Net-Worm.Win32.Aspxor.fp and Packed.Win32.TDSS.z
Hello again, Kapersky Online Scanner found these infections on some files on my computer. I would like to ask if there are any specific instructions or guides to remove these. I tried the avast cleaner already and it did not removed anything. I am about to try MBAM atm.
Thanks in advance.
Results from virustotal on the infected files found by kapersky:
could you move those files to avast chest, please.
start avast antivirus > virus chest > user files > add file (browse for the file*) > click email to avast and do a manual update. else you can zip the files with password protection and send it to virus@avast.com put the password in the body of the email.
Or having added the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
I have moved and sent the files as you guys have told me. However, when trying to add an infected file from windows/system32…
Program cannot Add to chest the following file: C:\Windows\System32\usbctl.exe
—>Description: The system cannot find the file specified
Hi
It is the USB Bus Controller, could be in use that is why the system file cannot be removed.
Have you checked on these registry items:
Values added
HKLM\SOFTWARE\Microsoft\Sft: “{1C3627E4-9646-41B0-BF2C-462DAE3E5575}”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\0000\Control*NewlyCreated*: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\0000\Control\ActiveService: “usbctl”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\0000\Service: “usbctl”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\0000\Legacy: 0x00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\0000\Class: “LegacyDriver”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\0000\DeviceDesc: “Microsoft USB Bus Controller”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBCTL\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\usbctl\Enum\0: “Root\LEGACY_USBCTL\0000”
HKLM\SYSTEM\ControlSet001\Services\usbctl\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\usbctl\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\usbctl\Type: 0x00000010
HKLM\SYSTEM\ControlSet001\Services\usbctl\Start: 0x00000002
HKLM\SYSTEM\ControlSet001\Services\usbctl\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\usbctl\ImagePath: “C:\WINDOWS\system32\usbctl.exe”
HKLM\SYSTEM\ControlSet001\Services\usbctl\DisplayName: “Microsoft USB Bus Controller”
HKLM\SYSTEM\ControlSet001\Services\usbctl\ObjectName: “LocalSystem”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\0000\Control*NewlyCreated*: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\0000\Control\ActiveService: “usbctl”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\0000\Service: “usbctl”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\0000\Class: “LegacyDriver”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\0000\DeviceDesc: “Microsoft USB Bus Controller”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBCTL\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\Enum\0: “Root\LEGACY_USBCTL\0000”
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\Type: 0x00000010
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\ImagePath: “C:\WINDOWS\system32\usbctl.exe”
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\DisplayName: “Microsoft USB Bus Controller”
HKLM\SYSTEM\CurrentControlSet\Services\usbctl\ObjectName: "LocalSystem
polonus
Hi
If there is trouble with the USB Bus Controller, check up doing the following:
3) The easiest way to solve a USB error code 10 in Windows XP is to follow the steps below to remove and reinstall all USB controllers.
A. Click on Start
B. Right Click on My Computer, click on Properties
C. Click on the Hardware tab
D. Click the Device Manager button.
E. Expand Universal Serial Bus controllers section.
F. Right-click every device under the Universal Serial Bus controllers node, and then click Uninstall to remove them one at a time.
G. Restart the computer, and allow the computer to reinstall the USB controllers.
H. Plug in the removable USB storage device, and then test to make sure that the issue is resolved,
polonus
These are the only ones i found:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbctl
Class Name:
Last Write Time: 9/20/2009 - 11:57 PM
Value 0
Name: Type
Type: REG_DWORD
Data: 0x10
Value 1
Name: Start
Type: REG_DWORD
Data: 0x2
Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 3
Name: ImagePath
Type: REG_EXPAND_SZ
Data: C:\Windows\system32\usbctl.exe
Value 4
Name: DisplayName
Type: REG_SZ
Data: Microsoft USB Bus Controller
Value 5
Name: WOW64
Type: REG_DWORD
Data: 0x1
Value 6
Name: ObjectName
Type: REG_SZ
Data: LocalSystem
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbctl
Class Name:
Last Write Time: 9/20/2009 - 11:57 PM
Value 0
Name: Type
Type: REG_DWORD
Data: 0x10
Value 1
Name: Start
Type: REG_DWORD
Data: 0x2
Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 3
Name: ImagePath
Type: REG_EXPAND_SZ
Data: C:\Windows\system32\usbctl.exe
Value 4
Name: DisplayName
Type: REG_SZ
Data: Microsoft USB Bus Controller
Value 5
Name: WOW64
Type: REG_DWORD
Data: 0x1
Value 6
Name: ObjectName
Type: REG_SZ
Data: LocalSystem
There are no current problems with my USB bus controller.
Malwarebytes just found those infected files and removed them.
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - Folder:
C:\Windows\System32
Scan statistics:
Objects scanned: 4679
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 00:03:20
File name / Threat / Threats count
C:\Windows\System32\usbctl.exe Infected: Net-Worm.Win32.Aspxor.fp 1
Selected area has been scanned.
Hi,
it looks, that it comes from wxw.razersupport.com/ Did you install some drivers from this site recently?
http://forum.avast.com/index.php?topic=48831.0
Milos
I believe i have fixed those things related to razer drivers and stuff already.
Only thing i am trying to resolve atm is malwarebytes detecting Hijack.DisplayProperties in the registry files. I think kapersky online scanner did not find this.
Any suggestions on resolving this issue?
Thanks.
Nevermind, did a little research on malwarebytes forum and found out that hijack.displayproperties is a false-positive with vista 64