Trojan Horse hider! netbt.sys file discovered by AVG

AlexR · Mar 9, 2012

Broni said: ↑

Oh, so those registry keys got fixed anyway.

I followed your instructions through. I had the System Restore point in case it went wrong!

Broni said: ↑

You didn't say if your Comodo includes a firewall.

I thought I would be best with Avast Free antivirus and Comodo firewall - only I don't know what the Comodo Defence+ is, and whether it's doubling up on Avast... should I disable it?

Broni · Mar 9, 2012

I thought I would be best with Avast Free antivirus and Comodo firewall

That's perfectly fine.

I still need you to complete the other part of my reply #79.

AlexR · Mar 9, 2012

Broni said: ↑

Download following firewall fix: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe
Double click on downloaded file to run the fix.

Post new FSS log.

Farbar Service Scanner Version: 01-03-2012
Ran by Alex (administrator) on 10-03-2012 at 04:27:50
Running from "C:\Users\Alex\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Mar 9, 2012

Perfect!

You can continue with all other final steps.

AlexR · Mar 9, 2012

Thanks Broni. I'm just about done!!

Just one thing. In the process of cleaning the computer I have now got a Windows restart problem. I know this isn't Virus & Malware removal, but have you got any suggestions?

Broni · Mar 9, 2012

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck!

AlexR · Mar 9, 2012

Great! I'll do that!

Thanks again!

Broni · Mar 9, 2012

You're very welcome

TechSpot

Welcome to TechSpot

Trojan Horse hider! netbt.sys file discovered by AVG

AlexR Newcomer, in training Posts: 58

Broni Malware Annihilator Posts: 39,313 +175

AlexR Newcomer, in training Posts: 58

Broni Malware Annihilator Posts: 39,313 +175

AlexR Newcomer, in training Posts: 58

Broni Malware Annihilator Posts: 39,313 +175

AlexR Newcomer, in training Posts: 58

Broni Malware Annihilator Posts: 39,313 +175

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.