Malwere/Trojan on services.exe

Hello. I’m having problem with services.exe.
Avast blocking it continually.
Infection: Win32:Malwere-gen, Win32:ZAccess-JC [Trj], Win32:Trojan-gen
I attached logs.
I’m sorry for my english is not good.
I’m waiting for your advice.Thank you.

I’m on it …wait till I look attached logs :wink:

It seems you have a zero access rootkit :-\

anyway…Malware removers are notified. it may take hours before one arrive so be patient

well, magna86 is out of bed ;D you are in good hands

@Pondus ;D

@layer
Do you recognize this (folders) ?

C:\Users\EJLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\덴더라이언 -너에게 부는 바람- 체험판
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\덴더라이언 -너에게 부는 바람- 체험판

Please, go here and read instructions for running RogueKiller

http://forum.avast.com/index.php?topic=53253.0

Attach here all RK reports.txt log


Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.


Re-run OTL, click on RunScan and attach here fresh OTL.txt log

That folder is demo of game I downloaded.
I attached logs.And problem is resolved.No more pop up.Thank you so much!:smiley:
I’ll attach OTL log next reply.

It is OTL.txt log.

Hi,

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

[*] Please download BlitzBlank by emsisoft and save it to your desktop.

[*] Open Blitzblank.exe by double click on it.

[*] Click OK at the warning (and take note of it, this is a VERY powerful tool!).

[*] Click the Script tab and copy/paste the following text there:

     

DeleteFile:
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
DeleteFolder:
C:\Windows\Installer\{46ab0750-3549-c661-31f3-a2d58d0ed9c1}
DeleteRegValue:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeBridge
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClubBox


[*] Click Execute Now. Your computer will need to reboot in order to replace the files.
[*] When done, post me the report created by Blitzblank. you can find it at the root of the drive C:\

Re-enable antivirus protection


Please re-run Malwarebytes (check for updates and click on QuickScan ) and attach here fresh mbam.txt log.


Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.