Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need some help about this Trojan Horse


  • Please log in to reply

#1
neo20005

neo20005

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I am running Windows 7 32bit, and I have encountered Trojan Horse Generic28.auqh

When I first encountered this problem it seemed to late to just run a simple virus scan and fix it as it had infected system32 the file services.exe

I have AVG and MalwareBytes

Avg recognized that Trojan Horse Generic28.auqh was infecting services.exe under system32 but could do nothing about it.
Malwarebytes didn't do a [bleep] thing probably because the virus was telling it everything was alright even if I tried to do updates on both programs.

To get rid of Trojan Horse Generic28.auqh on the system32 file services.exe I took the following steps:

- Booted into safe-mode with networking
- I would of cancelled or stopped any programs in the task manager but none were appearing that seemed like virus only like 4 vital processes
- I proceeded too then go to the C: directory under that I went into windows and the folder Winsx and Copied the Services.exe from there
- I then pasted the Services.exe under C: in no particular folder right under the drive and then navigated to the windows\system32 folder
- I renamed services.exe under system32 to 123.com
- I then went to command prompt and copied over services.exe from the C: drive to the system32 folder and restarted my computer
-- Upon Loading windows after this AVG Recognized and deleted 123.com from system32 folder. I thought I was in the clear.
- After feeling good getting rid of the trojan or so I thought I went and updated AVG and Malwarebytes and I let them do Full Scans while I went to bed
- I woke up in the morning finding that AVG and Malwarebytes have found additional threats and on top of that I see AVG Resident telling me that .mbam has been infected
--- Now at work posting on here hoping to get some information on what to do next it has come up with a completely new virus; i will update this post with the name of the current one that avg has found
it just appears though that malwarebytes has been infected or something.


If anyone would post advice on what I should do next I really do not want to do a complete fresh install as I would have a ton of files to backup. I look forward to any ideas you can provide.

Thank you

Edited by neo20005, 25 July 2012 - 09:32 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP