Need some help about this Trojan Horse

Hello,

I am running Windows 7 32bit, and I have encountered Trojan Horse Generic28.auqh

When I first encountered this problem it seemed to late to just run a simple virus scan and fix it as it had infected system32 the file services.exe

I have AVG and MalwareBytes

Avg recognized that Trojan Horse Generic28.auqh was infecting services.exe under system32 but could do nothing about it.
Malwarebytes didn't do a [bleep] thing probably because the virus was telling it everything was alright even if I tried to do updates on both programs.

To get rid of Trojan Horse Generic28.auqh on the system32 file services.exe I took the following steps:

- Booted into safe-mode with networking
- I would of cancelled or stopped any programs in the task manager but none were appearing that seemed like virus only like 4 vital processes
- I proceeded too then go to the C: directory under that I went into windows and the folder Winsx and Copied the Services.exe from there
- I then pasted the Services.exe under C: in no particular folder right under the drive and then navigated to the windows\system32 folder
- I renamed services.exe under system32 to 123.com
- I then went to command prompt and copied over services.exe from the C: drive to the system32 folder and restarted my computer
-- Upon Loading windows after this AVG Recognized and deleted 123.com from system32 folder. I thought I was in the clear.
- After feeling good getting rid of the trojan or so I thought I went and updated AVG and Malwarebytes and I let them do Full Scans while I went to bed
- I woke up in the morning finding that AVG and Malwarebytes have found additional threats and on top of that I see AVG Resident telling me that .mbam has been infected
--- Now at work posting on here hoping to get some information on what to do next it has come up with a completely new virus; i will update this post with the name of the current one that avg has found
it just appears though that malwarebytes has been infected or something.

If anyone would post advice on what I should do next I really do not want to do a complete fresh install as I would have a ton of files to backup. I look forward to any ideas you can provide.

Thank you

Edited by neo20005, 25 July 2012 - 09:32 AM.

DRIVES nnetsvcs %SYSTEMDRIVE%\*.exe %systemroot%\assembly\GAC_32\*.ini %systemroot%\assembly\GAC_64\*.ini msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start pnrpnsp.dll nwprovau.dll nlaapi.dll napinsp.dll mswsock.dll winrnr.dll wshelper.dll services.exe atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT

#1
neo20005

Posted 25 July 2012 - 08:32 AM

Advertisements

#2
RKinner

Posted 27 July 2012 - 07:38 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us