Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:/WINDOWS/assembly/GAC_MSIL/desktop.ini PLEASE HELP ME!!!!!


  • Please log in to reply
3 replies to this topic

#1 DemonnPrincess

DemonnPrincess

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 20 October 2011 - 08:52 PM

I am using "Windows XP Professional Version 2002 Service Pack 3"
Ah and I DID NOT USE ComboFix! The log below is from AVG Antivirus Resident Shield Detection!


I have been trying to get this virus off of my computer for about two days now because it keeps infecting everything! >.< I have AVG Anti-virus software but everytime I try to scan the computer this virus kills the scan process and then I am no longer to view the vault. The software my computer cam with was Symantec Endpoint protection and that was working fine but this virus completely destroyed that program and it no longer scans or I can no longer update it. Whenever I try to install a new anti-virus software it immediately kills it's process seconds after it starts and infects the programs .exe file so I can no longer use it, even when I run the computer in safe mode! I've even tried Kaspersky Virus Removal Tool which only works in Safe Mode for some reason, but even then the program shuts out about halfway into the scan. It's always when it comes into contact with the virus and then the virus just kills the program and I have to start all over.

I have gone into command prompt and changed the look of the "assembly" folder to get to "C:/WINDOWS/assembly/GAC_MSIL/desktop.ini" but it keeps saying "Access is denied" whenever I try to delete the "desktop.ini" folder. When I go into the "GAC_MSIL" folder through explorer(which is infected to btw) I can't see any file named "desktop"; I only see a bunch of folders.

Please HELP! I have no idea what to do! This is my only computer I have for college and I have no money to pay for someone to fix it for me. I HAVE to do it myself from home with the help of someone who knows what they're doing.

I saved a log from AVG to show you all that's happened this day on the computer and it's below here:



Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:26:44 AM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic25.AHFI;"D:\Documents and Settings\All\Local Settings\Application Data\ed7fa35d\X";"Infected";"10/20/2011, 3:26:50 AM";"file";"C:\WINDOWS\system32\userinit.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:26:58 AM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:27:04 AM";"file";"C:\WINDOWS\system32\alg.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:27:04 AM";"file";"C:\WINDOWS\system32\wbem\wmiprvse.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:27:07 AM";"file";"C:\WINDOWS\system32\wbem\wmiprvse.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:27:13 AM";"file";"C:\Program Files\Symantec AntiVirus\DoScan.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:27:13 AM";"file";"C:\WINDOWS\system32\wbem\wmiprvse.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:27:47 AM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse PSW.Generic8.BWCH;"D:\Documents and Settings\All\Local Settings\Application Data\Google\Update\GoogleUpdate.exe";"Infected";"10/20/2011, 3:28:12 AM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse Generic4_c.BFAA;"C:\WINDOWS\1570996205:310402210.exe";"Infected";"10/20/2011, 3:29:04 AM";"file";"System"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:29:56 AM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:41:26 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:41:26 PM";"file";"C:\Program Files\Bonjour\mDNSResponder.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:41:32 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic25.AHFI;"D:\Documents and Settings\All\Local Settings\Application Data\ed7fa35d\X";"Infected";"10/20/2011, 3:41:35 PM";"file";"C:\WINDOWS\system32\userinit.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:41:51 PM";"file";"C:\WINDOWS\system32\wbem\wmiprvse.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:41:52 PM";"file";"C:\WINDOWS\system32\alg.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 3:42:01 PM";"file";"C:\WINDOWS\system32\wbem\wmiprvse.exe"
Trojan horse Generic4_c.BFAA;"C:\WINDOWS\1570996205:310402210.exe";"Infected";"10/20/2011, 3:43:50 PM";"file";"System"
Trojan horse PSW.Generic8.BWCH;"D:\Documents and Settings\All\Local Settings\Application Data\Google\Update\GoogleUpdate.exe";"Infected";"10/20/2011, 3:44:40 PM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse Generic4_c.BFAA;"C:\WINDOWS\1570996205:310402210.exe";"Infected";"10/20/2011, 3:58:49 PM";"file";"System"
Trojan horse Generic4_c.BFAA;"C:\WINDOWS\1570996205:310402210.exe";"Infected";"10/20/2011, 4:13:49 PM";"file";"System"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 4:25:07 PM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse PSW.Generic8.BWCH;"D:\Documents and Settings\All\Local Settings\Application Data\Google\Update\GoogleUpdate.exe";"Infected";"10/20/2011, 4:26:00 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 4:26:51 PM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Trojan horse Generic4_c.BFAA;"C:\WINDOWS\1570996205:310402210.exe";"Infected";"10/20/2011, 4:28:49 PM";"file";"System"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 4:31:56 PM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse PSW.Generic8.BWCH;"D:\Documents and Settings\All\Local Settings\Application Data\Google\Update\GoogleUpdate.exe";"Infected";"10/20/2011, 4:34:22 PM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse PSW.Generic8.BWCH;"D:\RECYCLER\S-1-5-21-3502307786-1751906563-1282634801-1032\Dd1.exe";"Infected";"10/20/2011, 4:34:36 PM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 4:42:22 PM";"file";"C:\Program Files\Symantec AntiVirus\DoScan.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 4:47:02 PM";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 4:48:35 PM";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 4:50:04 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 4:52:14 PM";"file";"C:\WINDOWS\explorer.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 5:06:49 PM";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 5:07:42 PM";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 5:16:31 PM";"file";"C:\Program Files\AVG\AVG8\avgrsx.exe"
Trojan horse Generic25.AHFI;"D:\Documents and Settings\All\Local Settings\Application Data\ed7fa35d\X";"Infected";"10/20/2011, 5:16:32 PM";"file";"C:\WINDOWS\system32\userinit.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 5:16:50 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 5:17:01 PM";"file";"C:\WINDOWS\system32\alg.exe"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 5:17:07 PM";"file";"C:\Program Files\Symantec AntiVirus\DoScan.exe"
Trojan horse Generic4_c.BFAA;"C:\WINDOWS\1570996205:310402210.exe";"Infected";"10/20/2011, 5:18:50 PM";"file";"System"
Trojan horse BackDoor.Generic14.AVBQ;"C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Infected";"10/20/2011, 6:21:03 PM";"file";"C:\WINDOWS\system32\wbem\wmiprvse.exe"

Edited by DemonnPrincess, 20 October 2011 - 11:36 PM.
Moved from XP ~Budapest


BC AdBot (Login to Remove)

 


#2 Guest_sundar7701_*

Guest_sundar7701_*

  • Guests
  • OFFLINE
  •  

Posted 20 October 2011 - 10:24 PM

C:\WINDOWS\1570996205:310402210.exe

You have zero access rootkit.Contact virus removal team

good luck

#3 DemonnPrincess

DemonnPrincess
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 20 October 2011 - 10:37 PM

C:\WINDOWS\1570996205:310402210.exe

You have zero access rootkit.Contact virus removal team

good luck


Who is the virus removal team? How do I contact them?

#4 Guest_sundar7701_*

Guest_sundar7701_*

  • Guests
  • OFFLINE
  •  

Posted 21 October 2011 - 03:19 AM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.

http://www.bleepingcomputer.com/forums/topic34773.html


Then start a new thread HERE and include or required logs.

http://www.bleepingcomputer.com/forums/forum22.html

Including a link to this thread will be helpful.

Edited by sundar7701, 21 October 2011 - 03:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users