Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, I am reinfected


  • Please log in to reply
4 replies to this topic

#1 geminijd

geminijd

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 15 February 2012 - 06:23 AM

It seems my PC has been reinfected with the svchost.exe trojan virus. I successfully removed it previously via the instructions I was given here: My link. My questions is, can I to follow the exact same steps and post the new logs here?

Edited by geminijd, 15 February 2012 - 06:25 AM.


BC AdBot (Login to Remove)

 


#2 balon

balon

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Haven, CT
  • Local time:04:35 PM

Posted 15 February 2012 - 08:17 AM

Hi there, a moderator or someone on the security team may/will take over at any time but until there, i will assist you if you wish.

Please start with answering a few questions for me to understand what is on your computer.

What are you currently using for an antivirus?
What is your operating system?
What symptoms are you experiencing?

Read this I suggest for now you only do steps: 1-6.

Once you have completed steps 1-6, please download DDS and run it then post the logs here then come back here and provide a link to the post.

You may also of course use Pastebin and post the logs here.

 
Download

Mini Toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

Click Go and post the result.

 

As narenxp stated in the last post...

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report

Skip all the findings, warning if you have daemon tools or other software related to that some issues may pop up, ignore everything hit "Skip" and just post the LOG here.

 

Remember the DDS log must be on the other forum (link is above).

Edited by Balon, 15 February 2012 - 09:06 AM.


#3 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 15 February 2012 - 09:11 AM

My current antiVirus is AVG; My OS is Windows 7. After opening a downloaded zip file, my AVG popped up and said threat detected. I panicked and closed the screen without taking any action. So I scanned my entire PC using AVG which did not find anything. But to be sure I also scanned my PC using the mnost recent version of MBAM. MBAM detected the trojan svchost.exe, so here I am again. I'm not trying to be unappreciative, but can you tell me why we are deviating from the previous instructions I received?

#4 balon

balon

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Haven, CT
  • Local time:04:35 PM

Posted 15 February 2012 - 10:19 AM

My current antiVirus is AVG; My OS is Windows 7. After opening a downloaded zip file, my AVG popped up and said threat detected. I panicked and closed the screen without taking any action. So I scanned my entire PC using AVG which did not find anything. But to be sure I also scanned my PC using the most recent version of MBAM. MBAM detected the trojan svchost.exe, so here I am again. I'm not trying to be unappreciative, but can you tell me why we are deviating from the previous instructions I received?


Well basically I am having you do a few things he had you do as well as a few others, Not saying he did not help you; there could be a chance what he had you do missed something, he has helped me many times. I am just trying to get you to scan with other programs to see if we have better results.

 

Please follow the instructions i provided above as well as post a new MBAM log here as well.

 
List of Instructions I had provided up to this point:
Use DDS
Use Mini Toolbox
Use TDSSKiller
Use MBAM

-Then post the logs here accept DDS [Follow instructions on posting these above..]

Edited by Balon, 15 February 2012 - 10:21 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 PM

Posted 15 February 2012 - 10:33 AM

Hello, just create the DDS log topic as the infection will be cleaned there and not here anyway...
As the Am I Infected forum rules stste..No DDS, HijackThis, or ComboFix logs should be posted in this forum.



We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users