Virus/trojan, please help me

[Sjlasjla]

Hi there,
Recently I logged on to my computer, and my anti-virus (Norton Security Suite) won't start, When I try to go to the menu, to enable it, (Right click > Norton security suite) Nothing happens.
I also detected some suspicious files running with taskmanager, like reader_s.exe, 4.TMP, and alot of svchost.exe processes..

I attached a log from hijackthis, when all programs were turned off, except notepad.

Thanks in advance!
P.S. Don't mind my english, I am dutch

 

[cosmido]

Hi,

reader_s.exe is a VIRUT infection, it's very dangerous
It come from P2P.

Perhaps do you will have to (if you have one) use the "original" Windows CD.
And make a sfc /scannow (for repair windows process)

► Save right now all your personal data >> on CD

For manage the deployment of this infection
• Try to don't close/reboot your pc
• When it's not necessary, let Internet connection close and if you can use another pc for download them following fix, it's better.
• Deactivate System restore : http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
(you'll reactivate it after all next step.)

Begin by delete process (infection).
• Open Hijackthis --> [Open the Misc Tools section] --> [Open process manager]
• Select reader_s.exe --> press [Kill process] (remind is path)

Do same thing with these ones who were in hijackthis.
• C:\WINDOWS\system32\7.tmp
• C:\WINDOWS\system32\C.tmp
• C:\WINDOWS\TEMP\1.EXE
• C:\WINDOWS\system32\servises.exe
• C:\WINDOWS\system32\regedit.exe

>> • Make same thing for other new process (infection).

Show hidden file and directory.
• If you need it for this task, use Fix Policies.

• After that, delete all of these "previous" infection on the disk.
_________________________________________________________________

Download FlashDisinfector : http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
• If your antivirus react on Flash Disinfectopr --> deactivate is real-time protection,
• Double-click on Flash_Disinfector.exe,
• Follow instructions (plug all your USB External support..),
...
• Press Ok to make reappear the desktop
_________________________________________________________________

Download Dr.Web : ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
• Run it .. start the fast scan
• If processus are found --> select : Yes for all


When fast scan is complete
• select Options > Change configuration
• select Scanner, and unhook heuristic Analyse
• In main menu : select Analyse all,
• Select the green arrow for start the Scan --> a pub will appear close it.
• Click Yes for all ; if a file is find

When the scan is complete, if infection are find
• Chose "Select All" and Disinfection
• If unable to make the disinfection ; select Quanrantine
• In Main menu --> file --> save report on your desk
• Restart computer (important)
_______________________________________________________________________________________

Download AVPTool : http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/

Restart.. in Safe Mode
• At the bip / Bios screen, press on "F8" (several time),
• Chose safe Mode,
• Enter in your usual account.

► Launch the AVPTool
• Hook everything and all disk.

When scan is complete
• Press on [Report] for Save the report
• post the report

• Post all report and another hiajckthis.