Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

services.exe malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

services.exe malware

Unread postby calafair » December 12th, 2012, 3:43 am

I recently opened a program which contained a malware. It locked away my Windows Security Centre. I followed this Malware removal guide here: http://www.selectrealsecurity.com/malware-removal-guide but seems like none of the programs were able to get rid of the actual malware. AVG alerts me every few minutes that svchost.exe is a threat.

I've since got Windows Security Centre working. But Windows Update isn't functioning. These are the three anti-malware programs I ran. I've ran them multiple times and restarted and each time, they still detect the same problems. Any help would be appreciated! Thanks!

Malwarebytes

Files Detected: 3
C:\Windows\Installer\{287d593f-28e0-2648-82f0-7755076a5120}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{287d593f-28e0-2648-82f0-7755076a5120}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{287d593f-28e0-2648-82f0-7755076a5120}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.


TDSSKiller

13:26:57.0612 6988 Detected object count: 1
13:26:57.0612 6988 Actual detected object count: 1
13:28:03.0439 6988 C:\Windows\system32\services.exe - copied to quarantine
13:28:06.0430 6988 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
13:28:06.0450 6988 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
13:28:06.0450 6988 C:\Windows\installer\{287d593f-28e0-2648-82f0-7755076a5120}\@ - copied to quarantine
13:28:06.0465 6988 C:\Windows\installer\{287d593f-28e0-2648-82f0-7755076a5120}\L\00000004.@ - copied to quarantine
13:28:06.0470 6988 C:\Windows\installer\{287d593f-28e0-2648-82f0-7755076a5120}\L\201d3dde - copied to quarantine
13:28:06.0470 6988 C:\Windows\installer\{287d593f-28e0-2648-82f0-7755076a5120}\U\00000004.@ - copied to quarantine
13:28:06.0470 6988 C:\Windows\installer\{287d593f-28e0-2648-82f0-7755076a5120}\U\80000000.@ - copied to quarantine
13:28:06.0470 6988 C:\Windows\installer\{287d593f-28e0-2648-82f0-7755076a5120}\U\80000064.@ - copied to quarantine
13:29:03.0854 6988 Backup copy not found, trying to cure infected file..
13:29:03.0854 6988 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
13:29:03.0854 6988 C:\Windows\system32\services.exe - processing error
13:29:03.0854 6988 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure

Hitman Pro
C:\Windows\assembly\GAC_32\Desktop.ini -> PendingDelete
Size . . . . . . . : 4,608 bytes
Age . . . . . . . : 3.6 days (2012-12-07 23:13:50)
Entropy . . . . . : 3.9
> G Data . . . . . . : Win32:Sirefef-PL [Rtk]
> Ikarus . . . . . . : Backdoor.Win32.ZAccess!IK
Fuzzy . . . . . . : 119.0

C:\Windows\assembly\GAC_64\Desktop.ini -> PendingDelete
Size . . . . . . . : 6,144 bytes
Age . . . . . . . : 3.6 days (2012-12-07 23:13:49)
Entropy . . . . . : 3.4
> G Data . . . . . . : Win32:Sirefef-PL [Rtk]
> Ikarus . . . . . . : Trojan.Win64!IK
Fuzzy . . . . . . : 119.0

C:\Windows\system32\services.exe -> DeleteFailed
Size . . . . . . . : 329,216 bytes
Age . . . . . . . : 1246.3 days (2009-07-14 06:19:46)
Entropy . . . . . : 6.2
SHA-256 . . . . . :
> G Data . . . . . . : Win32:Sirefef-ZT [Trj]
> Ikarus . . . . . . : Trojan.Patched_c!IK
Fuzzy . . . . . . : 172.0
calafair
Active Member
 
Posts: 4
Joined: December 12th, 2012, 3:32 am
Advertisement
Register to Remove

Re: services.exe malware

Unread postby NonSuch » December 12th, 2012, 3:48 am

By posting just a description of your problems it is likely that your topic will be passed by and you will not receive the help you're looking for.

We need to know what's running on your computer so we can give you appropriate instructions.

May I draw your attention to THIS topic, which you should have read, and which tells you what we need you to post so that we can help you.

This topic will now be closed.

If you still need help, please start a new thread with:

  • FRST.txt
  • Addition.txt
  • Details of your problems.

If for any reason you can't run FRST, please let us know in your post.

User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware