Dear experts, please let me start off by explaining I am a computer novice. Recently I stupidly downloaded a “free software” and activated the exe file, stupid I know but it was from a decent website I use quite often. Anyway sine then I’ve had the virus Win32:Fasec[trj] It keeps infecting the following file C:\Windows\System32\gaopdxhucsteep.dll
As per the advice given on the website I downloaded the most up to date VPS file, the version I have now is 090212-0 12/2/2009. I then scheduled a boot-time scan. this always moves the above file to the chest. But each time I open a new internet explorer or re-boot the laptop this annoying malware pops it’s ugly head up again?
This morning the audio device on my laptop stopped working i.e. no audio devices could be found. I think it’s down to this malware. So I ran Avast and scanned C: drive it found following infected file and moved it to the chest C:\RECYCLER\S-6-4-24-100031756-100002774-100001781-3550.com which I believe is a Win32:Rootkit-gen [Rtk] virus. I then scheduled a boot-time scan again and the same infected file was moved to chest C:\Windows\System32\gaopdxhucsteep.dll
Can someone let me know if I’ve done all I can do before I think about formatting my laptop?
I am using Winows Vista Home premium Service pack 1
Avast!4.8home edition Build Feb2009[4.8.1335]
I am new to the forum, and came across this as a result of installing Avast! to assist in removal of this vary trojan.
I am new to viruses, and usually, quite a safe surfer, but did the same as you have done in this post and made an obvious error in judgement to execute something I that normally does not cause a problem.
Since this post gives the most detailed explanation of what I have gone through for the past couple days, I wanted the opportunity to share some information.
My antivirus software picked up this virus upon install, but would not remove it (Iolo, garbage, since removed). After many hours of frustrating research and trial and error, I managed to quarantine and delete almost everything and got my system back to almost normal, here’s what I did. IE was not working, AV, spyware, and malware programs would not update.
Using another computer which I am fortunate enough to have, I was able to search the internet and do real time back and forth to accomplish removal. The first thing was to change the registry to allow view of Super hidden files, and then change the registry entries and remove entries that allowed the trojan to mount each drive. Then downloaded ComboFix which deleted most of the viruses critical files which were preventing IE and blocking the AV…programs from updating. Once this is done, I was able to update Avast, Superantispyware, MalwareBytes Antimalware and SpyBot. Using all of these tools I was able to then clean the rest of the system.
One problem remains, I continue to receive notification from SpyBot that something is attempting to make registry changes to notepad.exe%1, and regedit.exe%1, which I continue to block. Through research this appears to be remnants still attempting to take over critical systems on my machine.
As our problems appear similar, thought I would share my experience and welcome any input into what remains on the system making registry changes. Please let me know if you recommend posting a new thread instead, not trying to hijack. Thanks.
Thanks to this forum once again, I detected some additional autorun.inf files that may have been attempting to change registry values. According to the spybot S&D log I have had no attempted registry changes since doing this. Finders crossed, we’ll see if that takes care of it.
I suspect I may have forgotten a drive during my scanning resulting in a data drive still having some of these autorun files existing.
Thanks for taking the time to respnd to my problem.
As I’m not good enough to go to registry and delete files etc. I took the easy option and attempted to download auperantispyware software, every time I click on the free download it says Oops! This link appears broken. DNS error - cannot find server.
So I attempted to download spyware doctor6. I downloaded the exe file and ran it but my laptop won’t allow me to download smart updates it just says error.
My laptop also won’t allow me to check for windows security updates it says error code80244019. As my windows vista came downloaded with laptop I contacted my manufacturer Toshiba and they said this is because the server is done. Not sure this true.
Looks like I will hav to run some form of recovery media
Try downloading MBAM, SAS, and Avira rescue cd from another computer. You can manually download the updates too.After downloading resue cd,double click on file,insert cd/dvd and fully updated program will be burnt to disc.Insert disc into infected pc and reboot.Follow instructions fron link. Transfer MBAM,SAS and updates to cd. Try and install both programs.Exit programs, double click on update files,to update both programs. MBAM can be installed in safe mode. You could also try renaming MBAM if malware blocks installation