Avast home program is repeatedly finding a trojan in both my network services and in a temporary folder when I do a boot scan and a regular full scan.
Each time I have either moved to chest or the next time deleted.
I even did a search for the files in the temporary folder but the search comes up without finding the file avast says the trojan is located in.
After each boot scan and deleting the trojans I rebooted, system restore had been turned off, and then I ran a desktop full scan and this scan found the same trojans.
I couldn’t move to chest because it said they were in use.
So I deleted them. After, though, the scan the log did not show the trojans had been deleted.I rebooted. Ran the scan again and the trojans were still there.
I have been keeping current updates of avast definitions but I cannot get rid of these trojans.
Please someone offer some useful guidance as my ability to stay online or do anything is being limited.
Thanks
What is the malware name, the infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Thank you David.
I do have both of those programs thanks to recommendations here in the forum from some time back.
But I hadn’t run them in safe mode.
Having run them both, separately, neither found the trojan.
I will try to catch the name of the trojan but it is something win32.
The log viewer is frozen when I try to bring it up and it leaves the green bar and “avast!log viewer” text frozen on the screen
You can also open this file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log as that is the text file that the data is imported from into the log viewer…
I have tried all suggestions offered here to rid my computer of this persistent trojan to no avail.
The name of the trojan as it is found by Avast is win 32:trojan-gen worm/virus.
Can anyone please advise me how to permanently get rid of this thing?
It keeps showing up in my “network services” folder, which I can’t locate…and also in an internet temp folder, which also cannot be located. I regularly empty all temp folders but it still shows up.
I have rebooted after each attempt by whatever means and have stopped system restore , etc. but that doesn’t seem to help…
I have run Malwarebytes, spyware terminator, etc. and they do not find this trojan…but there must be a trojan as it is causing the svc.host shut down.
I have installed all of the windowws updates pertinent to the svc.host problem and run a reg fix…
That is the malware name and unfortunately doesn’t give as much information as the file name and location that was asked for in my first reply.
The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.
So there is a possibility that it might be a false positive and that is why the actual file name could be a help.
I wouldn’t worry about the temporary internet folder (as it is a temp location) and just empty it completely.
When I go into the log files under warning the description is only partial and doesn’t provide me the entire name or location.
As I mentioned briefly before, the only way I can think this is a real trojan is because of the generic host system problem (computer online connection freeze) I’ve been encountering since this “trojan” began showing up in avast scans and boot scans.
if the one in the temp folder isn’t worrisome the one in the network services must be the culprit that is freezing my dial up connection and causing the windows to alert me of the generic host closing problem each time.
Which is why I gave you the direct path in Reply #4 to the Warning.log file, this is where the log viewer gets the information.
All the information is in the log viewer it is just that the column widths need to be expanded to see it all (why I though it would be easier to go direct to the source file).
Expand Column Width, hover the mouse pointer over the column header divider until the pointer changes (see image) left click and hold down the key whilst dragging the pointer to the right. This also works in most windows programs where there are columns involved.
David,
Thank you for your patience and for showing me how to do that.
AS you can tell I am not highly familiar with many aspects of the computer yet…
here is the info from the warning folder:
12/19/2008 9:54:09 AM SYSTEM 1140 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DMUWSUC5\vpyuz[1].jpg” file.
12/19/2008 10:02:59 AM SYSTEM 1140 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\x” file.
There is no such item as vpyuz(1).jpg that I could find manually nor through a computer search.
OK, as I mentioned don’t worry about the stuff in temporary folders, it is easier to just clear those folders from your browser, Tools, Internet Options, General tab, Temporary Internet Files, Delete files…
The other detection in the windows\system32 folder (not network services folder) is most certainly a good detection as a file without an extension, like .exe is downright suspicious as is a file name in the system folders with just a single character file name.
So I assume you moved the x file into the chest ?
Does it keep coming back on boot ?
There is another topic which mentions x.exe as an infected file and one which keeps coming back.
In the past two boot scans the trojan did not show up. But while doing normal desktop work, avast popped up at the bottom of the monitor screen and informed me that it found the trojan in these two locations.
I have run sas and mbam in safe mode as well and nothing was found.
Some of the times I moved to the chest(this has been going on for several weeks now), this time listed I did move to chest. Other times I tried to delete it.
Of course, neither effort seemed to bring desired results.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
What is your firewall ?
As if it doesn’t provide outbound protection it could be that it is being downloaded again.
However, if what is being generated is in the temp internet folder, I would have hoped that the web shield would pick it up first.
What is your browser ?
I suggest a visit to this site as it checks your system for out of dat e programs that have security vulnerabilities which have been patched, http://secunia.com/software_inspector/.
It is possible that there might be something hiding a piece of malware.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.