Win32:Trojan-gen infection

I have an infection involving the Process C:\Windows\SysWOW64\svchost.exe. The AVAST alert box tells me that the Mail Shield has blocked a threat and that no further action is required. The action taken by avast! was “Deleted” regarding the infection. There is apparently an outgoing e-mail being sent by the trojan and there are 51 instances of it occurring. If I close the avast! box, it just keeps reappearing and listing the 51 blocked objects over and over again. I presume the trojan is just doing it’s thing repeatedly, now that it’s made itself at home on my computer.

Immediately prior to the warning about the trojan infection, I received a warning that a virus had moved to the virus chest: Win32:Evo-gen[Susp].

I have an ACER Aspire M3970 and my operating system is Windows 7 Home Premium Service Pack 1. I just did a full system scan with avast!, but it said it found no threats. I have only the freeware version of AVAST and know little to nothing about viruses nor virus removal. I’ve attached a screenshot of the scan history and of the Mail Shield dialog box. Any help would be appreciated.

Looks like something is trying to send some Mails invisibly.

Please follow this topic and attach the requested logs: http://forum.avast.com/index.php?topic=53253.0

Needed are OTL, Malwarebytes and aswMBR.

When done a malware expert will help you out.

Dear Steven,

Thank you for your reply to my post.

OK - I followed your instructions, downloaded and ran the three programs in order, and have attached the files. The avast! dialog window is still popping up whenever it detects activity on the system to notify me of the 51 e-mail messages regarding “Urgent notice to appear in court”, "Court order notice # xxx, “Hearing of your case . . .”, etc.

Thank you for your assistance with this.

Hi,

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    note: ComboFix must be downloaded to your Desktop.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.


  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.

P.S. I’m pretty sure this trojan came in an e-mail purported to be from Costco notifying me of an update in an expedited delivery or some such nonsense. BTW, I can no longer print to my printer - related problem? - IDK, since I could print OK earlier. Am going to try to reboot to fix this problem before proceeding with recommendation from TwinHeadedEagle, since I DEFINITELY am unable to memorize the ComboFix User’s guide in the next 5 minutes.

TwinHeadedEagle:

Downloaded and ran ComboFix as instructed. Log file attached.

Thank you.

Thank you to BleepingComputer.com for ComboFix and to TwinHeadedEagle for suggesting. Seemed to do the trick for me and got rid of the blasted e-mail generator. Happy New Year to you!

Good, only thing left is to remove used tools :slight_smile:

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

DelFix run and done. Thanks again.