win32/rustock trojan thread

Hello.
ESET SMART SECURITY ALERT CAN NOT CLEAN THE WIN32/RUSTOCK TROJAN FROM THE OPERATING MEMORY.
HOW CAN I REMOVE IT FROM MY COMPUTER.
THANK'S.
Tedi.

 

serious; causing your keyboard to lock in all caps. see
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

Unbelievable, unless this a brand new variant ? the Rustock series should be no problem now for any AV etc.

If it's only in the OPERATING MEMORY that's the problem, as you don't mention anything else, then rebooting should clear it. Try it and see if ESET now gets a first chance of catching it whilst booting. If not MBAM is a good suggestion to try http://www.malwarebytes.org/mbam.php

Do you know how/where you got infected ?

 

Run Dr Web CureIt in safe mode.

Thanks.

 

Info on the rootkit here Try Microsoft's Malicious Software Removal Tool

 

It's probably a new variant and I doubt the Malicious Software Removal Tool will remove it!

The best thing would be to send the ESET SysInspector log to samples@eset.com! Or read the post a seek some professional help as Cudni suggested!

HTH,

TH

 

Thank you for a quick reply.
The message appeared last night.I don't know how/where i got it
I run spyware doctor who found other threads but not this one
Also some other antivirus programs did not found this thread
Rebooting not helping.
Eset alert appeares again only in operating memory.
may be it's a fake alert?

 

ESET SysRescue DVD/CD/ISO/USB scan PC delete rustock

 

Just seen this same infection on another machine.

Startup scanner detects Win32/Rustock in operating memory on each boot.

MalwareBytes does not remove infection.

 

I managed to remove the trojan with Eset Sys-Rescue cd .
Thank's you all for helping me with your advices.
Special thank's to ESS3

 

GMER was capable of removing this threat.
Simply desabling then deleting the service that was picked up was enough to remove.