Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Generic17.BKCS and SpamTool.FYS


  • Please log in to reply
5 replies to this topic

#1 nick33326

nick33326

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 24 June 2010 - 10:26 PM

Hello.

AVG has detected the following infections but has been unable to remove the infected files. What should I do?

File Result/Infection
C:\WINDOWS\system32\services.exe [776]:\memory_09500000 Trojan horse Generic17.BKCS
C:\WINDOWS\system32\services.exe [776] Trojan horse Generic17.BKCS
C:\WINDOWS\system32\svchost.exe [820]:\memory_00400000 Trojan horse SpamTool.FYS
C:\WINDOWS\system32\svchost.exe [820] Trojan horse SpamTool.FYS
C:\WINDOWS\system32\svchost..exe [864]:\memory_00400000 Trojan horse SpamTool.FYS
C:\WINDOWS\system32\svchost..exe [864] Trojan horse SpamTool.FYS

I've tried to scan AVG in safe mode, but it did not appear to work. I am now scanning with Malwarebytes in safe mode, hoping that may help but, from what I've been reading about this infection I suppose it is unlikely.

Thanks in advance for your help!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 24 June 2010 - 10:36 PM

After you are finished running your Malwarebytes scan boot back into Normal Mode and run another Malwarebytes quick scan. Post both logs.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 nick33326

nick33326
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 June 2010 - 10:22 AM

here is the log from Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4235

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/25/2010 10:56:46 AM
mbam-log-2010-06-25 (10-56-46).txt

Scan type: Quick scan
Objects scanned: 139759
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 25 June 2010 - 04:21 PM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 nick33326

nick33326
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 26 June 2010 - 06:58 AM

Thanks for your help.

We were able to clean and repair our system yesterday. Please consider the matter resolved.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 26 June 2010 - 04:36 PM

:thumbsup:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users