Services.exe problem with Rustok S

vbimport

#1

Hello everyone,I’ve been having a problem with a scan i started few days ago with AVG 9.0.It founded a threat in my sistem named:C://WINDOWS/system32/services.exe - Virus identfied as Win32/Rustock.S,it wants me to restart computer so he can delete files and than he restores them back like nothing happend.The computer is running fine but AVG send me a few warnings every day.I’ve know that deleting such file will mean BSOD,but i think it is corrupted by that rootkit Rustok.S.I :bow:to everyone who helps me :).


#2

Some rootkits are extremely hard to get rid of. The only sure method is to reformat and reinstall the operating system. This is why you need to have a method of making backup images of the operating system hard drive…saves a lot of grief when this sort of thing happens.

Save data first if you can.


#3

Have you tried this… http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en


#4

Rustock --> Rootkit.
Only [I]reliable [/I]solution: Flatten and rebuild. http://technet.microsoft.com/en-us/library/cc512587.aspx

Michael


#5

there has to be some other solution than format disk,my comp works fine,i mean arent there some rootkit removers?

I DONT WANT TO FORMAT MY HDD


#6

post #3


#7

[QUOTE=~Jethro~;2473722]post #3[/QUOTE]

You can also try: http://www.malwarebytes.org/


#8

yes i used windows malicious software removal tool and it found only one threat removed it and thats it


#9

How many threats do you have? You only talked about the one.


#10

i do have one jethro and i am concerned that it will delete some core system32 files that will mean format


#11

If you ran the MS tool and it removed it, it is gone correct? Does your AV (anti-virus) still find it?


#12

yes my AVG still finds it


#13

What options does AVG give you? Isn’t there some sort of “quarantine” available? I’m not up to date with anti- spyware/malware/virus programs. One of the perks of using Linux. :slight_smile: :slight_smile:


#14

I’m going to repeat this: the only sure method of securing your computer is to wipe the hard drive and reinstall. Some rootkits are beyond what the regular antivirus programs can handle.

What you [B]could[/B] do is download HijackThis and post the log at a site like bleepingcomputer.com. Read their guide here: http://www.bleepingcomputer.com/forums/topic34773.html before trying to post a HijackThis log.


#15

AVG said that he healed all of the infections and that they were placed under virus vault but they are not there and when i perform a scan he again shows the same infections.