Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Required


  • Please log in to reply
5 replies to this topic

#1 sedge-wulf

sedge-wulf

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 28 April 2009 - 05:05 AM

Hi,

I have a problem with one of the PC's at work. It started on Friday last week where Symantec notified of a virus by the name of Packed.Generic.200. The PC automatically rebooted but then froze on the welcome screen. This kept on happening, so i started in Safe Mode and ran Malwarebytes.

This picked up several threats which it cleared apart from one. The one in question goes by the vendor name of Trojan.Agent with a file name of UACINIT.DLL.

No matter what i have tried it just won't shift.

I can now start the PC in normal, however, it has disabled all network resources, e.g. Internet, Email, Server files etc.

The LAN is saying it is connected but no packet data is being sent or received.

Can anybody help? The Malwarebytes logs taken this morning are below:

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

28/04/2009 10:37:06
mbam-log-2009-04-28 (10-37-06).txt

Scan type: Quick Scan
Objects scanned: 70262
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.



Any help would be greatly received.

Edited by sedge-wulf, 28 April 2009 - 06:44 AM.


BC AdBot (Login to Remove)

 


#2 sedge-wulf

sedge-wulf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 28 April 2009 - 07:25 AM

Really starting to struggle with this now. Because i can't access the internet, MBAM can't run any updates etc.

Any help would be greatly appreciated.

#3 sasmikeduncan

sasmikeduncan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 28 April 2009 - 05:44 PM

We would sincerely like to help you solve this issue. If you have access to a workstation that can presently access the internet, you may want to download SUPERAntiSpyware Free or Pro Trial Edition from www.superantispyware.com. While you are there, select "Support" and submit a support request. Reference this forum and my name, and we'll do our very best to walk you through some steps that may help. Of course, I have limited information to go on, so I cannot promise that we will be able to help you until we can dig into this a little. But I can tell you that we are sincere in wanting to help you.

Thanks! - Mike Duncan, SUPERAntiSpyware

#4 sedge-wulf

sedge-wulf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 29 April 2009 - 02:54 AM

Thank you for your reply, i had already downloaded from my PC and installed on the infected one.

Still came up with the same UACINIT.DLL file, although i have now successfully rectified the problem.

With that in mind, to save wasting anyone elses time, please consider this thread closed?

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 AM

Posted 30 April 2009 - 11:05 PM

We would sincerely like to help you solve this issue. If you have access to a workstation that can presently access the internet, you may want to download SUPERAntiSpyware Free or Pro Trial Edition from www.superantispyware.com. While you are there, select "Support" and submit a support request. Reference this forum and my name, and we'll do our very best to walk you through some steps that may help. Of course, I have limited information to go on, so I cannot promise that we will be able to help you until we can dig into this a little. But I can tell you that we are sincere in wanting to help you.

Thanks! - Mike Duncan, SUPERAntiSpyware


Though it is appreciated that you want to help our users, we too want to make sure our users receive proper help, which we cannot do if it is done elsewhere. These forums are also designed so that if other people have a similar problem, they can find their answers by reading other topics. You referring them to your site for help does not facilitate this nor is it acceptable behavior at BleepingComputer.com.

In the future, if you want to help our members solve a problem using SuperAntiSpyware, which you are welcome to do, then please provide that support here in our forums rather than referring them elsewhere.

#6 sasmikeduncan

sasmikeduncan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 01 May 2009 - 10:47 AM

No problem at all, we certainly are respectful of the rules and I appreciate your fair response. I just hate to see anyone having difficulties, and we sincerely want to help, both from our end and through the forum. I should have made it more clear that my invitation was intended to gather information and offer advice that we can communicate back to the forum members through the forum. It's my fault if that was unclear, and I do apologize for that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users