Jump to content

Cannot delete Trojan.Unruy


Recommended Posts

I have been working on this issue for three weeks, Malwarebytes deletes the two files on reboot, but it keeps re-creating itself in the same place. anyone have a clue on what file is the real file to delete?

Hello, I have problem in one of my computer in removing svchost.exe (Trojan.Unruy) & smss.exe (Trojan.Unruy) :welcome: . I tried to removed it and use FileAssassin as well, reboot it few times, but those files remain there. I hope that you can help me. Thank you so much. :)

below i copy paste the mbam-log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4141

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/25/2010 8:32:07 AM

mbam-log-2010-05-25 (08-32-07).txt

Scan type: Quick scan

Objects scanned: 159641

Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe (Trojan.Unruy) -> Failed to unload process.

C:\System Volume Information\_restore{d5fffa500b1b}\smss.exe (Trojan.Unruy) -> Failed to unload process.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe (Trojan.Unruy) -> Delete on reboot.

C:\System Volume Information\_restore{d5fffa500b1b}\smss.exe (Trojan.Unruy) -> Delete on reboot.

Post split into new topic by moderator.

Link to post
Share on other sites

  • Staff

Hi,

Do you have your Windows CD?

Because we will need the Recovery console.

If you have used Combofix before, the Recovery Console is already installed by default.

If not, please see here how to install the Recovery Console:

http://www.bleepingcomputer.com/tutorials/tutorial117.html

Once the Recovery Console is installed...

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"

(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)

RC_BootMenu.gif

RConsole_A.png

When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter

RConsole_Fixmbr.png

Next type FIXMBR

RConsole_FixmbrB.png

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

Then, after reboot, rescan with Malwarebytes and let it remove what it finds. This time, it shouldn't come back anymore. Please let me know.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.