Jump to content

Worm.AutoRun


Recommended Posts

Hello,

I've run across a problem. I'm getting an identification of Worm.AutoRun on full scans. When I tell it to clean and reboot, it either is still there or comes back within one or two reboots. The file being identified is C:\Windows\System32\utorrent.exe. I've scanned the computer with Avira, AVG, Bitdefender and a couple of other utilities and they find nothing. The problem is, it keeps coming back. We're pretty sure that the thing is an infection and not a false positive, because if you create a file utorrent.exe and try to copy it into C:\Windows\System32 you get an access denied error. We can't see the file in Explorer, or using a BartPE disk or Linux System Rescue CD, yet we keep being told it's there by Malwarebytes'. Hooked the hard drive into another computer and it now scans with the same Worm.AutoRun. Any suggestions, other than nuke from orbit and scrub to bare metal?

Link to post
Share on other sites

Welcome to Malwarebytes! To get you fixed up please follow the instructions below: Note there busy in the HiJackForum, it may take a day or two.

follow these instructions & post it in the HiJackLog Forum please

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Link to post
Share on other sites

The HiJack Forum, has more tools than you can believe. Your best bet would be to follow the instructions for the HiJackLogThis Forum... and see what they can do. You will be downloading tools the helper needs and you will be working with him.... If I needed a HJK forum to go to. It would be this one. Did I answer all your questions? post back with any comments. regards.

EDIT: ComBofix is just 1 tool out of 15 more + they have. Its a good tool. But they have more...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.