02-21-2012 09:35 PM
First it was TROJ_SPNR.24B012 that my TM could not get rid of, it kept removing it and it would reappear on different locations, TM would ask me to restart the computer most of the times until it finally it is not detecting it. Now is TROJ_ZACCESS.CQJ…same thing is happening , TM keeps detecting it, removing it and asking me to restart computer…I lost track of how many times I had to restart computer yesterday until it finally seemed to be gone. After TM was not giving me new warnings of finding and deleting it , I did a full scan to my computer with trend micro “twice” and nothing came up. I was finally able to use the computer for the rest of the night with no new warnings of virus, but then today when I turn on the computer TM is detecting it again. Why can’t TM remove it? I have attached a copy of my most recent log report. Please help.
Solved! Go to Solution.
02-21-2012 09:40 PM - edited 02-21-2012 09:49 PM
This is a new varient of sirefef infection which is tad nasty...
Download OTL to your Desktop.
C:\Program Files\Common Files\ComObjects\*.* /s
Download aswmbr.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan.
Click the [Scan] button to start scan
On completion of the scan click [Save log], save it to your desktop and post in your next reply.
02-21-2012 09:56 PM - edited 02-21-2012 09:57 PM
02-21-2012 10:03 PM
when trying to download OTL got a TM message window saying website can transmit malicious software or something about frauds and scams. Do I have to dissable TM to be able to download it? and also once downloaded do I run it while tren micro is on or do i disable it?
02-21-2012 10:03 PM - edited 02-21-2012 10:04 PM
yes disable TM..and bypass the warning.better if TM is disabled even while running it.
02-21-2012 10:46 PM - edited 02-21-2012 10:48 PM
Hi malware injected itself into netbt driver.....
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
ervicePackFiles\i386\netbt.sys /replace ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot]
Download ComboFix from the any of the locations given in this website:
02-21-2012 11:11 PM - edited 02-21-2012 11:12 PM
Looks good....Continue with combofix and attach the log.