Help removing virus located in winsxs folder

[ROBO731]

Avast has informed me that I have a virus located primarily in my Winsxs folder. I would like to remove it. Here are the results of the scan. I tried to click repair, but as you can see it is telling me that access is denied. I haven't really noticed any differences in my system lately and I'm not sure when I accumulated this virus/viruses. Hopefully I can remove it. Let me know if you need any more information. Any help would be greatly appreciated.

 

[ROBO731]

Okay, I re-scanned and now it says no virus found, but I still feel that I should check this out a bit.

 

[Jacee]

Way too tiny to see, but I could see "Rootkit"
My best advice would be to wipe and do a 'clean install'.

You can never be sure that your OS will be stable again without a thorough cleaning.

Please read about Rootkits and what they do: Rootkit - Wikipedia, the free encyclopedia

 

[Layback Bear]

Jacee they are all rootkets. 3 exe. 2 system and the rest dll. What a mess.
Jacee got the right idea. Take a look at this.
http://www.sevenforums.com/tutorials/197255-windows-7-installation-prepare-pc-sold.html
This will wipe and a clean install.

 

[ROBO731]

Hmm, well it seems like it's a pretty serious threat to me. I haven't noticed it, but I guess I'm not supposed to. Before I go any further I have some questions. I re-scanned with Avast and it said that there was no threat found. Do you think it's actually gone? If I do decide to re-install the operating system (which I would like to avoid if possible) what will I be able to recover. I have a lot of customized settings and what not. What do you think these rootkits might be doing to my system? Can they infect files I put on flash drives or other removable media? I understand there is an alternative to putting n a clean operating system, how might I do that? I know it's a lot of questions, sorry and thanks for your help guys.

 

[karlsnooks]

Please see post #3 and #4 and read the referenced material.

Your answers are there.

 

[ROBO731]

Thanks, I have read both pages and they do not answer all my questions, that is why I posted my questions.

 

[Borg 386]

You could try TDSSKiller, which might fix some of the problems.

However, rootkits are deep infections which can either write a hidden boot sector or compromise OS files. And, rootkits tend to introduce other viruses to the system. Some rootkits are able to circumvent AV scans. The Sirefef virus does this by presenting a ligitimate file to the AV scanner. When an AV scan is run, the legitimate file is presented to the scanner and it comes back as clean. In reality, once the legitimate file is run, the OS switches to the rouge driver and the rootkit is active and running. The Microsoft site recommends a clean reinstall for most variants of rootkits.

Being that your initial scan showed multiple infected files, the best/safest choice is a clean install.

Also, note that your AV scanner was denied access to these files, hence, no action was taken to remove them. Also, don't you find it strange that despite the detection of multiple infected files to which no access was allowed by the AV, they disappeared during the second scan? This is typical of the latest virus strains adaptive behavior.

Yes, viruses will jump to USB & removable media drives.

You could have been infected in multiple ways, a compromised website, a false update, keygens, etc.

Have a look at this tutorial on making a system image & once the machine is cleaned (Do NOT make one now), make & keep a couple of these around. Next time something like this happens, it can save you a lot of time.

http://www.sevenforums.com/tutorials/663-backup-complete-computer-create-image-backup.html

 

[ROBO731]

Okay thanks, I did find it strange. I figured that it was probably still there. Anyway, is it safe to save/backup any of my files? I have some files that I would like to keep. Also, this is my laptop and I have moved countless files between this computer and my desktop. Do you think that the other computer might be infected as well?

 

[Valon1982]

even if you remove the virus, always leave behind damages in files and many other things, the best option is FORMAT!

 

[ROBO731]

Hmm, although I hate to do it I guess I'll have to. There's just one folder that I need. I'll move it to a flash drive. How should I go about checking that file for infections?

 

[Valon1982]

unistall your antivirus and istall MSE again if you have already! make to your system full scan!!

 

[ROBO731]

MSE?

 

[Valon1982]

the free anti virus Microsoft security essentials!

 

[ROBO731]

Oh okay I'll give it a try. Do you think that the virus may have infected my other computer since I have transferred files between them? Also Since I need this one folder, is it okay to take it with me to the other computer?

 

[Valon1982]

nobody can gives a sure answer, but if you see it also to start to react strange(get slow, many apps fail to open, changments to your backround programs) is very possible, many viruses they are in your pc and you dont even understand it, we can just hope to didnt infect

 

[ROBO731]

K, I will probably just end up formatting and putting on a new copy of windows. One thing that I really need to know is if it is safe to move one of my folders to another computer.

 

[Layback Bear]

Any thing you save from the infected computer is most likely infected also. Any other computer that you were networked with is most likely infected also. You are not dealing with some little toy infection when you spank it it will go away. This is one bad ass rootket that has probably infected more places in your system that your anti virus scan found.

 

[ROBO731]

Okay thanks for the info, but still, no one has told e what it might be doing/trying to do to my system.

 

[Layback Bear]

Come on now lets get serious. Because no one knows except the people who created it and a few experts that work in the anti virus field. For sure it wasn't created to make your computing life better.