I’m using the free version of avast and it’s currently up-to-date.
This virue/malware/trojon/POS, has infected me. I cannot download anything, I can’t browse to any websites, nothing. The most I can do is run avast, which is currently not finding anything…
I am working off another un-affected machine. I need help fast. ARGH!
Is this program morphing in the wild? Shouldn’t Avast be able to detect it and stop the install?
What about the behavior shield - isn’t this the kind of thing it’s supposed to prevent?
Not even automatic sandbox would catch it?
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log ) save OTS log as ANSI
I like Malwarebytes’ and it has helped me save a few computers but I have had problems with it too. I re-installed vista on my friends machine, and I downloaded Malwarebytes’ and it just didn’t work. I tried re-downloading and re-installing and still, nothing. His machine had to be clean I have sanitized, flattened and reformatted on alot of PC’s before. Sometimes it wouldn’t launch and sometimes it displayed a message saying that the installer was corrupt. It eventually worked but that was about two or three weeks later. Weird.
[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 2 and validate
[]The RKreport.txt shall be generated next to the executable.
[]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
THEN
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
thanks to all on this thread.
I got this virus on my computer yesterday and now believe I am rid of it.
I could see from the task manager that nty.exe was an alien process, when I deleted it I could pretty much run no programs even with a reboot. Getting the ‘is not a valid win 32 application’ error
I downloaded the files on a clean computer and transferred them by usb stick ( as I pulled the internet conection out as soon as I saw the fake XP antivirus 2011 screen).
I put the nty.exe back, so that I could actually do something.
Fixncr.reg sorted out the registry and allowed programs to start again. I did have to do it twice as the fake virus scanner activates when the regedit tried running. I left the fake virus scanner there whilst running fixncr the second time.
Side note: it felt like the program was adapting to me.
Before finding this site etc, I ran regedit manually once but then it would not let me again. it was the same with msconfig.
RKill( eXplorer.exe) found and killed off the process nty.exe running but the file was still in the
Documents and settings[youruser]\Local settings\ApplicationData directory
with hidden properties
Malwarebytes on a quick scan found 3 registry entries to delete, related to microsoft security centre notificaions being disabled, but not nty.exe, so I copied and deleted it.
After that I connected the internet and allowed Malwarebytes to update and then ran a full scan and it found the copy of nty.exe to remove.
There is another file in the same directory that may be related which is also hidden and named with a long string of characters.
I hope the above helps someone else if they get struck by this virus. Good Luck.