1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active cannot remove trojan files nkbd1v.exe & auq9bor.bat using avast

Discussion in 'Malware and Virus Removal Archive' started by hd_pulse, 2009/09/07.

  1. 2009/09/07
    hd_pulse

    hd_pulse Inactive Thread Starter

    Joined:
    2009/08/14
    Messages:
    58
    Likes Received:
    0
    [Active] cannot remove trojan files nkbd1v.exe & auq9bor.bat using avast

    Hi!!!!
    while scannig the PD my avast anitivirus prompts me of the 2 trojan files namely:
    nkbd1v.exe & auq9bor.bat
    and when I select 'move to chest' action a dialog box appears and says.
    The process cannot access the file because it is being used by another person
    ---------------------------------------------------------------------------
    Cannot proces J:\ auq9bor.bat file so I 've to continue scanning ignoring auq9bor.bat and
    and the same thing happens for nkbd1v.exe file (2nd trojan horse detected by Avast)

    Plz help!!

    Also when I scan the pd with spybot S&D nothing is detected but I receive such msg from the dialog box...

    ---------------------------
    SDFiles.exe - Application Error
    ---------------------------
    The instruction at "0x05db40c2" referenced memory at "0x0605e198 ". The memory could not be "read ".


    Click on OK to terminate the program
    ---------------------------
    OK
    ---------------------------
    and when I press OK it says...

    ---------------------------
    Error
    ---------------------------
    Runtime error 216 at 05DB40C2
    ---------------------------
    OK
    ---------------------------

    What are these errors??
    Why am I receving this??
    I want to remove above files but cannot .
    How to remove these files?????????????
    these files very dangerous??
    plz plz help

    thanks
     
    hd_pulse,
    #1
  2. 2009/09/07
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/09/07
    hd_pulse

    hd_pulse Inactive Thread Starter

    Joined:
    2009/08/14
    Messages:
    58
    Likes Received:
    0
    after double clicking the dds icon these 2 files: 1. DDS.txt
    2. Attach.txt
    don't open.Where are these files saved then???I'cant find them???


    thanks
     
    hd_pulse,
    #3
  5. 2009/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What is PD anyway??

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2009/09/07
    hd_pulse

    hd_pulse Inactive Thread Starter

    Joined:
    2009/08/14
    Messages:
    58
    Likes Received:
    0

    pd is pendrive
    after downloading combofix.exe file and runnig it no such C:\ComboFix.txt and new HijackThis log opens and no such file is found in C: even.
    But a new folder is created in C: after running combofix.exe with the name
    32788R22FWJFW and it contains many files and it contains many files of different types like application file,BAD file ,C file,CFXXE file,ms dos application,SED file ,VBscript file (all together 136 files)and many more.
    It also contain combofix file but of type CFXXE .
    Is my computer at risk????
    Before this i was asked by Petec to download DDS file and post the log of the files.In that case also no files appeared.

    In addition to this my computer now does not even recognize any external device.Neither My printer is recognized nor the same pendrive from where i had received "cannot remove trojan files nkbd1v.exe & auq9bor.bat using avast" errors.

    Plz help !!!

    regards
     
    hd_pulse,
    #5
  7. 2009/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    On drive C, can you see Combofix, or Qoobox folders?
    How far did Combofix run? Did it finish?
     
    broni,
    #6
  8. 2009/09/08
    hd_pulse

    hd_pulse Inactive Thread Starter

    Joined:
    2009/08/14
    Messages:
    58
    Likes Received:
    0
    yes C: contain qoobox and it contains ComboFix-quarantined-files text file and the data in it is....
    2009-08-02 18:55:56 . 2009-08-02 18:55:56 8,688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2009-08-02 18:33:22 . 2009-08-02 18:42:49 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2009-07-24 17:24:56 . 2009-07-24 17:24:56 1,684,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\30af1.msi.vir

    combofix run for 5-6 sec not more than that.
     
    hd_pulse,
    #7
  9. 2009/09/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Use system restore to before Combofix run and report back on computer behavior.
     
    broni,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...