Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/FakeSysdef infection


  • Please log in to reply
No replies to this topic

#1 Archie_

Archie_

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 29 March 2011 - 02:17 PM

Hello all,

I have a PC running a valid Windows XP SP3 OS. Last week I noticed my desktop icons had gone transparent. Whilst googling for possible causes Comodo popped up two security alerts. Here is a link to one of the reports, which I hope works.

http://cima.security.comodo.com/report/893f4d601edf2ce7c2a14803d089579aabda1687.htm

I asked Comodo to disinfect following both alerts. I have since noticed the following symptoms.

Windows explorer file and folder icons are transparent, like the desktop.
Malwarebytes cannot update it's database.
Start/All Program links are gone.
Firefox add-ons are not working.
Wireless properties were reset and network settings needed re-entering.
Some software cannot save files.

Since the first issue I have done the following:

Downloaded and run SVCHostAnalyser
Downloaded and run SecurityTaskManager
Scanned with Malwarebytes (A scan on the old MB database doesn't find any infection, not that it's worth much)
Scanned using MS Security Essentials (Which warnned me Windows was invalid and it would stop running after 32 days) which found Trojan:Win32/FakeSysdef
Checked system restore and CCleaner for system restore points. None are available.
Rescanned using MS Security Essentials, the infection was found at a different location.

Here is the information from the scan.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
containerfile:C:\Documents and Settings\All Users\Application Data\20569908.exe
file:C:\Documents and Settings\All Users\Application Data\20569908.exe->(FSG-v2.0)

I don't know how the infection would have been delivered. I have discovered my daughter is in the habit of turning the PC on in the morning after I've left for work, and all the family are free to use it.

First of all, can anyone confirm if I still have a virus on the system?

Scondly, is there any way to recover the PC settings?

Thanks for any help.

Archie

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users