[oldsmokey]

Hi,I'm no techie on the pc, but hope you can help... Am running windows 7 with AVG anti-virus...for past few days the AVG 'resident shield alert' keeps throwing up dire warnings about a windows system32services'exe...trojan horse dropper. generic..and goes on to say items resolved...then throws the warning up again 15 mins later...another warning , dont know if its related, from AVG, occasionally pops up to advise that the system is using too much memory, or to that effect...could it be this bloody trojan doing something nasty in the background?
Tried using AVG and malwarebytes to cure it to no effect...the computer won't let me do a system restore either!!
Would really appreciate some help...ta
__________________

[chin_grin]

Did you do a scan in safe mode?

Malewarebytes usually sorts it out, although personally I'd get rid of AVG and install MSE instead.

[ASJ112]

got a log from avg or mbam ?

[Nothingbetter2d]

i prefer avast over mse.... mse seems to miss so many.

also spybot and mbam are good

[oldsmokey]

Hi...I've seen logs posted by other troubled souls, no idea how to do it..if it helps, you might let me know how to get the log and i'll put it up.. just been trying to run MSE ( it was switched off, dunno why), and the damn thing keeps throwing up a 'can't run' error....grrrrr

[ASJ112]

The log can be viewed by clicking the Logs tab in MBAM. Copy and paste that here.

[oldsmokey]

Here we go...is it fixed now d'you think?...no nasties so far today...thanks all..
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dan :: DANS-PC [administrator]

Protection: Enabled

29/06/2012 16:43:16
mbam-log-2012-06-29 (16-43-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390422
Time elapsed: 1 hour(s), 29 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{732eec09-4e70-0f7a-a81a-289489e5979b}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

[yoyo]

Quote:

Originally Posted by oldsmokey

Here we go...is it fixed now d'you think?...no nasties so far today...thanks all..
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dan :: DANS-PC [administrator]

Protection: Enabled

29/06/2012 16:43:16
mbam-log-2012-06-29 (16-43-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390422
Time elapsed: 1 hour(s), 29 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{732eec09-4e70-0f7a-a81a-289489e5979b}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

It removed a rootkit which is quite nasty. I would run another scan with mbam/Super anti spyware and see if anything else shows up

Nick

[ASJ112]

na definitely not fixed, download and run combofix

http://www.bleepingcomputer.com/comb...o-use-combofix


post the log it gives you.

[oldsmokey]

ajs, you're right, booted up this am, avg 'threat detected' popup... is the combo-fix program ok to run for a tech-numpty such as meself?..I don't want the pc to end up any worse...thanks..

[practice]

Run the scan again and when it deletes the file,
Turn off system restore, ignore the warning and then turn it back on again.

[yoyo]

Quote:

Originally Posted by oldsmokey

ajs, you're right, booted up this am, avg 'threat detected' popup... is the combo-fix program ok to run for a tech-numpty such as meself?..I don't want the pc to end up any worse...thanks..

Run combofix and then post the log it makes up here (C:\combofix.txt), it will probably sort your issues out. Try running it in safe mode if possible (download it onto a cd/usb key then boot machine into safemode, copy the combofix.exe to the desktop and run it from there)

Nick

[ASJ112]

combofix is perfectly safe to use, and should be easy enough to use for tech-numptys


Don't waste your time running AVG, its not going to be able to remove a rootkit. I wouldn't use your PC for online banking or credit card usage till you remove this by the way.

[CaSCaDe711]

@ OP: Hope you got your machine sorted.

Excuse the language, but malware writers, what a bunch of cunt5

[oldsmokey]

Cascade youre right..I've spent the most of a day bolli+ing with this thing..turns out malwarebytes didnt sort it..MSE can't be switched on, presumably on account of it..same with MS updates, cant turn it on...am doing a MS safety scanner scan on it now to try and sort the damn thing...a 0x80070424 error keeps coming up, and the recommended fixes don't...