Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


AVG Detects Services.exe Infected with "TrojanHorsePatched_c.LXT"

  • Please log in to reply
2 replies to this topic

#1 Cupka44


  • Members
  • 13 posts
  • Local time:10:11 AM

Posted 11 July 2012 - 07:47 PM

Hello all,
This is my first time posting, and I've tried to do everything correctly, but if for some reason I haven't, please help me out. :)
My computer seems to be infected with (several) trojan horses. Infecting both "C://Windows/System32/services.exe", and "C://Windows/Assembly/GAC_32[and_64]/Desktop.ini". I have followed the instructions at this link, but my logs (although surprisingly similar) differ somewhat from the logs there. However, even after completing the instructions my problems remained.

System Specs:
OS: Windows 7 (64Bit)[SP1]
Proccessor/RAM: Intel Core i5-2450M CPU@ 2.50GHz, RAM 6.00GB
Machine Make: Lenovo Z570
Browsers Installed:
Chrome, Opera, Firefox, Seamonkey, Internet Explorer

Problem(s) as far as I can tell:
AVG detects "Services.exe" infected with a "TrojanHorsePatched_c.LXT" (MBAM does not).
AVG and MBAM detect "...GAC_32/Desktop.ini", and "...GAC_64/Desktop.ini" infected with "Trojan.Generic15.axla".
All browsers (as AVG detects Services.exe opening) redirect past this link ["http://socket.luckyorange.com/_ylt=3648C868A1DB;c29ja2V0Lmx1Y2t5b3JhbmdlLmNvbS9zb2NrZXQuaW8vMS94aHItcG9sbGluZy9GMVNzWkx6aVBZSXo4djVfOGR4bD90PTEzNDIwNDUzMzA1Nzc=-NTAuNy4yMTMuOTAvYy84enIxMjc5TDhHNXFzU1U0YmI4MDkyZmRkNDE0YmUwNThmMmVlZDkxMDM4NGJkN2IxNms="] to random websites.
Google links (sporadically) redirect past previous link to random websites. This doesn't happen all the time, but usually when I need to find something fast. :-/
All sites have ads (by adchoices) that aren't supposed to be there. (Including Gmail and Facebook.)
Chrome browser (previously) wouldn't allow me to access Facebook, Gmail, Google, or most other https sites due to "insecure connection". (My apologies that I don't have the actual message. Chrome doesn't seem to be having any problems now, so I don't have access to the message.)
All web pages (including all Google sites, and Facebook) are "helped out" by text-enhance. (Annoying links that contain advertisement pop-ups.)

Solutions (not) that I've tried so far:
(Note: These are all the ones that I can remember. I've been trying on my own for several days now.)
All instructions from first link.
DNS Dump (CMD> ipconfig /flushdns)
CC Cleaner
MBAM (Found Several infections, including before said, fixed/removed all, but problems remained.)
TDSS Killer (Kapersky) Found one infection originally, fixed that infection, but the problems remained.
AVG doing multiple scans. (With and without MBAM installed.) Found services.exe, plus a whole bunch of white-listed "infections" (system files, it called them).

Items that I remember doing before problems occurred (problems occurred after reboot):
Accessed www.passports.org on an insecure 3G network. (Tethered to my phone. Phone not infected.)
Installed DriveIconChanger 1.0
Installed Autoplay Menu Builder
Installed "Digital Clock Screensaver"
Installed 3PlaneSoft Screensavers:
Mechanical Clock 3D Screensaver
One Ring 3D Screensaver (Free).

Windows 7 installed automatic updates, asked me to restart, I did so, problems occurred.

I appreciate any help you can give me, and all the time that you people put into helping the ignorant fix their blunders.
Please note that I'm more available in the evenings than I am in the daytime, so if I don't respond directly after you, I will do so as soon as I'm available. Thanks for your patience!

Edited by Cupka44, 11 July 2012 - 07:48 PM.

BC AdBot (Login to Remove)


#2 Broni


    The Coolest BC Computer

  • BC Advisor
  • 42,771 posts
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 11 July 2012 - 08:56 PM

Welcome aboard Posted Image

You're infected with ZeroAccess rootkit.
That will require elevated help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE


#3 Cupka44

  • Topic Starter

  • Members
  • 13 posts
  • Local time:10:11 AM

Posted 02 August 2012 - 10:20 AM

Note: Completed steps in Prep Guide and started new topic in Malware Removal. (http://www.bleepingcomputer.com/forums/topic463551.html)
Thanks for your help!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users