W7services.exe VIRUS
hey guys, im having an issue with a virus that i cant find any information on..
the major file in the problem is called w7services.exe
files involved are:
c:\windows\w7services.exe
c:\7.exe
c:\documents and settings\"user"\local settings\temp\###.exe (### = 3 digit number)
a file called mwau.exe that is situated in an odd folder in c:\RECYCLER
and other files involved in spreading via flash drive.
(drive):\autorun.inf
(drive):\RECYCLER\(odd path name)
these files i can continually remove again and again, but they all keep coming back.
ive removed any traces of w7services.exe within "HijackThis" and "autoruns (sysinternals)".
theres no trace in the registry.
each time i remove them all, after about 30 mins one of the ###.exe files executes and brings up w7services.exe
w7services.exe shuts down all running programs rending malware scanners useless and starts replacing the files ive removed, starting with 7.exe and then the autorun.inf files on flash drives. mwau.exe seems to return after the computer restarts but it still seems to try and execute with the rest as it shows up in autoruns as "file not found".
my largest problem, is i cant find the trigger and no matter what i do using sys internals to find and survey them, i cant figure what is starting them.
at the moment my final resort is to backup all my extremely important data and format my windows drive hoping that there wont be any traces left when i reinstall windows from scratch.
(other info: im using windows XP pro x32, avast home edition (boot scan was unsuccessful), malware bytes, ad-aware pro) if you want anymore information from me just ask.. help is much appreciated.
hey guys, im having an issue with a virus that i cant find any information on..
the major file in the problem is called w7services.exe
files involved are:
c:\windows\w7services.exe
c:\7.exe
c:\documents and settings\"user"\local settings\temp\###.exe (### = 3 digit number)
a file called mwau.exe that is situated in an odd folder in c:\RECYCLER
and other files involved in spreading via flash drive.
(drive):\autorun.inf
(drive):\RECYCLER\(odd path name)
these files i can continually remove again and again, but they all keep coming back.
ive removed any traces of w7services.exe within "HijackThis" and "autoruns (sysinternals)".
theres no trace in the registry.
each time i remove them all, after about 30 mins one of the ###.exe files executes and brings up w7services.exe
w7services.exe shuts down all running programs rending malware scanners useless and starts replacing the files ive removed, starting with 7.exe and then the autorun.inf files on flash drives. mwau.exe seems to return after the computer restarts but it still seems to try and execute with the rest as it shows up in autoruns as "file not found".
my largest problem, is i cant find the trigger and no matter what i do using sys internals to find and survey them, i cant figure what is starting them.
at the moment my final resort is to backup all my extremely important data and format my windows drive hoping that there wont be any traces left when i reinstall windows from scratch.
(other info: im using windows XP pro x32, avast home edition (boot scan was unsuccessful), malware bytes, ad-aware pro) if you want anymore information from me just ask.. help is much appreciated.
We are learning to "handle" such issues little by little here
