Help with Win32:trojan-gen and Win32:rpcexploit

Dear gurus of the art of viruskilling: :wink:

I have avast4.6 fully updated and sygate firewall on winxp pro.
Avast detects both viruses,but they come back whatever i try.
The infected files are named msdirectx.sys (not 100%sure) and sysmon.exe.

I have tried:

1)delete both viruses in normal mode and in safe mode.
2)put them in the chest.In this case,when i boot up,i get a windows message that the sysmon.exe file is missing.
3)scan with adaware.nothing happens.
4)scan with spyware doctor(updated).In this case,it detects a ‘‘hacktool.rootkit’’ which i delete,and it appears again as well.

When i scan,either in normal or on safe mode,i always turn off the system restore.

Help,please…

Follow the instructions on THIS PAGE

Hi Kalith,

It is a pity for you, but the presence of Hacktool rootkit implies that at some point the security of your system has been compromised. System should be restored from known clean back up copies or patched to restore security.

yours truly,

polonus

Anyone have any updated instructions on how to remove this? The provided link does not work anymore.

!! Do it in fail safe mode !!

  1. Clear temporary files, disable system restore.
  2. Scan whole computer, do complete full scan of it.
  3. Use hijackthis to remove bad entries, but be carefull, do not remove if you do not know what to do, post hiacklog here then.
    Reboot computer and use some online AV scanner.

Check out this link:

http://forum.avast.com/index.php?topic=16982.0