Alright. So I left avast doing a full system scan, and when I came back, I noticed it had detected 3 viruses which were all Trojans, ect. I let avast scan once more, this time, it took hours to get past my system 32.

I have Internet, and I can’t run my computer in safe mode. If I try, it boots normally. Im on windows 7.

Quite urgent.

edit: explorer.EXE. – server execution failed

Is the error I get when I try to edit my desktop. I’m in admin mode.

Follow this topic here>>http://forum.avast.com/index.php?topic=53253.0, when the scans complete, post the resulting logs back in this topic as attachments.

I can’t run anything. I’m responding from my phone.

I can open up .txt files, but not my avast log.

Ok, thats serious (sorry for not reading better before responding ;D :-[)

Looks like a rescue disc operation then, given you also cant get to safe mode.

But I’m hesitant to recommend one, out of caution against doing more damage than is already done. Wait for Essexboy (guy who wrote the guide I pointed you to) to come and point you in the right direction, he is the resident expert on all things infectious.

Hi there, I’m very much a newbie and in the same boat. avast found three virus and I followed the advice and moved it into a safe area (??? - can’t remember the terminology)and ran a boot scan. However, after the boot scan I can no longer access all exe files. I can access the internet only by going thru c: drive and program files. All my office files have the message ‘There was a problem sending the command to the program’, I have started the computer in safe mode but still nothing works, not even avast. I’ve also tried to uninstall avast using aswclear.exe in safe mode as I read somewhere I might have a conflict with my security but I that doesn’t work either. Any suggestions anyone? Regards Annette

@austea start your own topic where you attach these logs

follow essexboys guide here and attach the logs http://forum.avast.com/index.php?topic=53253.0

lower left corner > additional options > attach
if the logs are to big upload to http://www.mediafire.com/ and post the download link here

I managed to get into safe mode from my mobo.

I still can’t access anything.

I did notice that winlogon.exe is on my task manager, though i didn’t notice it before.

It also seems that Im not administrator on safe mode nor the usual boot. I was yesterday before I scanned.

What is ntdll.dll? It’s associated with my recent explorer.exe crash

Would a clean install of windows on my other harddrive let me modify and execute files on my primary harddrive?

If not, could I reformat my harddrive that has the infected windows and be okay? I’m taking note of the 'not do more damage ’ comment a few posts up

If you are in safe mode could you run this programme

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

With or without networking?

With networking please

I got OTL on my desktop via flashdrive. Double clicking the exe does nothing, not even prompt any change in processes. I am in safe mode with networking.

OK next try

A small programme

Download RogueKiller to your desktop

[]Quit all running programs
[]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 1 and validate
[]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

I can’t acess my flash drive. It won’t show up and I’m not entirely sure how to acess it without it being on my “computer”, and able to double click it

Just to clarify, I can see my flash drive on te disk management tab of my computer management, I just can’t explore it. I don’t have the option to

I got those three viruses this morning too! :o

Eh. I restarted my computer back into safe mode and it ran on startup?

This is the log it produced. (I have to type it out from my phone)
`
RogueKiller V6.1.0 [09/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRKgmailcom
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Dicks [Admin rights]
Mode: Scan – Date : 09/24/2011 21:09:29

Bad processes: 0

Registry Entries: 6
[BLACKLIST DLL] HKCU[…]\Run : Video Library (C:\Windows\system32\rundll32.exe C:\Users\Dicks\AppData\Local\Temp\Rpcqt.dll,Sets) → FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1124350335-3646014730-853149843-1000[…]\Run : Video Library (C:\Windows\system32\rundll32.exe C:\Users\Dicks\AppData\Local\Temp\Rpcqt.dll,Sets) → FOUND
[HJ] HKLM[…]\System : ConsentPromptBehaviorAdmin (0) → FOUND
[HJ] HKLM[…]\System : EnableLUA (0) → FOUND
[HJ] HKLM[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) → FOUND
[HJ] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

`

It seems like I can run the OTL thing too.

Attached OTL logs.

I had the same problem using avast. I found three instances of 'Win32:Cycbot-KI [ trj ]. I decided to let avast do its thing and after restarting my computer I wasn’t able to open most .exe applications and avast was disabled. It was a little frustrating but i found a fix for anyone else with the same problem. [windows 7] Go to Start/Search and type CMD In the Search Results right click Command Prompt and choose Run as Administrator. In the Command Prompt type SFC /Scannow. Once it’s finished corrupted files will be repaired and your .exe’s should work once again. cheers.

Mind you, I don’t actually think it removes the virus. It’s attached to some kernal32.dll.

I’m just using some context clues, because when I ran the scan and attempted to fix it, I noticed it moved kernal32.dll from system32 to the quarantine.

eidolonx
Newbie

The following post by this member worked for me. Very simple and very effective. Cheers Annette

Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #2 on: Today at 02:20:53 AM » Quote

I had the same problem a couple hours ago. I found three instances of 'Win32:Cycbot-KI [ trj ]. I decided to let avast do its thing and after restarting my computer I wasn’t able to open most .exe applications and avast was disabled. It was a little frustrating but i found a fix for anyone else with the same problem. (On windows 7) Go to Start/Search and type CMD In the Search Results right click Command Prompt and choose Run as Administrator. In the Command Prompt type SFC /Scannow. Once it’s finished corrupted files will be repaired and your .exe’s will work once again. cheers.