I recently downloaded a file, ran it, and got this virus. avast Antivirus keeps telling me “threat has been detected”, trojan horse block and moved to chest. and the File system shield says in windows/system32/services.exe and windows/installer/…@ have viruses.
i attached adwcleaner, OTL, malwarebytes scans. but my avast antirootkit scan always crashes after it finds 3 infected files, services.exe and 2 in windows assembly GAC 32 and GAC 64 files
can anybody help me get rid of this virus?
your AdwCleaner log say search… you need to run it and click delete to remove all crap files it found
your Malwarebytes log say No Action taken…after scan you must click the remove selected button to quarantine the infections
malware removers are notified, it may take hours before they arrive so be patient
C:\_[b]OTL[/b]\[b]MovedFiles[/b]\04112013_122327\C_windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> No action taken. C:\_[b]OTL[/b]\[b]MovedFiles[/b]\04112013_122327\C_windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> No action taken.have you previous run OTL?....and not removed the program?
seems Malwarebytes is detecting the OTL quarantine folder
it seems i have the same problem …avast tell me i have this infection … Win32:Sirefef-ZT [Trj] whom avst can’t kill …but only can stop it …and other one win32:Access-PB whom sometimes avast can kill…but it returns from hell every 10 minutes … please help me … i can’t work without my pc … i hate this …but it’s true…
@claudiolosghi
please help mestart your own topic and attach the logs. http://forum.avast.com/index.php?topic=53253.0
@julianc
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
[2013-04-11 12:25:48 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013-04-11 12:25:48 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
:Files
C:\Windows\Installer\{d8f008bf-6309-2667-e49e-0b0a84cc019f}
C:\Program Files (x86)\Yontoo
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
thank you very much!! everything seems to be working fine now, avast isnt finding any new threats. heres the combo fix log. thanks you very much again
Looks good, any outstanding problems ?