Persistent malware virus-keep finding trojans with no end in sight

By Pharoh
Jun 3, 2009
  1. Got a message a week ago that svchost.exe is a corrupt file, then went to a blue error screen. The cpu was very loud. Ran my spyware terminatot, found some files labeled rootkit, deleted them. Computer was very sluggish. Throughout the week I downloaded Avast, ran several scans and found trojans, spyware, etc. Then got AVG and it found several Win32/heur's-though for some reason the last scan I did claims 'locked file; could not be tested' for alot of files(see log). Keep getting corrupt file messages from yellow sign in taskbar, like the original message--they say to run chkdsk but I cannot use the fix parameter because 'the system can't be locked: in use by another program'. So....I've been running scans all week with some success but still have prob's. I went through the 8 steps thoroughly and have attached logs. CPU: Dell Optiplex GX270; Win XP,sp3; Pentium 4, 3GHz; 640 Mb RAM; 30 GB hard drive. Thanks.
  2. touch

    touch TS Rookie Posts: 978

    Hello Pharoh

    Please download Combofix from:
    And save to the desktop.

    Close all other browser windows.

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    When finished, it will produce a logfile located at C:\combofix.txt.

    Attach the contents of that log in your next reply
  3. Pharoh

    Pharoh TS Rookie Topic Starter

    ran combofix, found rootkit

    Thanks for your reply. Cpu was acting up for my wife tonight so I ran malwarebyte's again and foung 13 more trojans. Next downloaded and ran combofix and have log attached. The four or five "Win32\kungsf..." files were labeled rootkits by the program and they are ones I've seen before but could'nt do anything about them.

    Attached Files:

  4. touch

    touch TS Rookie Posts: 978


    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post, along with fresh hijackthis log

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  5. Pharoh

    Pharoh TS Rookie Topic Starter


    I did everything you asked and have attached the 2 logs. I hope we're getting somewhere...
  6. touch

    touch TS Rookie Posts: 978

    The log´s looks clean. How are things running now ?
  7. Pharoh

    Pharoh TS Rookie Topic Starter


    No apparent issues tonight. So I will repost tommorow with an update. Thank you very much for the help--you've been great.
  8. Pharoh

    Pharoh TS Rookie Topic Starter


    I've only spent a little time on the computer today and everything seems good. I just ran malwarebytes' quick scan and did'nt find anything. Again, thank you soooo much! You kept me from having to spend hundreds of dollars that I do not have.
  9. touch

    touch TS Rookie Posts: 978

    Sounds good, and I was glad to help :grinthumb

    Now your computer problems are solved, it is time for the clean-up procedure.

    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Please download OTCleanIt.exe
    Save it to desktop.
    This will remove all the tools we used to clean your computer.
    Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
    When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    How did I get infected in the first place?

    Keep safe :wave:
  10. Pharoh

    Pharoh TS Rookie Topic Starter


    The link to OTCleanit is inactive-- says page not found. Any suggestions? Thanks.
  11. touch

    touch TS Rookie Posts: 978

  12. Pharoh

    Pharoh TS Rookie Topic Starter

    It worked. Thanks!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...