Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan services.exe [Solved]


  • This topic is locked This topic is locked

#1
Pictousse

Pictousse

    New Member

  • Member
  • Pip
  • 2 posts
Hello,
Yesterday my antivirus (Avira Free Antivirus) reported often that a file is a virus.

Dans le fichier 'C:\Windows\System32\services.exe'
un virus ou un programme indésirable 'W32/Patched.UA' [virus] a été détecté.
Action exécutée : Refuser l'accès

Which means, in the file 'C:\Windows\System32\services.exe' a virus or a malware 'W32/Patched.UA' [virus] has been detected.
Action taken : Access denied (I'm sorry my English is not good)


Let me start from the beginning, yesterday, I detected 3 trojans

Dans le fichier 'C:\Windows\Installer\{bb71f352-0047-ed19-c339-52f74ba618cf}\U\[email protected]'
un virus ou un programme indésirable 'TR/ATRAPS.Gen' [trojan] a été détecté.
Action exécutée : Refuser l'accès


Dans le fichier 'C:\Windows\Installer\{bb71f352-0047-ed19-c339-52f74ba618cf}\U\[email protected]'
un virus ou un programme indésirable 'TR/ATRAPS.Gen2' [trojan] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\Windows\Installer\{bb71f352-0047-ed19-c339-52f74ba618cf}\U\[email protected]'
un virus ou un programme indésirable 'TR/Small.FI' [trojan] a été détecté.
Action exécutée : Refuser l'accès


I managed to erase these 3 files manually, however after that, the services.exe started to be reported. I tried to find help on the internet.
But it seems that the only way is to use "powerful" software which could damage my computer. And I have no idea how to use these softwares.

What should I do?

Thank you very much,
Pictousse
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Hello Pictousse and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I would like you to download and run 2 programs for me, then I will work up a fix for your system.

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:
  • OTL.txt log file
  • Extras.txt log fil
  • aswMBR log file

  • 0

#3
Pictousse

Pictousse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Okay sorry for being late, it seems that the virus was worse than I thought, and I had to format everything.... I'm sorry about that, I barely managed to reinstall everything again ^^.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP