win32/Small.CA virus

Page 2 of 5 FirstFirst 1234 ... LastLast

  1. veegee
    Posts : 69
    Windows 7 Home Premium 64 bit SP1
    Thread Starter
       New #11

    win32/Small.CA virus


    Second log for System Lock:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:35 on 10/02/2013 by xxxxxx
    Administrator - Elevation successful
    No Context: HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /sub
    -= EOF =-
    Last edited by veegee; 11 Feb 2013 at 01:18. Reason: correction
      My Computer
    Quote Quote

  3. veegee
    Posts : 69
    Windows 7 Home Premium 64 bit SP1
    Thread Starter
       New #12

    win32/Small.CA virus


    Second log for System Look:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:45 on 10/02/2013 by xxxxx
    Administrator - Elevation successful
    No Context: HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /sub
    -= EOF =-
    Last edited by veegee; 11 Feb 2013 at 01:19. Reason: duplication delete & correction
      My Computer
    Quote Quote

  4. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #13

    Strange...

    Try the following:

    :reg
    HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Or,

    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc /sub
    If no result, then, do the following:

    Please download Farbar Service Scanner






    Save to the Desktop
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press: Scan
    • FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply.
      My Computer
    Quote Quote

  6. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #14

    Make sure the :reg is included in SystemLook.
      My Computer
    Quote Quote

  7. veegee
    Posts : 69
    Windows 7 Home Premium 64 bit SP1
    Thread Starter
       New #15

    win32/Small.CA virus


    System Log report:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:54 on 10/02/2013 by xxxxxx
    Administrator - Elevation successful
    ========== reg ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
    "DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
    "ErrorControl"= 0x0000000001 (1)
    "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted"
    "Start"= 0x0000000002 (2)
    "Type"= 0x0000000020 (32)
    "Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
    "DependOnService"="RpcSs WinMgmt"
    "ObjectName"="NT AUTHORITY\LocalService"
    "ServiceSidType"= 0x0000000001 (1)
    "RequiredPrivileges"="SeChangeNotifyPrivilege SeImpersonatePrivilege"
    "DelayedAutoStart"= 0x0000000001 (1)
    "FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]

    -= EOF =-

    Every time I copied the KLM/system.....into system look, the HKey_Local_ would come up. Maybe restart and post the KLM again in another post?
    Last edited by veegee; 11 Feb 2013 at 01:21. Reason: correction
      My Computer
    Quote Quote

  8. Slartybart
    Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       New #16

    HKLM is just shorthand for HKEY_Local_Machine
      My Computer
    Quote Quote

  10. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #17

    This is a tough ride...any entries we look into are OK.

    BTW, you can XXX out your name anytime you wish.

    If you had problems removing the Easy Burner program, and parts of it did not uninstall, see if the following finds anything pertaining to it:

    Download and install the Revo Uninstaller (Freeware):
    http://www.revouninstaller.com/download/revosetup.exe
    Run Revo Uninstaller

    At the console, select the program to remove (if there), and click the Uninstall icon.

    Now, select: Advanced

    Click Next, and follow the prompts.

    Please click Select All (1.) and Delete (2.) to delete all Registry items, folders and files listed by Revo.
    If asked to restart the computer, please do so.
      My Computer
    Quote Quote

  11. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #18

    Without regard to the outcome of Revo, try the Microsoft Safety Scanner (64-bit version):
    Microsoft

    Post back on what it finds..
      My Computer
    Quote Quote

  12. veegee
    Posts : 69
    Windows 7 Home Premium 64 bit SP1
    Thread Starter
       New #19

    win32/Small.CA virus


    Installed Revo Uninstaller but could not find any traces of that Easy Burner. Do you ignore that Program Compatibility Assistant that comes up with Revo install that reads - Reinstall using recommended settings and below - This program installed correctly?

    MSS scan - No infections MSRT - No infections

    This sure has been a journey and Action Center still says to remove win32/Small.CA virus. Where in blazes could it be?

    Farbar FSS.text log: (checked in those 6 items you listed)

    Farbar Service Scanner Version: 10-02-2013
    Ran by xxxxx (administrator) on 10-02-2013 at 22:14:24
    Running from "C:\Users\xxxxxx\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
    Last edited by veegee; 11 Feb 2013 at 01:40. Reason: correction
      My Computer
    Quote Quote

  13. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #20

    Well, we keep on rolling...

    Please download the Junkware Removal Tool:
    Junkware Removal Tool Download
    Save to the Desktop.

    Temporarily shut down your protection software to avoid potential conflicts.

    Right-click JRT.exe and select: Run as Administrator

    The tool opens and starts scanning the system. Please be patient as this can take a while...

    When done, a report (JRT.txt) is saved on the Desktop.
    Please post the contents of JRT.txt in your reply.



    Next, please download Temp File Cleaner (TFC):
    TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums

    Double-click on TFC.exe to run the program.

    Be sure to save any work in progress before running TFC!!

    Click on Start to begin the cleaning process.
    TFC closes all running programs, and may ask you to restart the computer.

    When done, also check the Action Center.
      My Computer
    Quote Quote

 
Page 2 of 5 FirstFirst 1234 ... LastLast

  Related Discussions
Hi hi all and thanks in advance for taking the time to read this. I hope I can get some help with this as well as help persons who also need help with this. I had posted this same message on TomsHardware.com but to no avail, I got no responses so I hope SevenForums can be more help. So Friday I...
Ive just received an action centre message stating Win32/Small.CA virus detected Part 1 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.25.2 Run by matthew.gee at 14:54:17 on 2013-09-19 Microsoft Windows 7 Enterprise ...
I keep getting the annoying message to remove the Win32/Small.CA virus in the message centre, but if I click on the link given, my computer goes off and sulks and never seems to find the message. I've run Malwarebytes, BitDefender and before I changed to BitDefender Total Security, I had and ran...
Win32/Small.CA virus removal
in System Security

Hi Can anyone help me get rid of this virus? Windows Action centre is telling me I have the Win32/Small.CA virus and it stopped my PC working on the 19th June. Since then I have run various antivirus software (Sophos, Malwarebytes, Microsoft security scanner) but none of them have found...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 19:07.
Find Us