C:\Windows\System32\drivers\smb.sys

Hi

I've gone through the malware removal guide up to step 4 but AVG is still popping up telling me I have Trojans in System32 and it can't do anything about the smb.sys one. I havent had the internet for a few weeks and as soon as I got internet access at home these things kept on popping up. Just before I lost internet access I downloaded some games a few of which never worked, that's the only place I can think it would have come from but I've never had a problem before.

I've attached 3 of the 4 files but the Hitman Pro log says it's an invalid file so I've had to paste it below

<?xml version="1.0"?>
-<Log filesProcessed="18020" timeSpentInSecs="292" date="2012-07-04T18:33:00" version="3.6.0.160" scan="Normal" computer="HOME-PC">-<Item status="None" score="119.0" malwareName="Malware" type="Malware">-<Scanners><Scanner name="Gen:Variant.Barys.2378 (Engine A)" id="G Data"/><Scanner name="Trojan.Hosts.5758" id="DrWeb"/><Scanner name="Trojan.ZeroAccess!IK" id="Ikarus"/></Scanners><File hash="C24D0F2ADF13FC5AC12F3EACD3D155AE368CD542BFA6CAF1A958DAD0C596A359" path="C:\Windows\system32\drivers\smb.sys"/></Item></Log

Thanks a lot for any help.

 

Welcome to MajorGeeks, mooth

Let HitmanPro Replace this detection.
Then rescan with HitmanPro and attach the latest log. You need to attach it as a .zip as the forum does not allow .xml. This is explained in the instructions on how to obtain the log.

Reviewing the rest of your logs now.

 

From Programs and Features (via Control Panel), please uninstall the below:

• AVG 2012
• Java(TM) 6 Update 31
• Java(TM) 7 Update 4
• Java(TM) SE Development Kit 7 Update 2

__

Please download and run AVG Remover

__

Please download and run ComboFix and attach its log.
Read these instructions on how to use it: How to use ComboFix
Do not uninstall ComboFix yet as we may need it to fix remaining malware issues.

 

I did what you said but combofix sat doing nothing for ages, it said it was scanning and would normally take ten minutes but could easily take double but I left it for 40 minutes and it didn't say anything else and now my recycle bin keeps telling me it's corrupted for some reason.
I've attached the HitmanPro log, I don't seem to be having any problems but it's not been that long.
Why have I got rid of AVG?

 

Did you uninstall AVG?
The reason I requested this is to increase the chance of ComboFix running successfully.

__

Try deleting these manually:

• C:\ProgramData\Ask <-- Folder
• C:\Windows\$NtUninstallKB14204$ <-- ZeroAccess folder

__

Let me know if you were successful or not and then experiment with the PC some more and let me know if there are any other problems.

 

I did uninstall AVG. I deleted Ask but I couldn't delete $NtUninstallKB14204$ but it seems to have been on my computer for ages. ComboFix still didn't run but it's been a few days now and I havn't had any problems so it looks like it's fixed.

Thanks

 

I understand the computer is working fine but that folder is actually a trace of ZeroAccess. These types of folders do not belong on Vista/7 computers.

Here is the recommended action:

Please download BlitzBlank to your desktop.

• Double-click BlitzBlank.exe to open (Vista/7 right-click and select Run as Administrator)
• Press OK at the warning prompt.
• Click the Script tab
• Copy the text inside the code box below and paste it into the text-field.

Code:

[COLOR="DarkRed"]DeleteFolder:[/COLOR]
C:\Windows\$NtUninstallKB14204$

• Now click the Execute Now button.
• The fix will require a reboot in order to complete successfully.
• Upon reboot, locate C:\blitzblank.log and attach this log to your next message. (How to attach)