I seem to have a “recurring” infection of a trojan in two files and i don’t know how to permanently get rid of them. I tried removing all past restore points (i read something in the Microsoft support area about deleting them). I have done the recommended “boot scan”; I tried starting in safe mode and they were still there; I can’t get into the folder where they seem to reoccurr (System Volume Information). I am particularly concerned because i get strange error messages when i load Mozilla; when i access sites which are password-protected, i get an initial error saying the information was incorrect; i click the link again and i get in. I am concerned that something might be capturing key strokes.
Below is the Avast Report log dating from June 2010. Yesterday i ran a scan of only the System Volume folder; the resulting report appears at the end of the Avast Report log. You will notice that it is always the same two files that are said to be infected (smss.exs and services.exe) Please let me know if you have any ideas. Thank you.
David M.
06/27/2010 22:39
Scan of all local drives
File C:\Documents and Settings\David Miron\Local Settings\Temp\loader.exe is infected by Win32:Cycler-F [Trj], Deleted
File C:\Documents and Settings\David Miron\Local Settings\Temp\smss.exe is infected by Win32:Cycler-F [Trj], Deleted
File C:\Documents and Settings\David Miron\My Documents\My Downloads\Setup.EXE|>Wise0006.bin Error 42145 {Installer archive is corrupted.}
File C:\System Volume Information\Microsoft\services.exe is infected by Win32:Cycler-F [Trj], Deleted
File C:\System Volume Information\Microsoft\smss.exe is infected by Win32:Cycler-F [Trj], Deleted
File C:\System Volume Information_restore{2ECACBB6-D9AF-4EDD-9E9F-872D2F2C01F8}\RP274\A0036441.exe is infected by Win32:Adware-gen [Adw], Deleted
File C:\System Volume Information_restore{2ECACBB6-D9AF-4EDD-9E9F-872D2F2C01F8}\RP280\A0038108.exe is infected by Win32:Adware-gen [Adw], Deleted
File C:\System Volume Information_restore{2ECACBB6-D9AF-4EDD-9E9F-872D2F2C01F8}\RP281\A0040373.dll is infected by Win32:Trojan-gen, Deleted
File C:\System Volume Information_restore{2ECACBB6-D9AF-4EDD-9E9F-872D2F2C01F8}\RP281\A0040374.dll is infected by Win32:Trojan-gen, Deleted
File C:\WINDOWS\system32\trz1B.tmp is infected by Win32:Trojan-gen, Deleted
Number of searched folders: 9320
Number of tested files: 994490
Number of infected files: 9
06/28/2010 20:57
Scan of all local drives
File C:\Documents and Settings\David Miron\My Documents\My Downloads\Setup.EXE|>Wise0006.bin Error 42145 {Installer archive is corrupted.}
File C:\System Volume Information\Microsoft\services.exe is infected by Win32:Cycler-F [Trj], Deleted
File C:\System Volume Information\Microsoft\smss.exe is infected by Win32:Cycler-F [Trj], Deleted
Number of searched folders: 9081
Number of tested files: 952680
Number of infected files: 2
02/19/2011 13:52
Scan of all local drives
File C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir_ is infected by Win32:Alureon-FZ, Deleted
File C:\System Volume Information\Microsoft\services.exe is infected by Win32:Cycler-F [Trj], Deleted
Number of searched folders: 9562
Number of tested files: 1073816
Number of infected files: 2
03/16/2011 06:50
Scan of all local drives
File C:\System Volume Information\Microsoft\services.exe is infected by Win32:Cycler-F [Trj], Deleted
Scanning aborted
Number of searched folders: 7153
Number of tested files: 531779
Number of infected files: 1
03/17/2011 18:52
Scan of all local drives
File C:\System Volume Information\Microsoft\services.exe is infected by Win32:Cycler-F [Trj], Deleted
File C:\System Volume Information\Microsoft\smss.exe is infected by Win32:Cycler-F [Trj], Deleted
Number of searched folders: 10007
Number of tested files: 1131939
Number of infected files: 2
03/25/2011 08:59
Scan of all local drives
File C:\System Volume Information\Microsoft\services.exe is infected by Win32:Cycler-F [Trj], Deleted
File C:\System Volume Information\Microsoft\smss.exe is infected by Win32:Cycler-F [Trj], Deleted
Number of searched folders: 9981
Number of tested files: 1108039
Number of infected files: 2
03/27/2011 11:35
Scan of all local drives
File C:\System Volume Information\Microsoft\services.exe is infected by Win32:Cycler-F [Trj], Deleted
File C:\System Volume Information\Microsoft\smss.exe is infected by Win32:Cycler-F [Trj], Deleted
Number of searched folders: 9961
Number of tested files: 1106959
Number of infected files: 2
03/30/2011 02:50
Scan of all local drives
File C:\System Volume Information\Microsoft\services.exe is infected by Win32:Cycler-F [Trj], Deleted
Number of searched folders: 9820
Number of tested files: 1061152
Number of infected files: 1
- avast! Scan Report
- This file is generated automatically
- Scan name: Quick scan
- Started on: Monday, April 04, 2011 4:18:28 PM
- VPS: 110404-1, 04/04/2011
C:\System Volume Information\Microsoft\services.exe [L] Win32:Cycler-F [Trj] (0)
File will be deleted during the next system start…
C:\System Volume Information\Microsoft\smss.exe [L] Win32:Cycler-F [Trj] (0)
File was successfully deleted…
Infected files: 2
Total files: 16354
Total folders: 7353
Total size: 4.8 GB
- Scan stopped: Monday, April 04, 2011 4:33:43 PM
- Run-time was 15 minute(s), 15 second(s)