Running Windows Vista Home Premium Service Pack 2 with Avast 5.0.545. In the past couple days I had been getting quite a few virus alerts. I figured Avast was doing its job since it was catching them, but they were frequent and often I was doing nothing more than browsing the internet (just got another one now).
Today I decided to do a full virus scan, but I got the blue screen of death before it could be completed. I decided to do a boot-time scan. Out of the half a dozen files that were said to be infected (a couple Trojans on java class files and some malware), one was unknown, came up as an 0x error message, although I don’t know now where the boot-time results are on my computer.
I continue now to get blue screens of death, although I’m not sure why, and I am continually getting alerts for threat detection for a “svchost.exe” in the Temp folder.
The viruses found during the boot-kit scan were seekservice.dll, ic2sts[1].exe (which it couldn’t delete because it’s “not found”), and three Java djewers trojans. I have a bunch more in my virus chest, most of which came about in the past 2 days, and an especially large number last night and this morning.
Anyone have any idea what’s wrong, why I keep getting blue screen of death, and how I can get rid of this virus infection?
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
run quick scan and click on the remove selected button to quarantine anything found
post the scan log here
CCleaner is also good at cleaning out Temp Folders but do not install its pre-selected Yahoo toolbar: CCleaner - Slim
Installer, no toolbar http://www.piriform.com/ccleaner/builds
OK. I did a scan with MalwareBytes first, removed the infected, then tried to do a scan with OTL but I kept getting the blue screen of death. So I entered into safe mode and then ran OTL. Then I did MalwareBytes one more time, and I came up empty. So I came to upload them post here, and again I got a threat detection by Avast. Same thing -
Object: C:\Windows\Temp\lxxu.tmp\svchost.exe
Infection: Win32:MalOb-BK[Cryp]
Action: Moved to chest
Process: C:\Windows\System32\svchost.exe
There’s something there still. Is it possible that there’s a virus-making file somewhere that isn’t actually triggering the antivirus but is instead making other files that are doing the triggering? And why am I still getting blue screened?
There's something there still. Is it possible that there's a virus-making file somewhere that isn't actually triggering the antivirus but is instead making other files that are doing the triggering? And why am I still getting blue screened?
jepp, and if so Essexboy will find it
you may not see him untill late UK time tomorrow, it is just midnight here now
* Download GMER
* Extract the contents of the zipped file to desktop.
* Double click GMER.exe.
* If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
* In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
o IAT/EAT
o Drives/Partition other than Systemdrive (typically C:\)
o Show All (don't miss this one)
* Then click the Scan button & wait for it to finish.
* Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
* Save the log where you can easily find it, such as your desktop.
CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.
The Zeus/Zbot infection maybe still there. Since Zeus/Zbot steals your passwords, personal information, banking, etc, you may want to start changing passwords, check your bank account, and report identity fraud.
Good so far, but then I got to a point where I’m logged in, Combofix is running but not doing anything, and PEV.cfxxe is requesting permission to access my computer. Is this normal? Allow or cancel?
There’s a hidden file that needs to be removed and it appears that there are MBR rootkit hooks in the drivers, they maybe modified by a possible TDSS/TDL3/Alureon infection.
Download TDSS Killer by Kaspersky and extract the file onto desktop.
Run TDSSKiller.exe
Wait for the scanning and disinfection process to be over. You do not have to reboot the PC.
Type this command while using TDSS Killer to create the log (excluding the word code).
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
[]Make sure to use Internet Explorer for this
[]Please go to VirSCAN.org FREE on-line scan service
[*]Copy and paste the following file path into the “Suspicious files to scan” box on the top of the page:
[*]C:\Windows\System32\saferun.exe
[*]Click on the Upload button
[*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.
[*]Once the Scan is completed, click on the “Copy to Clipboard” button. This will copy the link of the report into the Clipboard.
[*]Paste the contents of the Clipboard in your next reply.