Troj/Rustok-N

webmaster December 4, 2008

Troj/Rustok-N is an encrypted trojan to conceal itself from antivirus and other security programs installed on computer. It can modify Windows registry entries to run itself when Windows starts. In some cases,  Troj/Rustok-N was displayed as a threat found of some fake security center website to mislead computer users.

Updated: July 01, 2009

This trojan can be displayed as a detected threat to mislead computer users. The popup message tells:

Your computer (IP: ****.*****.**) generates an attacking DOS requests at our servers caused by the spyware/virus named ‘Troj/Rustok-N’
We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.
We strongly recommend you to run your antivirus edition and, if necessary, check it for the latest updates available.
You may also download recommended software, which has been approved by a number of our surfers who encountered the same problem and used this software to overcome it.

Aliases:
Trojan-Clicker.Win32.Costrat.ae
Win32/Rustock.NBF

Risk Level: Low

File Size: Varies

Affected System: Windows

Signs and Symptoms of Troj/Rustok-N Infection:

Troj/Rustok-N will disable your antivirus program
Once a Trojan infects a computer, it has a tendency to lower security settings and disable firewall and antivirus program. Troj/Rustok-N carry out this task to ensure that antivirus software will not respond on the attack.

Blocks Internet access to security web site
Troj/Rustok-N attacks the center of the security system. Aside from disabling antivirus software, this Trojan also blocks your access to security web site to prevent downloading of any removal tools.

Presence of Troj/Rustok-N reduces PC's performance
Trojans are known to reside in the memory, thus, it can consume resources that can cause computer to slow down. There are cases that infected computer crashes due to insufficient resources.

Other Functions of Troj/Rustok-N:

  • Troj/Rustok-N can communicate to a remote server to download more threats
  • It can infect executable files on the local and network drives
  • This hazardous Trojan can connects to a distant server to update its configuration
  • Some variants of Troj/Rustok-N can destroy system files making the computer unstable
  • This Trojan can allow a backdoor entry for an attacker to control the infected PC

How to Remove Troj/Rustok-N

Step 1 - Run a thorough scan using your antivirus program

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of Troj/Rustok-N

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.

SafeMode

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete please proceed with the next step.

Step 2 - Double-check with Online Virus Scanner

Another way to remove Troj/Rustok-N without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.

5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.

Online Scan

6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.

Step 3 - Automatic Removal of Troj/Rustok-N files and registry entries

In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

8 Comments

  1. ac

    so how do you get rid of it?

  2. Josh

    hey so you never said how to get rid of it

  3. Amir

    how do you remove it?
    AVG didnt work
    Spyware Doctor 6 didnt work

    i need serious help
    please
    thanx

  4. Greg

    Actualy the fix doesn’t work, Rustok blocks the definition file from being installed so we are left with no better solution at this time

  6. Sara

    Firstly anything that says or has anything to do with winiguard you have to delete/uninstall.

    These two EXE files are linked to the infection:

    WINDOWSsystem32baloon.exe
    WINDOWSsystem32cfrog.exe

    Delete any you find!

    Malwarebytes and Superantispyware in combination of Spybot S&D, these three programs made it go away.

  7. AJ

    Regards to WINIGUARD there are registry entries you must delete along with:
    WINDOWSsystem32baloon.exe
    WINDOWSsystem32cfrog.exe
    Download The demo Spynomore and run it.
    it will not fix the problem however it will let you know exactly where and what is wrong which will allow you to go in manually and remove them VIA regedit.
    I just got done doing it to mine.
    remember this is just to get rid of the stupid winiguard that sqweals at you and the loud low memory warning.

  8. hola

    This site is fake and was maked by the virus creators… LOL

Comments are closed.