Jump to content

Virus/Malware Removal Problem

Recommended Posts

First had AntiVirus Pro 2010 bug. Performed the following:

- Ran Symantec AV that found Trojan.Generic.2419540 & Packed.Generic.235 in


- Downloaded and ran Malwarebytes that found Rootkit.Rustock & Hijack.WindowsUpdates in Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\drivers\Null.SYS (Rootkit.Rustock) -> Quarantined and deleted successfully

Problem is that nothing has actually been removed and only able to start up in Safe Mode or Safe Mode with Networking. Tried CounterSpy and on install received "the system administrator has set policies to prevent this installation" error, even though logged on with an account with full admin priviledges. Same with various other free virus/malware removal utilities. Ran VIPRE online scan overnight, and nothing was found. We tried AVG8.5 and it fails to properly install. Ran Hijack This and nothing looked out of the ordinary.

Need solution to remove these problems aside from reformatting/reinstalling WinXP. Any help is greatly appreciated. I also posted this in the General Chat forum.

Link to post
Share on other sites

Welcome To Malwarebytes! Follow these instructions to get you fixed up! [b]Please! don't post the same post the General Chat forum.

follow these instructions & post it in the HiJackLog Forum please

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Note: There very busy in HiJack forum, it may take a day or two! regards...

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.