Win32:Turla-G [Trj] - Please Help!

I’ve scanned my computer with avast and it detected this virus:

Win32:Turla-G [Trj]

The name of infected file is:

D:\System Volume Information\catalog.wci\00000002.ps2

I’ve tried to perform the automatic/default action (I’m from Poland, I don’t know what’s the name of this function in English), but it seams not to do anything. After another scan it still detects it. CAn someone please help me?

Hi there and welcome to the forum,

please follow this guide and attach the logs from Malwarebytes, OTL and aswMBR(Not Win 8, 8.1):

http://forum.avast.com/index.php?topic=53253.0

Disable system restore and the problem should be gone.

D:\System Volume Information\catalog.wci\00000002.ps2
It is located in a restore point, so a backup of a infection you once had......or still have

Delete the restore point…
http://windows.microsoft.com/en-ca/windows/delete-restore-point#1TC=windows-7

Wow, thank you guys for such a quick response. I am now running the Malwarebytes scan, it has detected 4 objects by now. After that i will remove my restore points and see if it helps.

Ok. I did the Malwarebytes scan - it detected 12 objects, which I removed. Then I used the Windows tool to delete restore point - all but the most recent restore point. After that, I did another Malwarebytes scan and it said, that the system is clean, but avast still reports that file.

Done! I removed all the restoration points by turning the option off. After that, avast says it’s all clean. I’m not good with computers, so I hope I didn’t caused you trouble. Thank you all very much for the help :slight_smile:

Not done :confused: I did a full system scan with avast this morning and it still detects the virus. Should I make new logs or are those enough?

No…now you wait for a malware expert to arrive…

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    Note: ComboFix must be downloaded to your Desktop.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Click on I Agree!

[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

  • ComboFix will check if there is a newer version of ComboFix available.
    Click Yes if prompted to download.[/size]
    -If Recovery Console is not installed, ComboFix will offer download & installation.
    Click Yes to allow ComboFix to install Recovery Console.
  • ComboFix will scan your computer in stages, total of 50 stages.
    Do not mouse-click around while ComboFix is running.
    Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
    [/i]

  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.

Here it is.

Do you still have a detection, PC seems clean…

It is clean now! After ComboFix did it’s part, I scanned the system with avast. It detected the virus and successfully moved it to quarantine. Program sugested to scan the system during start up, so I did (detected nothing). And after computer turned on I did another full system scan with avast - all clean.

Thank you all very much for helping. You’re a life saver, TwinHeadedEagle. And it is pretty cool getting help from Leone’s gunslinger :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Done. I cannot thank you enough.