We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Windows/Services.exe Trojan (can't delete - need help)

Options
124

Comments

  • sweetdaisy
    sweetdaisy Posts: 1,249 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    Right, I have downloaded Combo Fix and it is scanning for infected files (using a different computer to write this as not able to access internet on my computer while it's scanning).

    So far it has completed Stage 4 of scanning and says that it normally takes 10 mins to scan, but for badly affected machines the time can easily double. However, the scan is still going 50 minutes later!

    Is this normal, should I keep it going or turn it off?
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Leave it a while longer. You can check to see if it's still running by opening Task Manager (Ctrl+Shift+Esc)

    You'll see *.3XE processes running under Image Name and there will be fluctuations in CPU usage from them.
  • sweetdaisy
    sweetdaisy Posts: 1,249 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    waddler_8 wrote: »
    Leave it a while longer. You can check to see if it's still running by opening Task Manager (Ctrl+Shift+Esc)

    You'll see *.3XE processes running under Image Name and there will be fluctuations in CPU usage from them.

    The name that is displayed in task manager is: Administrator: Autoscan. CPU usage is fluctuating around 9-11%.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    It's still running - Is it still at stage 4?
  • sweetdaisy
    sweetdaisy Posts: 1,249 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    waddler_8 wrote: »
    It's still running - Is it still at stage 4?

    Yes, there doesn't seem to be any progress :(.

    Update: it has just gone to stage 5.
  • sweetdaisy
    sweetdaisy Posts: 1,249 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    It went up to stage 50 (seems that Stage 4 must have been a problem area?), then started deleting some files and then automatically rebooted my computer.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    The log should be produced soon then.
  • sweetdaisy
    sweetdaisy Posts: 1,249 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    edited 18 April 2014 at 7:38AM
    Thanks for putting up with me :rotfl:. Here is the Combofix log:

    (deleted as now fixed)
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    There'll be a folder at the root of your C: drive called qoobox. In there there will be a file called ComboFix-quarantined-files.txt. Post the contents of that. You can re-enable AVG now if you haven't already.
  • sweetdaisy
    sweetdaisy Posts: 1,249 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    edited 13 April 2014 at 8:48PM
    waddler_8 wrote: »
    There'll be a folder at the root of your C: drive called qoobox. In there there will be a file called ComboFix-quarantined-files.txt. Post the contents of that. You can re-enable AVG now if you haven't already.

    Thanks. AVG now enabled and here is the Combofix quarantined files.txt (deleted)
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture