Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: AVG 2013 Says Volsnap Infected With Trojan Generic3_c.BNQG

24 May 2013   #11
mohavepc

Windows 7 Professional x64
 
 

I thought the Alureon was a dns style infection?




Attached Thumbnails
AVG 2013 Says Volsnap Infected With Trojan Generic3_c.BNQG-capture.jpg  
My System SpecsSystem Spec
.
24 May 2013   #12
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

It redirects you do to the DNS

But take a look at this

Code:
Installation

Virus:Win32/Alureon.I is the detection for "volsnap.sys", a system driver that has been infected by members of the Win32/Alureon family.
Taken from the link below

Link Encyclopedia entry: Virus:Win32/Alureon.I - Learn more about malware - Microsoft Malware Protection Center
My System SpecsSystem Spec
24 May 2013   #13
mohavepc

Windows 7 Professional x64
 
 

Your right, I did not see that. so I should also be prepared for a bigger infection correct?
My System SpecsSystem Spec
.

24 May 2013   #14
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

mohavepc

With cottonball's help you will be cured . He has worked on a lot of Alureon trojans on people's PCs
My System SpecsSystem Spec
24 May 2013   #15
mohavepc

Windows 7 Professional x64
 
 

I appreciate it VistaKing and I will await Cottonball's return.
My System SpecsSystem Spec
24 May 2013   #16
cottonball

Windows 7 Home Premium
 
 

My apology for the delay. Do not like to do things in a hurry...

Will be back @ 4:30PM CST and we will proceed.

Thanks for your patience.
My System SpecsSystem Spec
24 May 2013   #17
cottonball

Windows 7 Home Premium
 
 

mohavepc,

Please copy/paste the text inside the quote box to Notepad (Do not copy the word 'Quote')

Quote:
Replace: C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys C:\Windows\System32\drivers\volsnap.sys
In Notepad, click File (at the top), and select: Save As...
In the Save As... prompt, name the file fixlist.txt, and save it to the USB pendrive <<--- Important!!

NOTE. It is important that FRST and the fixlist.txt are in the same location (USB pendrive) or this will not work.

Run FRST64 as you did previously, press the Fix button, just once, and wait.

When done, the tool makes a log on the Desktop: Fixlog.txt

Please post Fixlog.txt in your reply.
My System SpecsSystem Spec
24 May 2013   #18
mohavepc

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
mohavepc,

Please copy/paste the text inside the quote box to Notepad (Do not copy the word 'Quote')

Quote:
Replace: C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys C:\Windows\System32\drivers\volsnap.sys
In Notepad, click File (at the top), and select: Save As...
In the Save As... prompt, name the file fixlist.txt, and save it to the Desktop <<--- Important!!

NOTE. It is important that FRST and the fixlist.txt are in the same location (Desktop) or this will not work.

Run FRST and press the Fix button, just once, and wait.

When done, the tool makes a log on the Desktop: Fixlog.txt

Please post Fixlog.txt in your reply.
FRST is going to be able to copy a system file in a "running" windows environment?

Ran from desktop of corrupted machine
here is the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-05-2013
Ran by Holly at 2013-05-24 15:03:45 Run:1
Running from C:\Users\Holly\Desktop
Boot Mode: Normal
==============================================
C:\Windows\System32\drivers\volsnap.sys => Could not move.
Could not replace C:\Windows\System32\drivers\volsnap.sys
==== End of Fixlog ====

Would it be easier if I booted into Linux and copied the file? I have several live disks at my disposal.
My System SpecsSystem Spec
24 May 2013   #19
cottonball

Windows 7 Home Premium
 
 

mohavepc,


I think I lost it!!


Trying to do too many things at once. My apology...

Modified the previous instructions. Please try them again.
My System SpecsSystem Spec
24 May 2013   #20
mohavepc

Windows 7 Professional x64
 
 

L O L .... I was wondering there for a few. ok here is the new log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-05-2013
Ran by SYSTEM at 2013-05-24 15:23:31 Run:2
Running from F:\
Boot Mode: Recovery
==============================================
C:\Windows\System32\drivers\volsnap.sys => Moved successfully.
C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys copied successfully to C:\Windows\System32\drivers\volsnap.sys
==== End of Fixlog ====
My System SpecsSystem Spec
Reply

 AVG 2013 Says Volsnap Infected With Trojan Generic3_c.BNQG




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
No thumbnails appearing... Might be infected with Trojan.Zbot. Help!
So a few days ago I started getting notifications from my norton AV saying it blocked an attempted attack by 'Trojan.Zbot'. Not too long after that I started to notice windows explorer acting very strange. No thumbnails would appear for pictures.. No previews... Couldn't empty recycling...
System Security
My system is infected with a trojan. It has hidden c & d drives. ?
The Run, Task Manager and Control Panel are hidden. The system shows virus alert. I have AVG 7 but it does'nt help. It has even stopped my broadband connection. I cannot format my whole system. It has valuable information. Please help.
System Security
Infected with Trojan horse giving known error
Typical, giving error of sshnas21.dll missing at the startup of my windows 7 ultimate. I use MSE as anivirus, which caught it and declaired it has been removed. But, after reboot, its clear that its not gone, giving error of sshnas21.dll missing. Currently I am scanning with MRT (Aug 2010)...
Performance & Maintenance
Infected With winlogon Trojan
I had a Action Center message this morning that said my comp. was infected with the winlogon Trojan. I've tried many virus removal tools, such as Malware Bytes, Look2Me Destroyer (which wouldn't run), Avira, Spybot, & Super Antivirus Remover. Nothing shows up. Does anyone know how to get rid of...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App