Jump to content

Change Mode

Trojan in Restore


Stu1407

Recommended Posts

Keep getting the same 3 trojans after every daily AVG scan.

 

"";"G:\System Volume Information\_restore{1283C4C2-5C9F-4160-B9A2-AC1BC36A6A58}\RP1211\A0206835.exe:\SIMEMB.000:\100";"Trojan horse Generic2_c.BPWJ";"Object is inaccessible."

 

"";"G:\System Volume Information\_restore{1283C4C2-5C9F-4160-B9A2-AC1BC36A6A58}\RP1211\A0206835.exe:\SIMEMB.000";"Trojan horse Generic2_c.BPWJ";"Object is inaccessible."

 

"";"G:\System Volume Information\_restore{1283C4C2-5C9F-4160-B9A2-AC1BC36A6A58}\RP1211\A0206835.exe";"Trojan horse Generic2_c.BPWJ";"Object is inaccessible."

 

I have deleted every restore point on the system and restore off and still AVG detects it.

 

Any help appreciated.

Link to post
Share on other sites

Try this, download > http://majorgeeks.co...ware_d5756.html and save it to your desktop. Run the program like this:

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location and copy/paste the results back here.

 

 

 

 

:geezer:

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.14.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Parent :: TOSH [administrator]

Protection: Enabled

14/04/2012 08:48:41

mbam-log-2012-04-14 (08-48-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194443

Time elapsed: 16 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hopefully you still had System Restore turned off, now go back and turn System Restore back on and create a restore point. Then you should download DDS from here > http://download.blee...om/sUBs/dds.scr and save it to your desktop. Disable any script blocking protection > http://forums.whatth...ms_t96260.html`

Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).

When done, DDS.txt will open.

After a few moments, attach.txt will open in a second window.

Save both reports to your desktop.

Please post the contents of your Malwarebytes log and the DDS.txt and Attach.txt logs in a thread that you start here: http://forums.pcpits...been-hijacked/`

 

Please wait for help there from one of our Trusted Malware Techs, they are fairly busy but will get you fixed up.

 

 

 

 

:geezer:

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...