Nasty malware -can't figure out how to kill it

Discussion in 'malware problems & news' started by Victek, Mar 5, 2010.

Thread Status:
Not open for further replies.
  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,721
    Location:
    USA
    Today I worked on an infected system and after scanning with MBAM and Hitman Pro there remained a trojan in this location:

    C:\Users\All Users\Start Menu\Programs\Startup\uninstall.exe

    AVG resident auto-protect continually removed it, but it would immediately re-spawn. I also deleted the file in SAFE mode, but it just comes back. Any idea how to remove this?
     
  2. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Last edited: Mar 5, 2010
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,502
    Boot from a Rescue CD such as AVIRA and/or Kaspersky, scan the hard drive and clean any Malware detected.
     
  4. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    do you empty system restore after removing threat
     
  5. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Could be an autorun worm?

    Try step 2 at the link below.
    My Antispyware
     
  6. biscuits

    biscuits Registered Member

    Joined:
    Feb 16, 2010
    Posts:
    112
    Hi victek123,

    Has your problem been solved?
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,721
    Location:
    USA
    .
    AVG identifies the trojan as:

    BackDoor.Generic11.ASWZ
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,721
    Location:
    USA
    .
    Yes, System Restore was turned off to erase all restore points.
     
  9. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.