IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> New Virus and Trojan Issue
RMW-IT
post 12.04.2012 17:26
Post #1


Newbie
*

Group: Members
Posts: 7
Joined: 12.04.2012




Hi there,

One of our work computers has detected three new infections:

Backdoor.Win32.ZAccess.fln
Trojan-Ransom.Win32.PornoAsset.fdt
Virus.Win32.ZAccess.c

Unfortunately I cannot find a working solution at the moment.

I have attempted disinfection and deletion in normal running and safe mode, TDSSKiller and Virus Removal 2011 but to no avail. I realise that these are new infections and so may not be curable yet.

The log file for the computer is here:
My computer log

Please help me if possible.

Best regards,

David
Go to the top of the page
 
+Quote Post
richbuff
post 13.04.2012 03:12
Post #2


Oldtimer
****************

Group: Moderators
Posts: 48824
Joined: 14.06.2007




Please disable Spybots' TeaTimer, and attach the other log that the first Important topic boldly requests, and also please attach your Tdsskiller log.

Please see the small print that is located at the bottom of this message.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
RMW-IT
post 16.04.2012 20:54
Post #3


Newbie
*

Group: Members
Posts: 7
Joined: 12.04.2012




Hi Richbuff,

Thanks for the swift reply.

I have attached the tdsskiller log as a txt file and also the AVZ syscure.zip. Apologies for not including them before.

Best regards,

David
Attached File(s)
Attached File  tdsskiller.txt ( 44,5K ) Number of downloads: 2
Attached File  virusinfo_syscure.zip ( 193,99K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
RMW-IT
post 16.04.2012 21:16
Post #4


Newbie
*

Group: Members
Posts: 7
Joined: 12.04.2012




I should also mention that the virus alerts are no longer happening with a Kaspersky full scan.

Perhaps they have gone... biggrin.gif

Best regards,

David
Go to the top of the page
 
+Quote Post
richbuff
post 17.04.2012 04:48
Post #5


Oldtimer
****************

Group: Moderators
Posts: 48824
Joined: 14.06.2007




You're welcome. Your logs look clean, so it/they are probably gone. smile.gif


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Jeannet
post 17.04.2012 23:37
Post #6


Newbie
*

Group: Members
Posts: 1
Joined: 17.04.2012




Hi guys,

I am completely new on the forum, assume that the rule is to start a new topic but my problem is very similar as David's.
So please help me unsure.gif

Previous day, my Kaspersky has detected two viruses, both of the categories backdoor.win32

1- backdoor.win32 ... ( i cant remember the rest of the name cause i solved this one )
2-backdoor.win32.ZAcess,fln ( still on my PC and still makes me so much problems )

Except that I daily delete about 50 infected files, for e.g. files like
- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\autostore.dll
- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\cacheserver.dll
- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\mcp.dll


these and and much more similar, I think they appear every 5 minutes and all are located in different windows processes

I had also a very weird messages such as that my programs are not valid windows application and can not be run at all.
Then i have to restart PC to be able to work in my programs again.

So I managed to get rid of the first who was responsible for these messages.
I don't know is that important but I'll describe
Due to a registry scan I was able do I find out whereabouts of the infected files - through registry editor program and Tune up your utilities I found them exactly in the registry and wiped them manually .

I found it in HKAY/CURRENT USER/SYSTEM/Current Control Set /Services
infected files called //./global root/ system root/system 32/ svchost.exe
I made a restore point and deleted about 5 of these files.

After that i have no more of these strange messages that block work with the applications but still problem with virus
Backdoor.Win32.ZAccess.fln - which creates me mess and think constantly multiplies.
So please help me , i know many things about computers and solving problems but i have to admit i am not familiar with
Disable Spybots' TeaTimer, " Tdsskiller log" so if i have to do something like this please explain how .

Ultimately I am able to reinstall the operating system but would rather not if I do not have to do that.
Eagerly waiting your replay ak.gif

Thank you in advance ,
Kind regards
Jean

edit: italics sted red.

This post has been edited by richbuff: 18.04.2012 03:37
Go to the top of the page
 
+Quote Post
richbuff
post 18.04.2012 03:39
Post #7


Oldtimer
****************

Group: Moderators
Posts: 48824
Joined: 14.06.2007




Welcome. Please see the first Important topic. There, you will find instructions for logs.

Please see the small print that is located at the bottom of this message.

Also, please follow this Tech Article to run tdsskiller: http://support.kaspersky.com/viruses/solutions?qid=208280684
Please attach the tdsskiller log. Located at: C:\TDSSKiller.~~~~~log.txt


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
RMW-IT
post 18.04.2012 13:26
Post #8


Newbie
*

Group: Members
Posts: 7
Joined: 12.04.2012




Hi again,

Richbuff:

Thank you for your input on this and I am glad to hear that you think that they are gone. We are keeping a close eye on them and running deep scans in safe mode as often as we can.

It may be of help to know that some of the infections seemed to be living in the system restore area of the C: drive. After backing these up on a spare external HDD I just used Disk Cleanup's system restore deletion tool to get rid of their hiding place. We ran a scan after this and found nothing.
I realise that removing backups is not the best of options but it seems to have worked in this instance. If Jean is suffering from the same problems as me (worth verifying) then perhaps this may be something to be considered.

Jean: I am sure that Richbuff will sort you out on this. He is a very active member of this forum and I knows his stuff. Please do not carry out anything that helped me unless approved of by him or other moderator.

Thanks again.

Best regards,

David

Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 23.08.2014 07:31