Win32:fasec found in temp..

[haydyb123]

I saw the alert, and clicked delete imeadiately; i'm now paranoid as to whether or not this trojan has been removed from my computer, so now i am running scans from: Avast, Windows Defender, Trojan Remover, AVG, I'm doing a thorough scan with avast so it may take a long duration of time to scan my entire computer. However Windows defender hasn't found anything, AVG hasn't found anything, and Trojan remover hasn't found anything, which would suggest that the registry hasn't been altered? I Have deleted temporary internet files etc. from both of my my browsers (IE and Mozilla) should i just delete my C:/Windows/Temp file? or what do you people suggest? I have inserted a picture of my log to show you exactly where it is etc. And i desire your opinion on the matter, thanks in advance.

[haydyb123]

Also could someone possibly tell me what the Trojan "Win32:Facec" actually does? thanks again

[Lisandro]

I think you're clean. But, if you want to follow the general cleaning procedure, I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

Are you using AVG and avast at the same time?

[haydyb123]

Thank you; i have no idea as to how this trojan invaded my computer as i have not downloaded anything opened emails etc. i just got a random alert this morning and have been anxious ever since, thanks for your advice i will probably take appropriate measures to secure my computer. I'm just pondering why you think i'm clean? (If you don't mind the hassle)

[Lisandro]

I'm just pondering why you think i'm clean? (If you don't mind the hassle)

Because you've sent the infected file to avast Chest...

[haydyb123]

I deleted, i didn't send to chest.

[Lisandro]

I deleted, i didn't send to chest.

It's the same...
It's better send to Chest for further analysis than direct removal (can avoid false positive detections).

[haydyb123]

so you think my computer is completely ridden of this trojan?

[Lisandro]

so you think my computer is completely ridden of this trojan?

Did you follow the steps I've posted before? If so, I'll be in peace

[nanakisan]

Thanks for the information.
I just discovered the little squirt on my system and are now hitting it with trend micros scanner.
the avast rootkit scanner did not work
kept saying unable to open disk space C:

all attempts to move file to avasts vault make another alert come on.

the name of virus identified is Win32: Fasec [trj]

threatexpert.com also seems to have discovered a variant of the file
heres their research page.

http://www.threatexpert.com/report.aspx?md5=3f3c62c108adb354fed5caa14e7ff25a

i'm now i nthe process of following Tech's suggestions for clearing my system
thanks for posting them Tech

[Lisandro]

i'm now i nthe process of following Tech's suggestions for clearing my system
thanks for posting them Tech

You're welcome... but the better will be posting the results. We want your computer clean

[nanakisan]

hello again.

I managed to kill the virus

however
avast failed completely to get rid of it.
so i have removed avast
sorry.

anyway i've compiled a list in getting rid of this particular virus

you will require knowledge of shutting off the super hidden files setting on win XP in order for this to work

first off
after you do that go into regedit and do a search on the exact word
boot.com

this will bring up a folder in the mountpoints2 key in the registry
look for each key that has the exact command set
shell
autoplay
autorun
open
any of those you see em with
erase the entire key

you have now killed the viruses only way of replicating itself

now
go to each frive you had inserted durring the infection
this mean thumb drives and external HD's
look for a un-hidden folder named
resycled

erase it

it will return but boot.com won't

now comes the measure of killing the autorun.inf files
go into safemode and locate auto run files with 1 kb in size on the root folder or drive letter folder of each drive and erase them

now they can't self replicate themselves

after that
boot normally and run a scan for malware and trojans
if it finds anything
kill them and run ccleaner to complete registry cleaning

good luck