Services.exe terminated unexpectedly- malware removing repair tools executables

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rainman55, Oct 21, 2009.

  1. rainman55

    rainman55 Private E-2

    I am having an issue with my computer where my MacAfee AV will not scan. So I started looking for malware and am following your UG. The issue I was having was at boot time, the "windows\system32\services.exe terminated unexpectedly. The system will now shutdown and restart" message was being displayed and then it would not shut down.

    I then powered off my machine, booted to safe mode.

    I ran msconfig, then changed to Normal Startup mode. Rebooted with no shutdown message.

    I have tried running superantispyware and it runs, found 6 items, 5 trojans, 1 browser hijacker, i followed the steps and it cleaned them then rebooted.

    At reboot, the shutdown message occurred again.

    I booted back to safe mode and trying to get the log from superantispyware, I get the message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access." So I don't have a log.

    I then try to run Malwarebytes Anti-Malware. I run the setup and launch it, when it starts to scan, the window goes away. The executable is no longer in the task manager. I even re-installed it, changed the name of the installed executable in the program files directory and it still has the same result. When I click on the exe in the directory I get the above "cannot access" error.

    I am not sure what to do at this point and any help you can provide would be greatly appreciated! Thanks in advance.
     
    rainman55, Oct 21, 2009
    #1
  2. rainman55

    rainman55 Private E-2

    Hello again.

    I finally was able to get one of the malware removal apps to run. Combofix detected rootkit activity and rebooted and removed something.

    I have since been able to run superspyware- it removed some trojans.
    Malwarebytes antimalware found nothing.

    attached are the logfiles for combofix, rootpeal, malewarebytes and hijack this.

    my computer is now slow- specifically anything having to do with windows explorer- it takes about 2 minutes or so to update the window. Applications that allow you to browse to save a file (eg. notepad) take just a long to see the files/directories in the drop down list.

    any help you can provide will be great!

    Thanks!
     

    Attached Files:

    rainman55, Oct 22, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    First you need to download ComboFix to your desktop. You should not be running it from here:
    d:\setup\Malware removal\rsw-cf.exe

    Next you need to run MGTools and attach the log that will be created.
    MGtools
    C:\MGLogs.zip.
     
    TimW, Oct 24, 2009
    #3
  4. rainman55

    rainman55 Private E-2

    Tim,

    Thank you for the response.

    Attached are the new logs.


    I do want to note that the reason things were slow in windows explorer seems to be because the Windows Image Acquisition (WIA) was in a "Starting" state- it would not stop. I disabled this service and the system seems to work fine, but I am concerned that some files may have been damaged by the rootkit.

    Ray
     

    Attached Files:

    rainman55, Oct 26, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your files. You do have a little cleaning to do.

    Please use add/remove programs to uninstall:
    Java 2 Runtime Environment, SE v1.4.2_15"
    Java(TM) 6 Update 11"
    Java(TM) 6 Update 3"
    Java(TM) 6 Update 5"
    Java(TM) 6 Update 7

    Now use windows explorer to find and delete:
    C:\Documents and Settings\All Users\Application Data\AVG9
    C:\Program Files\AVG
    C:\WINDOWS\system32\REVJELPF

    Reboot, run CCleaner and then download and install:
    Java Runtime 6

    You should post in the software forum for assistance with your issue of slowness.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Oct 28, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds