Got a message a week ago that svchost.exe is a corrupt file, then went to a blue error screen. The cpu was very loud. Ran my spyware terminatot, found some files labeled rootkit, deleted them. Computer was very sluggish. Throughout the week I downloaded Avast, ran several scans and found trojans, spyware, etc. Then got AVG and it found several Win32/heur's-though for some reason the last scan I did claims 'locked file; could not be tested' for alot of files(see log). Keep getting corrupt file messages from yellow sign in taskbar, like the original message--they say to run chkdsk but I cannot use the fix parameter because 'the system can't be locked: in use by another program'. So....I've been running scans all week with some success but still have prob's. I went through the 8 steps thoroughly and have attached logs. CPU: Dell Optiplex GX270; Win XP,sp3; Pentium 4, 3GHz; 640 Mb RAM; 30 GB hard drive. Thanks.
Persistent malware virus-keep finding trojans with no end in sight
- Thread starter Pharoh
- Start date
- Status
touch
Posts: 976 +0
Hello Pharoh
Please download Combofix from:
https://www.techspot.com/downloads/5587-combofix.html
And save to the desktop.
Close all other browser windows.
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Attach the contents of that log in your next reply
Please download Combofix from:
https://www.techspot.com/downloads/5587-combofix.html
And save to the desktop.
Close all other browser windows.
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Attach the contents of that log in your next reply
ran combofix, found rootkit
Thanks for your reply. Cpu was acting up for my wife tonight so I ran malwarebyte's again and foung 13 more trojans. Next downloaded and ran combofix and have log attached. The four or five "Win32\kungsf..." files were labeled rootkits by the program and they are ones I've seen before but could'nt do anything about them.
Thanks for your reply. Cpu was acting up for my wife tonight so I ran malwarebyte's again and foung 13 more trojans. Next downloaded and ran combofix and have log attached. The four or five "Win32\kungsf..." files were labeled rootkits by the program and they are ones I've seen before but could'nt do anything about them.
touch
Posts: 976 +0
Ok.
Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post, along with fresh hijackthis log
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post, along with fresh hijackthis log
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
touch
Posts: 976 +0
Sounds good, and I was glad to help :grinthumb
Now your computer problems are solved, it is time for the clean-up procedure.
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Please download OTCleanIt.exe
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.
To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place?
Keep safe :wave:
Now your computer problems are solved, it is time for the clean-up procedure.
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Please download OTCleanIt.exe
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.
To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place?
Keep safe :wave:
touch
Posts: 976 +0
This should work:
http://oldtimer.geekstogo.com/OTC.exe
http://oldtimer.geekstogo.com/OTC.exe
- Status
