I got avast because my computer was acting odd, so I ran a deep scan, good idea, found thirteen infected files, deleted all except one, it was a specific trojan patch file and it was located in my services.exe file. I tried to do as the internet said by running task manager and ending any suspicious looking processes, but my windows blocked me at every turned saying ‘access denied’ (And i’m the admin!) so now I need to figure out how to delete a secure locked file on my windows 7 home premium system without restoring (I’m pretty sure it can just come back if I restored the system). Any help would be appreciated.
so I ran a deep scan, good idea, found thirteen infected files, deleted all except onenever delete as first option....you have none left
Clean, Quarantine, or Delete? http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm
so now I need to figure out how to delete a secure locked file on my windows 7 home premium system without restoring (I'm pretty sure it can just come back if I restored the system). Any help would be appreciated.start a topic in the virus and worms section and you will get help removing it
Hi zeratrix,
Deleting services.exe will kill your system deader than dead, just so you know. System files should never be deleted even if infected. This requires expert help to fix the services.exe file.
Here: http://forum.avast.com/index.php?topic=53253.0
Attach the the logs from these three programs: Malwarebytes (MBAM), OTL, and aswMBR.exe in your next reply.
This is a zero access infection … Monitoring
Here: http://forum.avast.com/index.php?topic=53253.0Attach the the logs from these three programs: Malwarebytes (MBAM), OTL, and aswMBR.exe in your next reply.
I don’t have any of those programs, so I don’t have logs from said programs sorry, I do need expert help and if it will kill my system then i’m in big trouble, I just got back on my laptop today and after MSN loads up my computer stops responding period. I had to load my laptop up in safe mode with networking just so I could get on the internet today.
Hi:
Follow the ‘link’ and subsequent direction that mchain has supplied in his response.
I don’t want to download additional software though, can spybot search and destroy be used as a substitute, I’m not sure but it might have logs, i’m not positive though
No Spybot is not man enough for the job. I will need to use at least two specialist tools to clear this
sighs alright spybot always caught malware that malwarebytes didn’t, the programs I have for these sorts of things are: Advanced Systemcare 4, Spybot Search & Destroy, and Avast Antivirus. The computer started to seriously lag when I downloaded avast, so I’m extremely wary of downloading new software.
*sighs* alright spybot always caught malware that malwarebytes didn'tyou mean tracking cookies or some adware .....spybot once a good program in the old days of spyware cant handle todays tuff malware also they release a small update a week ....malwarebytes may have 10 in one day
The computer started to seriously lag when I downloaded avast, so I'm extremely wary of downloading new software.EssexBoy can't fix this unless he is allowed to use his tools it's like saying to the car mechanic, fix my car but you can only use the sissors in the clove compartment
he will remove all tools when done, you can trust him he does several cases like this every day…just surf the virus and worms section and see
so he need logs from AdwCleaner / Malwarebytes / OTL / aswMBR http://forum.avast.com/index.php?topic=53253.0
I see what you mean, the crazy thing is (and now I feel dumb) is that I HAD malwarebytes on my computer, but since the scans were coming up negative and yet spybot would find the problems instead I uninstalled it, now I reinstalled it, here’s the log from malwarebytes (I am an amateur user so I have NO IDEA what any of this stuff means)
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.11.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nathan :: NATHAN-PC [administrator]
9/11/2012 8:55:24 PM
mbam-log-2012-09-11 (20-55-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206509
Time elapsed: 6 minute(s), 45 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) → 2800 → Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) → Delete on reboot.
(end)
I’ll send in the logs for adwarecleaner and stuff when I’m told what this gobbledygook means (as you can tell i’m pretty dumb when it comes to tech, part of the reason why i’m in this mess in the first place)
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.This is the problem, and if you run malwarebytes it will be there again as malwarebytes is not strong enough either
So with the OTL scan I will be able to determine the trigger delte that and then look at removing the bad boy
alright i’ll download otl but among the programs you suggested that one looks the most complicated to use.
Ok got the OTL downloaded and is scanning, no idea how the save file format thing is supposed to work but since I can simply attach the logs as is under ‘attachments and other options’ this shouldn’t be a problem, hopefully we’ll be able to find a solution to this problem it’s actually starting to scare me a little.
Also the OTL and all the files somehow ended up under the downloads area of my computer shrugs as long as it works.
Move OTL from the download folder to the desktop.
- Right-click the OTL file in “Downloads” if using Firefox (inside My Documents)
- or “My Documents” if using Internet Explorer and select/click “Cut” option.
- Move your mouse to any place on the desktop and right-click.
- A drop-down menu will appear.
- Select/click “Paste”.
OTL will move from the download folder or My Documents to the desktop. If winds up in the middle of the desktop, that is ok.
You should now be able to scan using OTL and produce the needed log for essexboy to read and craft the specialized fix your system needs to run as it should again. There is more work ahead, as essexboy said, the OTL fix will disable the malware; he will then be able to kill it with your help. Disabling it comes first, removal of the actual malware comes later.
Do not worry, you are in good hands with essexboy.
Got it and modified my reply to reflect it see above but the scan took a lot longer then indicated now I need to wait for essexboy to see both files, I know where they’re at on my laptop NOW I just need to hit the save as feature and change the coding to ANSI coding, since i’ve done that now I guess we move on to step three…
Use attachments and other options below to attach your OTL files in your next reply. Click “Browse” button below and a new window should appear, likely the Desktop window. Select OTL first, by highlighting it, and click “Open”. A second line will appear for another attachment. Hit Browse again and select OTL Extras. Click open once again. You should now have two attachments in the Attach area.
Post your reply when all is ready to go.
As essexboy lives in England, may be a bit of a wait for an answer due to time zone differences.
but I already attached the files on the previous page, nevermind i’ll attach them on this page too.
Hi,
Aplogies are in order here. Did not know you had modified post number twelve made earlier than the later post I made. Sorry about that.
No big deal, apparently being a newb also means I can also only delete personal messages and not send any myself…whatever, why can’t you delete posts? it seems a bit odd in my opinion.