Trojan Backdoor Virus

Avast just detected 41 root kits on full system scan, but was unable to remove them as Avast indicated they are password protected. How do I get rid of them? Help :slight_smile:

ehhh…password protected rootkits ::slight_smile:

could you attach a screenshot of the scan result

Sorry, I misspoke; Avast unable to remove root kits indicating that they are in password protected archives. Will attempt to run another scan for screen shots. PC is now blocking Windows Updates access.

2nd Avast full system scan netted nothing detected. Windows Updates is no longer functional; have included log.

http://forum.avast.com/index.php?topic=53253.0

follow the above to link to the guide and attch the logs here i will notify a malware removal expert.

oldman notified.

Here are the requested logs.

Here is final log requested.

When avast find files that are password protected, you usually get a message saying: could not scan (password protected archive)
and files that can not be scanned are just that…does not mean they are infected

that is why this was a bit strange to me if avast say that the password protected archives contain rootkit
so if you could attach a screen shot of the scan result ?

OBS: your Malwarebytes log is not readable…looks like chinese. you probaly saved it in wrong format

All logs were saved in ANSI format. My computer is out of control. I can’t run any scans any more as it either kills the program or reboots itself. I have a back door trojan allowing someone complete control over my PC. I have had to reinstall AVAST and it is not detecting anything now. CPU usage is crazy whenever I try to run scans, use internet, or attempt to download programs. Even programs uploaded via flash drive fail to run. I was almost finished with Symantec Power Eraser (which is designed to deal with back door trojans), selecting from a checklist that it provided, those files that according to it were in need of deletion as well as safe to delete when it locked up and rebooted itself.
I am at my wits end with this. I need serious help. Is it possible to block the “other user’s” access to my PC in some manner? HELP!!!

Can you get into safe mode and try another scan?
May need dr web cure it bootable cd

If it helps…

Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:

  1. G Data BootCD
  2. Dr. Web
  3. Avira
  4. BitDefender
  5. Kaspersky
  6. F-Secure
  7. Vba32 Rescue

You can check also this comparison article.

Thank you for the help!!! I will try all and let you know how it turns out :slight_smile:

You’re welcome. We’ll be here to try to help :wink:

could you attach a screenshot of the scan result
Can you do this as requested? A screen capture of the Avast log file that stated it found 41 rootkits.

since you now have attached the files requested in Essxboys guide, i recomend you now wait for Essexboys advice instead of testing every tool thrown in here

Essexboy likes to know whats in there before selecting the tool to use…and not the other way around :wink:

I can see nothing apparent in the logs that would cause the problems you are describing

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn

[]Double click Dr Web
[
]IMGBurn will open
[*]Burn the ISO to a cd

[]Reboot the infected computer with the CD in the drive
[
]Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
[*]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdbootscreen.gif

[*]Use arrow keys to select DrWeb-LiveCD (Default)

[*]When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdDriveselection.gif

[]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
[
]Once completed reboot to normal windows
[*]No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

I found out what has infect my 2 pcs. It is a boot sector virus (Botnet type). Not sure which one though; hoping you can help me figure that part out, as well as how to remove it? I have included some logs and screen shots for analysis. Help please!!!
P.S. The Trojan corrupted and disabled AVAST!!!

Here are MBRCheck log and Combo log as well. Also; I forgot that I loaded windows on my XPS 200 as well. It is quiet now, as before it was going crazy, so I am guessing that the Trojan perfers Windows 7 over Vista. :slight_smile:

please use dr.web as specified by essexboy and post log please…

I am working on it right now. :slight_smile: