AVG 2013 Says Volsnap Infected With Trojan Generic3_c.BNQG

Page 3 of 3 FirstFirst 123

  1. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #21

    Good!!

    Please go to the http://www.bleepingcomputer.com/download/tdsskiller/
    Select the .exe version
    Double-click on TDSSKiller.exe to run the program.

    When the TDSSKiller console opens, click on: Change Parameters
    Under Additional Options, place a check in the box next to: Detect TDLFS File System
    Click: OK

    Press: Start Scan


    •If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
    •If malicious objects are found, they show in the Scan results.
    Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
    (Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

    When done, the tool creates a log on the disk with the Windows Operating System, normally C:\

    Logs have a name like:
    C:\TDSSKiller.X.X.X_1.05.2013_15.31.43_log.txt

    Please attach the TDSSKiller log in your reply.

    Notice any improvement?

    Need to go out for a while, but will return @ o/a 8:00PM CST
      My Computer
    Quote Quote

  3. mohavepc
    Posts : 572
    Windows 7 Professional x64
    Thread Starter
       New #22

    Run from the desktop of the infected machine right?

    Ok HUGE file. Will be another 3 or 4 parter.

    Actually its 47 pages long should I zip it and upload instead? It is going to be a lot of copy pasta if I do inline text. Your call but its a clean scan nonetheless.
      My Computer
    Quote Quote

  4. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #23

    mohavepc

    Dont want to step on anyones toes . Just trying to help. Download the programs on a clean machine run the scans on the infected PC .

    So yes run the tdsskiller on the infected PC
      My Computer
    Quote Quote

  6. mohavepc
    Posts : 572
    Windows 7 Professional x64
    Thread Starter
       New #24

    VistaKing said:
    mohavepc

    Dont want to step on anyones toes . Just trying to help. Download the programs on a clean machine run the scans on the infected PC .

    So yes run the tdsskiller on the infected PC
    No problem here Vistaking. I was wanting to make sure he meant for ir to be run from the desktop not from the flash drive via c: prompt.

    Ran just fine from desktop and came up clean but the log is 47 pages long and I think it's too much for a clean log. If it needs to be copy and pasted then so be it. being lazy I guess... lol doing win updates on the machine now and that's what triggered the infection question originally so we shall see. During updates was when AVG said the Volsnap.sys was infected
      My Computer
    Quote Quote

  7. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #25

    Upload it insterad of posting it!!

    47 pages????

    Holy schmollie...have never seen one that large.

    Under Additional Options, you did not place a check on anything else other than the box next to: Detect TDLFS File System... I hope.
      My Computer
    Quote Quote

  8. mohavepc
    Posts : 572
    Windows 7 Professional x64
    Thread Starter
       New #26

    cottonball said:
    Upload it insterad of posting it!!

    47 pages????

    Holy schmollie...have never seen one that large.

    Under Additional Options, you did not place a check on anything else other than the box next to: Detect TDLFS File System... I hope.
    ok my bad.... I left the other checks, I will rerun in now got a minute?
      My Computer
    Quote Quote

  10. mohavepc
    Posts : 572
    Windows 7 Professional x64
    Thread Starter
       New #27

    Ok new log with JUST Detect TDLFS File System Check marked lol.... sorry by bad.

    16:04:24.0015 5408 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    16:04:24.0499 5408 ============================================================
    16:04:24.0499 5408 Current date / time: 2013/05/24 16:04:24.0499
    16:04:24.0499 5408 SystemInfo:
    16:04:24.0499 5408
    16:04:24.0499 5408 OS Version: 6.1.7601 ServicePack: 1.0
    16:04:24.0499 5408 Product type: Workstation
    16:04:24.0499 5408 ComputerName: HOLLY-PC
    16:04:24.0499 5408 UserName: Holly
    16:04:24.0499 5408 Windows directory: C:\windows
    16:04:24.0499 5408 System windows directory: C:\windows
    16:04:24.0499 5408 Processor architecture: Intel x86
    16:04:24.0499 5408 Number of processors: 1
    16:04:24.0499 5408 Page size: 0x1000
    16:04:24.0499 5408 Boot type: Normal boot
    16:04:24.0499 5408 ============================================================
    16:04:26.0371 5408 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    16:04:26.0387 5408 Drive \Device\Harddisk1\DR3 - Size: 0x1E150DE00 (7.52 Gb), SectorSize: 0x200, Cylinders: 0x3D5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:04:26.0387 5408 ============================================================
    16:04:26.0387 5408 \Device\Harddisk0\DR0:
    16:04:26.0387 5408 MBR partitions:
    16:04:26.0387 5408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
    16:04:26.0387 5408 \Device\Harddisk1\DR3:
    16:04:26.0387 5408 MBR partitions:
    16:04:26.0387 5408 ============================================================
    16:04:26.0418 5408 C: <-> \Device\Harddisk0\DR0\Partition1
    16:04:26.0418 5408 ============================================================
    16:04:26.0418 5408 Initialize success
    16:04:26.0418 5408 ============================================================
    16:04:33.0609 6100 ============================================================
    16:04:33.0609 6100 Scan started
    16:04:33.0609 6100 Mode: Manual; TDLFS;
    16:04:33.0609 6100 ============================================================
    16:04:33.0609 6100 ============================================================
    16:04:33.0609 6100 Scan finished
    16:04:33.0609 6100 ============================================================
    16:04:33.0625 3220 Detected object count: 0
    16:04:33.0625 3220 Actual detected object count: 0
    16:04:37.0041 4648 Deinitialize success


    You forgot to tell me to Uncheck the other boxes....
    Last edited by mohavepc; 24 May 2013 at 18:08. Reason: Good natured Ribbing
      My Computer
    Quote Quote

  11. mohavepc
    Posts : 572
    Windows 7 Professional x64
    Thread Starter
       New #28

    I did not check mark Loaded Modules or Verify file digital signatures but left Boot sectors, services and drivers and system memory checked and yes it was 47 pages. Zipped and attached
    AVG 2013 Says Volsnap Infected With Trojan Generic3_c.BNQG Attached Files
      My Computer
    Quote Quote

  12. mohavepc
    Posts : 572
    Windows 7 Professional x64
    Thread Starter
       New #29

    Ran Updates with no issues, Ran AVG Scan and Rootkit scan, again no issues. I do believe we got it Cottonball. That you very much.

    I do believe I can mark this one solved. Going home or mabey out for a sip. we'll see. Good day gents and if you ever need hardware or sume windoze answers just holler. I may not be great with viruses but I think I can hold my own.

    And a thank you to VistaKing for getting me started.
      My Computer
    Quote Quote

  13. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #30

    Glad to help, mohavepc!
      My Computer
    Quote Quote

 
Page 3 of 3 FirstFirst 123

  Related Discussions
The SvcHost.exe file in the System32 folder has been infected with a trojan, How do I remove it?? I am very scared and don't want to lose everything on my computer. I'm not very familiar with virus removal at all so I don't know what (if anything??) can be done about this. My antivirus, AVG free...
So a few days ago I started getting notifications from my norton AV saying it blocked an attempted attack by 'Trojan.Zbot'. Not too long after that I started to notice windows explorer acting very strange. No thumbnails would appear for pictures.. No previews... Couldn't empty recycling...
The Run, Task Manager and Control Panel are hidden. The system shows virus alert. I have AVG 7 but it does'nt help. It has even stopped my broadband connection. I cannot format my whole system. It has valuable information. Please help.
Typical, giving error of sshnas21.dll missing at the startup of my windows 7 ultimate. I use MSE as anivirus, which caught it and declaired it has been removed. But, after reboot, its clear that its not gone, giving error of sshnas21.dll missing. Currently I am scanning with MRT (Aug 2010)...
I had a Action Center message this morning that said my comp. was infected with the winlogon Trojan. I've tried many virus removal tools, such as Malware Bytes, Look2Me Destroyer (which wouldn't run), Avira, Spybot, & Super Antivirus Remover. Nothing shows up. Does anyone know how to get rid of...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 07:40.
Find Us