Royalmilewhiskies

New Virus and Trojan Issue

8 posts in this topic

Hi there,

 

One of our work computers has detected three new infections:

 

Backdoor.Win32.ZAccess.fln

Trojan-Ransom.Win32.PornoAsset.fdt

Virus.Win32.ZAccess.c

 

Unfortunately I cannot find a working solution at the moment.

 

I have attempted disinfection and deletion in normal running and safe mode, TDSSKiller and Virus Removal 2011 but to no avail. I realise that these are new infections and so may not be curable yet.

 

The log file for the computer is here:

My computer log

 

Please help me if possible.

 

Best regards,

 

David

Share this post


Link to post
Share on other sites

Please disable Spybots' TeaTimer, and attach the other log that the first Important topic boldly requests, and also please attach your Tdsskiller log.

 

Please see the small print that is located at the bottom of this message.

Share this post


Link to post
Share on other sites

I should also mention that the virus alerts are no longer happening with a Kaspersky full scan.

 

Perhaps they have gone... :D

 

Best regards,

 

David

Share this post


Link to post
Share on other sites

You're welcome. Your logs look clean, so it/they are probably gone. :)

Share this post


Link to post
Share on other sites

Hi guys,

 

I am completely new on the forum, assume that the rule is to start a new topic but my problem is very similar as David's.

So please help me :unsure:

 

Previous day, my Kaspersky has detected two viruses, both of the categories backdoor.win32

 

1- backdoor.win32 ... ( i cant remember the rest of the name cause i solved this one )

2-backdoor.win32.ZAcess,fln ( still on my PC and still makes me so much problems )

 

Except that I daily delete about 50 infected files, for e.g. files like

- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\autostore.dll

- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\cacheserver.dll

- detected: Trojan program Backdoor.Win32.ZAccess.fln file: C:\WINDOWS\system32\mcp.dll

 

these and and much more similar, I think they appear every 5 minutes and all are located in different windows processes

 

I had also a very weird messages such as that my programs are not valid windows application and can not be run at all.

Then i have to restart PC to be able to work in my programs again.

 

So I managed to get rid of the first who was responsible for these messages.

I don't know is that important but I'll describe

Due to a registry scan I was able do I find out whereabouts of the infected files - through registry editor program and Tune up your utilities I found them exactly in the registry and wiped them manually .

 

I found it in HKAY/CURRENT USER/SYSTEM/Current Control Set /Services

infected files called //./global root/ system root/system 32/ svchost.exe

I made a restore point and deleted about 5 of these files.

 

After that i have no more of these strange messages that block work with the applications but still problem with virus

Backdoor.Win32.ZAccess.fln - which creates me mess and think constantly multiplies.

So please help me , i know many things about computers and solving problems but i have to admit i am not familiar with

Disable Spybots' TeaTimer, " Tdsskiller log" so if i have to do something like this please explain how .

 

Ultimately I am able to reinstall the operating system but would rather not if I do not have to do that.

Eagerly waiting your replay :ak:

 

Thank you in advance ,

Kind regards

Jean

 

edit: italics sted red.

Edited by richbuff

Share this post


Link to post
Share on other sites

Welcome. Please see the first Important topic. There, you will find instructions for logs.

 

Please see the small print that is located at the bottom of this message.

 

Also, please follow this Tech Article to run tdsskiller: http://support.kaspersky.com/viruses/solutions?qid=208280684

Please attach the tdsskiller log. Located at: C:\TDSSKiller.~~~~~log.txt

Share this post


Link to post
Share on other sites

Hi again,

 

Richbuff:

 

Thank you for your input on this and I am glad to hear that you think that they are gone. We are keeping a close eye on them and running deep scans in safe mode as often as we can.

 

It may be of help to know that some of the infections seemed to be living in the system restore area of the C: drive. After backing these up on a spare external HDD I just used Disk Cleanup's system restore deletion tool to get rid of their hiding place. We ran a scan after this and found nothing.

I realise that removing backups is not the best of options but it seems to have worked in this instance. If Jean is suffering from the same problems as me (worth verifying) then perhaps this may be something to be considered.

 

Jean: I am sure that Richbuff will sort you out on this. He is a very active member of this forum and I knows his stuff. Please do not carry out anything that helped me unless approved of by him or other moderator.

 

Thanks again.

 

Best regards,

 

David

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now