Virus found in important Windows File

[wolfsbabe]

I've got a problem. My computer has a trojan in it. I know what files they are but when they are put in Quarantine my internet is disabled. I restored them and once they were restored and restarted my computer my internet was fine again.

The files were:

c:\windows\system32\9446.exe (listed twice)

and

c:\windows\prefetch\9446.ex-25f69e40d.pf

there was one other a temp file that was found also but I didn't restore it since the other two brought back my internet. I'm not sure what to do since those files appear to be infected but when they're removed my internet gives me problems. What do you recommend I do? is there a way to replace those files with non infected files?

I'm also unable to check for virus definition updates (doesn't matter what virus program except for malware bytes is not affected) I can't check them. I'm wondering if those files above could be causing the problem?

what do you recommend I do? malware bytes didn't even pick up those two files.

 

[soulslayer]

I am not sure if this is possible, but I would need another member here to confirm this. My suggestion is to allow the files to remain quarantined and run a Windows repair from the Windows installation disc, which should replace any corrupted/changed/removed Windows files. What operating system are you using currently?

 

[kimsland]

I can confirm that for you

No

The member needs to follow this guide in full: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Also soulslayer, have a read here too Special governing rules for the Virus & Malware removal board

Basically all 3 attachments must be checked first
Also, if a Windows file is ever missing, just run sfc /scannow, but this is presently not required

 

[wolfsbabe]

ok so put those files back in quarantine and then run the hickjack program and it should fix my internet? along with having the viruses gone?

 

[wolfsbabe]

New Logs

alright I requarantined the files after running the program again and ran hijack this. here are the logs for you. as of now that computer has no internet because of those quarantined files.

malware log is in first attachment

 

[kimsland]

I recommend you uninstall your free AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

An alternative Antivirus that I recommend is Avira free Antivirus (also being in the 8-Step guide)

Confirm that it's updated: Manual Update is here: http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip

Run a full scan

Obviously you will need to transfer files (via USB Flash Drive or something?) if removing AVG still does not get you online. (after restart)

 

[soulslayer]

@ kimsland: You are right. That particularly file is not one that would be replaced by a Windows repair. Also, I didn't know about the rules for virus and malware, until you brought it up. Thanks for letting me know.

 

[wolfsbabe]

I recommend you uninstall your free AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

An alternative Antivirus that I recommend is Avira free Antivirus (also being in the 8-Step guide)

Confirm that it's updated: Manual Update is here: http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip

Run a full scan

Obviously you will need to transfer files (via USB Flash Drive or something?) if removing AVG still does not get you online. (after restart)

ya I've got a flash drive. thank god for those handy little things. I had Avira in my computer before and it wasn't able to update either. so I uninstalled it and tried avg to see if it would have a problem updating to and it did. I'll uninstall avg though and reinstall avira and manually update it and try a scan and see what happens. will let you know. do you want me to post a log after the avira scan to?

 

[kimsland]

Definitely :grinthumb

I like proving that AVG just doesn't find stuff

Make sure Avira is updated
And make sure that the AVG Removal Tool was run (its a must)

 

[wolfsbabe]

Thanks I'll give you a try and let you know what happens. I'm going to start using firefox instead of explorer. my coworker said that explorer brings in all the viruses.

 

[kimsland]

Actually Google Chrome is meant to be the best
But I was a strong supporter for Internet Explorer,... actually you still need Internet Explorer to go to certain MS sites anyway.

Anyway I slowly got converted to Firefox (annoyingly)
I'm use to it now

 

[wolfsbabe]

I won't remove it then and if google chrome is the best perhaps I'll try it. I don't like firefox much but if it means less viruses....well I'll live.

question. I removed avg using the remover. reinstalled avira. i've got the update files on my flash drive. now what do I do with the update files? do I need to open them one by one or something or copy and paste into a certain avira file?

 

[kimsland]

Well that manual update file is one file only, not files

But ideally if you now have Internet access without AVG installed (and after restart) just right click on the icon and update online.

If online update does not work still (which is very strange) then just open up Avira fully, click on "Update" on the top toolbar, then click "Manual Update" and then point it to the extracted update file (ideally unzipped to Desktop)

Internet should work now anyway. AVG is gone

 

[wolfsbabe]

oh ok. thanks let me give that a try and let you know what happens. my computer certainly shows that I've got signal just won't connect. lets see if that changed. will be back

 

[kimsland]

You better be quick, I'm tired

 

[wolfsbabe]

the internet doesn't work and the manual update is giving me trouble. I go to look for the file and it doesn't show up. when I exacted the file I clicked on it, it wouldn't do anything. it would just go in and look for more files. what am I missing?

 

[kimsland]

when I exacted the file I clicked on it

Hmm I've never clicked on it

Maybe read above on how to update Avira manually
Sorry for being short, but it's all up there :grinthumb

 

[wolfsbabe]

alright. thanks. I'll have to look again at it later. got to go now.

alright. updated my avira manually. I redownloaded the update file and it worked just fine like it was supposed to with no extra clicks. I fully scanned my computer but no viruses and internet still doesn't work.

I'm attaching the log for you to look at. There were two warning files that Avira was unable to scan.

 

[kimsland]

I think you said you had Wireless:

Wireless Wizard
Start->Run-> rundll32.exe shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
Result: runs the Wireless Wizard

Can you actually connect directly to the Modem?
Also maybe disable Firewall. Also check Windows Firewall is disabled as well, in your Network Connections (you know, you have to right click on your connection etc etc etc)

 

[wolfsbabe]

no I can't connect directly. to far away. but yes I have wireless. I'll try the wizard. If that doesn't work I'll try disabling the firewall. as to disabling the network I've tried repairing it and it usually gives me the yellow triagle icon with the ! point. but I'll try disabling it anyways to see if it makes a difference. I'll let you know if it works or not.

 

[wolfsbabe]

no luck. why is it when those files were removed that they caused files? were they windows files or a virus coded to give internet problems once quarantined? Am I going to need to format? I'm avoiding that but if I have to do that then I'll do it.