I seem to have been invaded by a Trojan. (Name listed above) AVG detected it but cannot remove it. I get access denied when I request that it be removed. I think the affected program is explorer.exe since I get a message from AVG whenever explorer.exe is started. What to do, what to do. Any assistance is appreciated.
Thanks,
jdg
Download DDS from one of these links:
DDS.com
DDS.pif
- Disable any script blocking protection
- Double click the dds icon to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt <--- will be minimized in the task tray
- Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
gloverjd,
In addition to what Jacee requested, can you tell us what files/location AVG is reporting?
Also, please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)
When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
Select the version for your system: 32-bit or 64-bit (See Note below.)
Click the applicable dark-blue button to download.
Save to the Desktop.
Close all windows and browsers.
Right-click and select: Run as Administrator
At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN
When done, a report opens on the Desktop: RKreport.txt
Please provide the RKreport.txt (Mode: Scan) in your reply.
(Do not take action to fix anything, please!!)
Note:
You need to know if the infected computer is running a 32-bit or 64-bit system.
To find out, click: Start
Type System in the Start Search box
Click System in the Programs list.
The operating system is displayed as follows under System > System type:
64-bit Operating System
32-bit Operating System
I think I have included everything asked for. The Word document contains three screen prints: One shows AVG blocking the threats. The other two are the infected programs - explorer.exe and RogueKiller64.exe. Hope you got the attachments; I did not insert them.
Thanks,
jdg
gloverjd,
Thanks for the additional info.
Let's press on with RogueKiller...
•Please quit all programs
•Right-click the RogueKiller file and select: Run as Administrator
•Wait until the Prescan finishes
•Press: Scan
•Once the scan is done, click the Registry tab.
•Make sure only the following entry is checked:
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1195105727-229723847-1802915304-1002\$77080bb8b6c592054498c15000827081\n) [-] -> FOUND
•Now, click the Files tab.
•Make sure the following four entries are checked:
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1195105727-229723847-1802915304-1002\$77080bb8b6c592054498c15000827081\n [-] --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1195105727-229723847-1802915304-1002\$77080bb8b6c592054498c15000827081\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1195105727-229723847-1802915304-1002\$77080bb8b6c592054498c15000827081\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1195105727-229723847-1802915304-1002\$77080bb8b6c592054498c15000827081\L --> FOUND
•Now, press the [Delete] button.
Please post the new RKreport (Mode: Remove) in your reply.
The report is created on the Desktop.
Did as you requested. The file from RogueKiller is attached.
Thanks,
jdg
The last report is Mode Scan, and nothing happened there, other than showing the entries.
Is there an RKreport (Mode: Remove) or (Mode Delete) somewhere on the Desktop?
It shows what was removed/deleted.
Oops, my bad. I didn't close enough. I think the attached is what you are looking for. I've also noticed that AVG has not reported a threat since these entries were removed.
Thanks,
jdg
Quote