Avast WEBforum

Other => Viruses and worms => Topic started by: skipai on July 20, 2012, 01:06:40 PM

Title: SVC: swcustcfg > ???
Post by: skipai on July 20, 2012, 01:06:40 PM

Hi  :)

Avast is telling me that it has detected the following rootkit: SVC: swcustcfg > ???

Cannot delete or move to chest. Comes up with: Error: Error 0xA0000101. (-1610612479)

Any help would be much appreciated.

BTW I'm running Telstra bigpond wireless 4G and windows 7.

Regards, skipai

Title: Re: SVC: swcustcfg > ???
Post by: DavidR on July 20, 2012, 01:15:30 PM

For information only (don't apply any fixes, etc. they are unique), see this old topic on the same detection, http://forum.avast.com/index.php?topic=90891.0 (http://forum.avast.com/index.php?topic=90891.0).

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 20, 2012, 01:43:37 PM

Unable to post as files are too large even though they are under 150k?

Cheers

Title: Re: SVC: swcustcfg > ???
Post by: DavidR on July 20, 2012, 02:40:18 PM

The cumulative total also comes into it max 192KB - If they won't go collectively try individual.

If that is still a problem, you can use a file sharing site such as Mediafire.com - Upload to http://www.mediafire.com/ and post the sharing link.

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 21, 2012, 06:23:59 AM

Extra :

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 21, 2012, 06:25:54 AM

OTL:

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 21, 2012, 06:27:35 AM

Funny, I did the same thing as last night and it worked fine this time.

What other data do you need? This is all confusing to me as I'm no computer wiz lol.

Cheers

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 21, 2012, 06:40:17 AM

aswMBR:

Title: Re: SVC: swcustcfg > ???
Post by: Pondus on July 21, 2012, 07:04:26 AM

it seems you have avast and Symantec/Norton installed

never install multiple AV as this can give all kind of mysterious windows errors and false positive detections
you
so you have to remove one

run and reboot - Uninstallers – Security Software  http://singularlabs.com/uninstallers/security-software/

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 21, 2012, 07:30:24 AM

Cool as! I have attempted to remove Norton before with no joy. That tool done the job!

Cheers!

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 21, 2012, 07:32:33 AM

Just ran Avast and it appears the Infected file is still their!

Any suggestions?

Title: Re: SVC: swcustcfg > ???
Post by: Pondus on July 21, 2012, 08:02:31 AM

Quote from: skipai on July 21, 2012, 07:32:33 AM

Just ran Avast and it appears the Infected file is still their!

Any suggestions?

malware removers are notified......may take several hours before one arrive, so be patient

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 21, 2012, 12:22:08 PM

No worries mate  :)

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 22, 2012, 07:10:12 AM

Bump  :-\

Title: Re: SVC: swcustcfg > ???
Post by: essexboy on July 22, 2012, 12:41:44 PM

Hi that file is related to ZeroCD Sierra Wireless and I have come across this before, it is a false positive. 

What it is, is that the registry data give a null value and that raises a red flag to Avast

If it is coming up on the rootkit scan then set it to ignore

The logs look clean

Title: Re: SVC: swcustcfg > ???
Post by: skipai on July 22, 2012, 12:55:51 PM

Ok thanks mate!