/cleanup > http://www.geekstogo.com/forum/Malwa..._Here-f37.html > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > > |
|
#9
05-08-2009
| |||
| |||
| Re: Backdoor:WinNT/Rustock.AN keep moving?
From: "cacheboy75" <cacheboy75@discussions.microsoft.com> | Cannot access thespykiller.co.uk site. | It took quite long and gets timeout. Is this site blocked? The site and corresponding sister sites are having problems. Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://www.malwarebytes.org/forums/i...hp?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.geekstogo.com/forum/Malwa..._Here-f37.html -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
|
|
| Thread Tools | Search this Thread |
| |
Similar Threads for: "Backdoor:WinNT/Rustock.AN keep moving?" | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Autopartition help with winnt.sif | LoknathT | Operating Systems | 5 | 04-11-2010 01:05 AM |
| Windows 7 - WINNT.SIF?! | Gew | Operating Systems | 1 | 01-05-2010 06:43 PM |
| About winnt.sif file | Mhonty | Windows Software | 3 | 13-08-2009 09:14 PM |
| Rootkit.agent/Gen-Rustock | Ground 0 | Networking & Security | 2 | 13-06-2009 03:45 PM |
| WINNT.EXE vs WINNT32.EXE | Antrix | Operating Systems | 3 | 17-04-2009 04:25 PM |
