Another services.exe problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by dimlight, Aug 1, 2007.

  1. dimlight

    dimlight Private E-2

    Hello everybody. I would like to request some assistance in the removal of my adware. I have read the posting guide and did all of them carefully and double-checking the instructions. I have also referred to posts by users facing similar problems and could not seem to find a solution to my problem. I would be extremely grateful for help offered.

    Here's the nature of my problem:
    Services and Controller app pops up constantly with this error;
    saAppname: Services.exe
    szApp ver: 5.1.2600.2180
    sz ModName: unknown
    szModver: 0.0.0.0
    Offset: 0.0995592

    This is followed by a shutdown message that turns off my computer after the time is up.

    I read the instructions to clear my virus vault and I did, but while I was gathering the information required for this posting, my AVG antivirus popped up with the following virus alerts, which I have left in the quarantine zone. Each one of these viruses popped up and prompted me for action in a flurry of about five times.

    Trojan Horse Downloader.Generic5.KOE
    Path: C:\System Volume Information\_restore{1381ED3-7DOE-4C41-AC98-AA6E1D33C025}\RP51\A0012032.exe

    Trojan Horse Downloader.Agent.PMD
    Path: C:\System Volume Information\_restore{1381ED3-7DOE-4C41-AC98-AA6E1D33C025}\RP52\A0015068.exe


    I am unsure of the next course of action. Thanks.
     

    Attached Files:

    dimlight, Aug 1, 2007
    #1
  2. dimlight

    dimlight Private E-2

    the remainder of my details
     
    dimlight, Aug 1, 2007
    #2
  3. dimlight

    dimlight Private E-2

    forgot the attachments
     

    Attached Files:

    dimlight, Aug 1, 2007
    #3
  4. dimlight

    dimlight Private E-2

    and the BDscan
     

    Attached Files:

    dimlight, Aug 1, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You may have a form of a Rustock rootkit.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Check the 'Input script manually' box.
    • Click on the magnifying glass icon.
    • Copy everything in the Quote box below, and paste it in the box that opens:
    • Now click the 'Done' button.
    • Click on the traffic light icon and OK the prompt.
    • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt


    Now please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.


    Now attach the below new logs and tell me how the above steps went.

    1. Avenger
    2. GetRunKey
    3. ShowNew
    4. HJT


    Make sure you tell me how things are working now!
     
    chaslang, Aug 1, 2007
    #5
  6. dimlight

    dimlight Private E-2

    Wow, a quick and prompt reply, and just at the time I really needed. Thanks again chaslang, i know you malware troubleshooters are really busy, so I really appreciate it. Here are the updated files.
     

    Attached Files:

    dimlight, Aug 1, 2007
    #6
  7. dimlight

    dimlight Private E-2

    and this is the runkey log
     

    Attached Files:

    dimlight, Aug 1, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay is there any change to your problem?
     
    chaslang, Aug 1, 2007
    #8
  9. dimlight

    dimlight Private E-2

    It appears to be fine now. I followed up with turning off system restore, but there was no prompt to restart it. So after I manually restarted it. Hope that will do.

    I will repost in this thread if problems persist. You're very helpful:)
    Is there any follow-through that I must perform? Like a thorough system rescan.
     
    dimlight, Aug 1, 2007
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Yes! The below (part of which you already did with System Restore).

    If you are not having any other malware problems, it is time to do our final steps:
    1. Uninstall CounerSpy now since we are finished.
    2. If we had you run Avenger, you can delete all files related to Avenger now.
    3. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    4. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    5. After doing the above, you should work thru the below link:
     
    chaslang, Aug 1, 2007
    #10
  11. dimlight

    dimlight Private E-2

    Have cleared all the apps. And I will definitely return to this site to educate myself on how to protect my pc now that I realize how much trouble it can cause me.
     
    dimlight, Aug 1, 2007
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Don't delay on working thru all steps in the How to protect yourself link. You don't have proper protection in place.
     
    chaslang, Aug 1, 2007
    #12
  13. dimlight

    dimlight Private E-2

    As a matter of fact I'm on it right now. I never realized most of this stuff.
    Sorry for flooding the forums. I realize that there are others out there with unresolved problems.
     
    dimlight, Aug 1, 2007
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Good deal! ;)

    That is way we wrote the information in that link. Many people don't know all of that.
     
    chaslang, Aug 1, 2007
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds