I keep getting this notification of a Downloader.MisleadApp virus from Symantec and it's really starting to piss me off because everytime I open a new windows it keeps alerting me but it always says Clean failed: Quarantine failed: Access denied. I looked for the folder in which the virus was in but I'm not sure if I delete it, I will harm my computer in any way. The name of it is C:\\WINNT\system32\nusrmgr.exe. I don't know if this tells you guys much, but can anyone tell me if it's safe to delete?
-
Downloader
-
Look up the instructions in Symantec on how to remove it manually.
-
Try running a full scan of your antivirus software.If you have to delete this one manually it's going to be messy, because the virus makes a lot of changes that will need undoing. From http://www.prevx.com/filenames/X911599214876650789-X1/NUSRMGR.EXE.html :NUSRMGR.EXE has been seen to perform the following behavior(s):Adds a Registry Key (DXCOM) to auto start Programs on system start upThe Process is packed and/or encrypted using a software packing processThis Process Creates Other Processes On DiskModifies the Active Desktop BackgroundExecutes a ProcessRegisters a Dynamic Link Library FileModifies the Windows Host File which could be used to stop you visiting specific web sites by redirecting you to alternative addresses without you knowingCan communicate with other computer systems using HTTP protocolsDisables Access to the Task Manager built into WindowsModifies Windows Security Policies to restrict/expand User Privlidges on the machineCreation and Registration of a Browser Helper Object in Internet ExplorerMakes outbound connections to other computers using NETBIOSOUT protocolsDeletes a Scheduled Task NUSRMGR.EXE has been the subject of the following behavior(s):Added as a Registry Key (DXCOM) to auto start Programs on system start upCreated as a process on diskExecuted as a ProcessExecuted by Internet ExplorerWrites to another Process's Virtual Memory (Process Hijacking)Deleted as a process from diskThere are discussions about manually fixing it at http://forums.techguy.org/malware-removal-hijackthis-logs/632485-im-infected.html and http://forums.techguy.org/malware-remova...ispy-storm.html
-
I downloaded ComboFix from the website you provided, Pete, (the second in your post) and it was indeed very helpful! After shortly scanning and rebooting my computer, I opened my internet explorer and nothing popped up! Let's just hope it stays that way. Thanks, Pete! And sdp, I also looked up the instructions, so thank you as well! But I decided to try the ComboFix scan first. Thanks, you two! I can't tell you guys how many times you helped me