Services.exe problem with Rustok S



Hello everyone,I’ve been having a problem with a scan i started few days ago with AVG 9.0.It founded a threat in my sistem named:C://WINDOWS/system32/services.exe - Virus identfied as Win32/Rustock.S,it wants me to restart computer so he can delete files and than he restores them back like nothing happend.The computer is running fine but AVG send me a few warnings every day.I’ve know that deleting such file will mean BSOD,but i think it is corrupted by that rootkit Rustok.S.I :bow:to everyone who helps me :).


Some rootkits are extremely hard to get rid of. The only sure method is to reformat and reinstall the operating system. This is why you need to have a method of making backup images of the operating system hard drive…saves a lot of grief when this sort of thing happens.

Save data first if you can.


Have you tried this…


Rustock --> Rootkit.
Only [I]reliable [/I]solution: Flatten and rebuild.



there has to be some other solution than format disk,my comp works fine,i mean arent there some rootkit removers?



post #3


[QUOTE=~Jethro~;2473722]post #3[/QUOTE]

You can also try:


yes i used windows malicious software removal tool and it found only one threat removed it and thats it


How many threats do you have? You only talked about the one.


i do have one jethro and i am concerned that it will delete some core system32 files that will mean format


If you ran the MS tool and it removed it, it is gone correct? Does your AV (anti-virus) still find it?


yes my AVG still finds it


What options does AVG give you? Isn’t there some sort of “quarantine” available? I’m not up to date with anti- spyware/malware/virus programs. One of the perks of using Linux. :slight_smile: :slight_smile:


I’m going to repeat this: the only sure method of securing your computer is to wipe the hard drive and reinstall. Some rootkits are beyond what the regular antivirus programs can handle.

What you [B]could[/B] do is download HijackThis and post the log at a site like Read their guide here: before trying to post a HijackThis log.


AVG said that he healed all of the infections and that they were placed under virus vault but they are not there and when i perform a scan he again shows the same infections.