unruy.d trojan --- I am tired of this stuff!!!

[97tbird]

MS SE finds it, but cannot clean it, asks me to restart, but as soon as I restart, the alert is there again!!!
scanned with Malware Bytes in safe mode, it finds it, asks to restart to remove, and as soon as restarts, it's there ...again.
When i tell MS SE to remove it, it tries but says it encountered an error and the action can't be completed...then gives me the msg to restart.

seems to be a pretty hard one to get rid of...

does anyone have any experience dealing with this trojan?

Ran MS SE in safe mode too. same results as above. at some point in the past, I must have turned system restore off, and i don't have any restore points.

XP Pro. SP3
I don't know if superantispyware would help, if MWB and MS SE can't get rid of it.

was just browsing on regular/usual sites when the 1st alert from MS SE popped up.

 

[Jim 5]

Have you tried Killbox for getting rid of files like this?

I think I had this last night, but it was picked up by Trend Micro PC Cillin.

Now I'll have to update and scan again to see.

 

[StevieC]

Go to eset.com and perform the online scanner... It will download a plug-in and should take care of it... Make sure to choose customer and ask it to do the more in-depth scan or scan inside files or something like that. It should take care of it no problem.

Another thing you could do is reboot in safe-mode and do your scan/clean like that... Sometimes that works.

Failing that you might have to take your drive out and attach it to another computer as a secondary drive and scan/clean it that way.

It's not fun!

 

[97tbird]

scanning with eset online scanner - didn't see any options to choose "customer" though...

it's still downloading the signature database...

thanks...

 

[StevieC]

Maybe they changed it... Can't remember... That's a really good scanner/cleaner that is FREE.

Good luck! I will keep monitoring this thread.

 

[dkryan]

Don't hang your hat on ESET, tbird. I was using their ESET Smart Security 4 when I was infected with a trojan over the July 4th holiday.

Malwarebytes run in safe mode (XP-Media Edition SP3) picked up on 17 infected files that ESET never found after three "deep" scans.

Then MBAM proceeded to clean all of my files and restored the laptop back to "normal" mode.

 

[StevieC]

Wow, that is interesting... I should scan my computers then because they are all protected with E-Set.

Thanks for posting that, I switched to E-SET because AVG became such a pig on resources and I had switched to AVG because Norton was a pig on resources and couldn't find a virus if you showed it where it was in most cases I found.

What do you recommend for AV? Bit-Defender?

 

[97tbird]

dang - ESET hasn't found a thing after 45% scan complete...
MWB couldn't remove it in safe mode ! well it said it needs to restart to do it, but as soon windows starts, it's there again...

1st time MWB failed

is this the end of my laptop?

 

[StevieC]

No no, not the end of your laptop... A hard virus to get rid of, a reinstall of windows maybe... Don't worry you are ok still!

*BREATHE*

 

[97tbird]

hmmm... I can't find my install discs since we moved

...

How dangerous is it to "live with" this trojan..?

from MS website:
Summary
TrojanDownloader:Win32/Unruy.D is a trojan that is capable of connecting to certain remote servers to download and execute arbitrary files. It can also delete files, schedule tasks, and perform other actions. Depending on the computer's Internet Explorer settings, TrojanDownloader:Win32/Unruy.D may also disable third-party browser extensions and BHOs from running.

I am gonna download try Avira in safe mode and see if it can get rid of it.

 

[Jim 5]

You could try Trend Micro "house call". It's a free online scanner that has all the same patterns as PC Cillin

 

[StevieC]

Very dangerous because you have a security hole that could be stealing your information or inviting it's friends into your system. It could also make your system unstable.

Not good to leave it there...

You can order recovery discs from the manufacturer of your computer for a small fee. Or your computer might let you make a set using a utility installed on the hard drive. This will not be affected by the virus in 99% of the cases so you should be safe doing this.

 

[97tbird]

Thanks - will try House Call...

scanning now...

 

[SrDriver]

Don't know if you have a need for Windows for some reason?

You may want to download the DVD version of Linux Mint and give it a shot? The DVD version has all the codex and plug-ins already installed.

I enjoy using my computer without worrying about all that stuff.

 

[simple_gifts]

Originally Posted By: SrDriver
Don't know if you have a need for Windows for some reason?

You may want to download the DVD version of Linux Mint and give it a shot? The DVD version has all the codex and plug-ins already installed.

I enjoy using my computer without worrying about all that stuff.



+1. Dunt cost nutin to try.

 

[TXMXTruck]

This info may help. I got called in yesterday to repair a client's computer that was severely infected. I may be lucky, but this is the first time I saw MS SE completely disabled and MalwareBytes was disabled and would not run or update soonest it was installed. The Internet connection had been hijacked to use a proxy server. Any solution I tried to download would not run. I only got MalwareBytes installed by using a USB drive.

I finally got Hitman Pro to run and it found traces of a TDL3 root kit. The clean and reboot helped very slightly, but then I had major page redirects. Finally I got the SuperAntiSpyware online scanner to run. SAS found some things and did a clean up. Eset online scanner would not load. The machine still was having major problems.

The bottom line is after around five hours of playing with this bad boy (I admit I was fastinated so I kept at it) I downloaded and ran ComboFix. It ran through 50 passes (or whatever), did a repair and reboot, and in the end the system was clean. I couldn't believe it, but a full scan overnight with MalwareBytes also came up clean.

Panda Cloud did install and had running processes shown in task manager for hours, but I never could run it until after ComboFix was done. I left Panda and added Comodo for the firewall and D+ to keep an eye on things for a few days. Long story short, try ComboFix. It runs in DOS mode and it can take a long time, so read the brief instructions first.

 

[Mystic]

I used to really like Eset NOD32 also. But two Trojan Horse programs were able to get past it and were stopped by Spyware Doctor. Malwarebytes really is a useful program.

 

[97tbird]

3 scans overnight in safe mode still didn't get rid of it.
Going to try combo fix now.

They have a lot of instructions on not running combofoix without a helper asking you to run it, etc on their site...

so who's gonna help me? is there a 2nd step to combo fix? they ask you to post the log file, etc...

 

[dkryan]

tbird,

Combofix, as recommended to me by another BITOGer, was my next step if starting in safe mode and running Malwarebytes from a USB drive did not solve the problem.

I, too, had the same questions as you regarding Combofix, but I wasn't about to wait on a "helper."

 

[dkryan]

Originally Posted By: StevieC
Wow, that is interesting... I should scan my computers then because they are all protected with E-Set.

Thanks for posting that, I switched to E-SET because AVG became such a pig on resources and I had switched to AVG because Norton was a pig on resources and couldn't find a virus if you showed it where it was in most cases I found.

What do you recommend for AV? Bit-Defender?


I copied and pasted the quarantined files from MBAM into an e-mail to ESET. Their response is in another thread in this forum under "Help!................" that I started.

Basically, ESET said, "stuff happens. Even with ESET."

I'm using Norton I/S 2010 on my other laptop with MBAM as a backup scan once per week.

I've had two more trojan incidents with this laptop (and ESET 4 Smart Security) since my initial infection and cleaning. Both times the infected files were located by MBAM, not ESET.