Windows/Services.exe Trojan (can't delete - need help)

waddler_8

C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir

Combofix got it & quarantined it - along with other ZeroAccess files.

Open Malwarebytes, update it (update tab > check for updates). Then run a Quick scan - Let me know if it detects anything - if it does, post the log.

sweetdaisy

waddler_8 wrote: »

Combofix got it & quarantined it - along with other ZeroAccess files.

Open Malwarebytes, update it (update tab > check for updates). Then run a Quick scan - Let me know if it detects anything - if it does, post the log.

:j Just did a Malwarebytes scan - nothing detected :j

Just want to say a big THANK YOU for all your help (you deserve to have more stars against your name!).

How often would you recommend that I do Malwarebytes and AVG scans? In future, if I should have another Trojan that can't be deleted by AVG, do I go straight to ComboFix?

waddler_8

sweetdaisy wrote: »

Just want to say a big THANK YOU for all your help

No problem.

I'll answer your other questions soon, but first we need to uninstall combofix & then update a couple of programs to make you computer safer.

Open a Run command box. (Start > Run or Windows key + R on your keyboard) and copy/paste this command in:

ComboFix /uninstall

Note the space between ComboFix and /uninstall , it needs to be there.

Click OK

let combofix uninstall itself.

Let me know when you've done that successfully.

sweetdaisy

waddler_8 wrote: »

No problem.

I'll answer your other questions soon, but first we need to uninstall combofix & then update a couple of programs to make you computer safer.

Open a Run command box. (Start > Run or Windows key + R on your keyboard) and copy/paste this command in:

ComboFix /uninstall

Note the space between ComboFix and /uninstall , it needs to be there.

Click OK

let combofix uninstall itself.

Let me know when you've done that successfully.

Thanks. ComboFix has now been uninstalled.

waddler_8

Java(TM) 6 Update 29

Uninstall & update that. Java is one of the most targeted programs there is.

http://java.com/en/download/index.jsp

How often would you recommend that I do Malwarebytes and AVG scans?

I wouldn't run full scans with AVG too often, say once a month or so if you feel the need - as you've seen, it can take a very long time. It has a realtime guard (what alerted you to services.exe being infected in the first place), so anything that tries to execute or runs in memory should be detected by that. Personally I hardly ever run a scan with my AV - I rely on the realtime guard to warn me of anything - If it did, then I would run a scan.

Malwarebytes you can run a quick scan as often as you'd like - say once a week or so, or any time you feel it's justified - Just make sure you keep it updated & update it before a scan.

In future, if I should have another Trojan that can't be deleted by AVG, do I go straight to ComboFix

No. As you've seen combofix is pretty specialised & targets some nasty & hard to remove infections. If you were to have problems when running it, it may be hard to recover from them without knowing what was affecting the machine first. It's far better to ask here, then we can get diagnostic logs (DDS etc) before deciding if combofix should be used.

http://www.bleepingcomputer.com/forums/topic273628.html

sweetdaisy

Thank you for all your advice and support :A.

waddler_8

No problem - Anytime.