Hello. I’m having problem with services.exe.
Avast blocking it continually.
Infection: Win32:Malwere-gen, Win32:ZAccess-JC [Trj], Win32:Trojan-gen
I attached logs.
I’m sorry for my english is not good.
I’m waiting for your advice.Thank you.
I’m on it …wait till I look attached logs
It seems you have a zero access rootkit :-\
anyway…Malware removers are notified. it may take hours before one arrive so be patient
well, magna86 is out of bed ;D you are in good hands
@Pondus ;D
@layer
Do you recognize this (folders) ?
C:\Users\EJLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\덴더라이언 -너에게 부는 바람- 체험판
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\덴더라이언 -너에게 부는 바람- 체험판
Please, go here and read instructions for running RogueKiller
http://forum.avast.com/index.php?topic=53253.0
Attach here all RK reports.txt log
Download TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please post the contents of that log in your next reply.
Re-run OTL, click on RunScan and attach here fresh OTL.txt log
That folder is demo of game I downloaded.
I attached logs.And problem is resolved.No more pop up.Thank you so much!
I’ll attach OTL log next reply.
It is OTL.txt log.
Hi,
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
[*] Please download BlitzBlank by emsisoft and save it to your desktop.
[*] Open Blitzblank.exe by double click on it.
[*] Click OK at the warning (and take note of it, this is a VERY powerful tool!).
[*] Click the Script tab and copy/paste the following text there:
DeleteFile:
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
DeleteFolder:
C:\Windows\Installer\{46ab0750-3549-c661-31f3-a2d58d0ed9c1}
DeleteRegValue:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeBridge
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClubBox
[*] Click Execute Now. Your computer will need to reboot in order to replace the files.
[*] When done, post me the report created by Blitzblank. you can find it at the root of the drive C:\
Re-enable antivirus protection
Please re-run Malwarebytes (check for updates and click on QuickScan ) and attach here fresh mbam.txt log.
Check USB storage devices / removable drives
Download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.