New Virus and Trojan Issue Options

[RMW-IT]

Hi there,

One of our work computers has detected three new infections:

Backdoor.Win32.ZAccess.fln
Trojan-Ransom.Win32.PornoAsset.fdt
Virus.Win32.ZAccess.c

Unfortunately I cannot find a working solution at the moment.

I have attempted disinfection and deletion in normal running and safe mode, TDSSKiller and Virus Removal 2011 but to no avail. I realise that these are new infections and so may not be curable yet.

The log file for the computer is here:
My computer log

Please help me if possible.

Best regards,

David

[richbuff]

Please disable Spybots' TeaTimer, and attach the other log that the first Important topic boldly requests, and also please attach your Tdsskiller log.

Please see the small print that is located at the bottom of this message.

[RMW-IT]

Hi Richbuff,

Thanks for the swift reply.

I have attached the tdsskiller log as a txt file and also the AVZ syscure.zip. Apologies for not including them before.

Best regards,

David

Attached File(s)

 tdsskiller.txt ( 44.5K ) Number of downloads: 2
 virusinfo_syscure.zip ( 193.99K ) Number of downloads: 3

 

[RMW-IT]

I should also mention that the virus alerts are no longer happening with a Kaspersky full scan.

Perhaps they have gone...

Best regards,

David

[richbuff]

You're welcome. Your logs look clean, so it/they are probably gone.

[Jeannet]

Hi guys,

I am completely new on the forum, assume that the rule is to start a new topic but my problem is very similar as David's.
So please help me

Previous day, my Kaspersky has detected two viruses, both of the categories backdoor.win32

1- backdoor.win32 ... ( i cant remember the rest of the name cause i solved this one )
2-backdoor.win32.ZAcess,fln ( still on my PC and still makes me so much problems )

Except that I daily delete about 50 infected files, for e.g. files like
- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\autostore.dll
- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\cacheserver.dll
- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\mcp.dll

these and and much more similar, I think they appear every 5 minutes and all are located in different windows processes

I had also a very weird messages such as that my programs are not valid windows application and can not be run at all.
Then i have to restart PC to be able to work in my programs again.

So I managed to get rid of the first who was responsible for these messages.
I don't know is that important but I'll describe
Due to a registry scan I was able do I find out whereabouts of the infected files - through registry editor program and Tune up your utilities I found them exactly in the registry and wiped them manually .

I found it in HKAY/CURRENT USER/SYSTEM/Current Control Set /Services
infected files called //./global root/ system root/system 32/ svchost.exe
I made a restore point and deleted about 5 of these files.

After that i have no more of these strange messages that block work with the applications but still problem with virus
Backdoor.Win32.ZAccess.fln - which creates me mess and think constantly multiplies.
So please help me , i know many things about computers and solving problems but i have to admit i am not familiar with
Disable Spybots' TeaTimer, " Tdsskiller log" so if i have to do something like this please explain how .

Ultimately I am able to reinstall the operating system but would rather not if I do not have to do that.
Eagerly waiting your replay

Thank you in advance ,
Kind regards
Jean

_{edit: italics sted red.}

This post has been edited by richbuff: 18.04.2012 03:37

[richbuff]

Welcome. Please see the first Important topic. There, you will find instructions for logs.

Please see the small print that is located at the bottom of this message.

Also, please follow this Tech Article to run tdsskiller: http://support.kaspersky.com/viruses/solutions?qid=208280684
Please attach the tdsskiller log. Located at: C:\TDSSKiller.~~~~~log.txt

[RMW-IT]

Hi again,

Richbuff:

Thank you for your input on this and I am glad to hear that you think that they are gone. We are keeping a close eye on them and running deep scans in safe mode as often as we can.

It may be of help to know that some of the infections seemed to be living in the system restore area of the C: drive. After backing these up on a spare external HDD I just used Disk Cleanup's system restore deletion tool to get rid of their hiding place. We ran a scan after this and found nothing.
I realise that removing backups is not the best of options but it seems to have worked in this instance. If Jean is suffering from the same problems as me (worth verifying) then perhaps this may be something to be considered.

Jean: I am sure that Richbuff will sort you out on this. He is a very active member of this forum and I knows his stuff. Please do not carry out anything that helped me unless approved of by him or other moderator.

Thanks again.

Best regards,

David