Author Topic: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen  (Read 10549 times)

0 Members and 1 Guest are viewing this topic.

Offline bdp1971

  • Newbie
  • *
  • Posts: 18
I downloaded Avast the other day to assist me in cleaning up my laptop.  Everything went well except for the infamous services.exe error.  After reading numerous posts on the net about how to "fix" my problem, I figured it only best to outsource my problems to the team who helped clean up everything else!!!  Hopefully once I'm over this hump, I'll be home free!?!

I've followed the steps in http://forum.avast.com/index.php?topic=53253.0 and am attaching the appropriate log files...

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #1 on: March 23, 2013, 07:42:39 PM »
do you also have the aswMBR log?


Offline bdp1971

  • Newbie
  • *
  • Posts: 18
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #2 on: March 23, 2013, 07:47:19 PM »
No not yet because the topic told me not to run it until I post these first.  I'm about to do it now.  In the meantime, here's the extras file...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #3 on: March 23, 2013, 07:51:56 PM »
Hi I see you have combofix on the system .. Please delete that copy

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McProxy)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNASvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNaiAnn)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcmscsvc)
SRV:64bit: - File not found [Auto | Unknown] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV - [2012/06/14 13:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Users\Dante\AppData\Local\Temp\0182501363885925mcinst.exe -- (0182501363885925mcinstcleanup)
[2012/09/29 18:15:16 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9enf2adr.default\extensions\rbjqlghgxj@rbjqlghgxj.org.xpi
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
[2013/03/21 23:33:09 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy

:Files
C:\Windows\Installer\{42c209d9-6f64-047c-6a65-ec5986a97d31}
C:\Users\Guest\AppData\Local\{42c209d9-6f64-047c-6a65-ec5986a97d31}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Offline bdp1971

  • Newbie
  • *
  • Posts: 18
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #4 on: March 23, 2013, 07:58:24 PM »
OK, I'll give that a shot.  Here's the other file you requested...

Offline bdp1971

  • Newbie
  • *
  • Posts: 18
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #5 on: March 23, 2013, 11:35:53 PM »
It appears that after carefully following everything you asked me to do, the virus was successfully removed.  However, the computer hung on start-up during the automatic reboot while running Combofix.  I'm attaching both of the files you requested and will attempt a cold boot now.  Hopefully all will be right in my world, and things are back to normal.  If not, you've got my log files...haha

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #6 on: March 23, 2013, 11:56:09 PM »
Let me know the result of the boot please

Offline bdp1971

  • Newbie
  • *
  • Posts: 18
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #7 on: March 23, 2013, 11:58:54 PM »
No good!!  The only way to get in is through Safe Mode.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #8 on: March 24, 2013, 12:00:30 AM »
OK could you run OTL scan from safemode please and I will see if I can locate the problem

Use this script

  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Offline bdp1971

  • Newbie
  • *
  • Posts: 18
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #9 on: March 24, 2013, 12:04:17 AM »
Ok thanks.  Should I click "Run Scan" or "Run Fix"?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #10 on: March 24, 2013, 12:11:55 AM »
Ok thanks.  Should I click "Run Scan" or "Run Fix"?
run scan

the fix is next.....if essexboy find anything in that log.   ;)

« Last Edit: March 24, 2013, 12:14:00 AM by Pondus »

Offline bdp1971

  • Newbie
  • *
  • Posts: 18
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #11 on: March 24, 2013, 12:30:42 AM »
Thanks Pondus.  I wasn't sure because he gave me a script to add to the bottom portion but here's the file...

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #12 on: March 24, 2013, 12:37:03 AM »
no problem...
anyway, essexboy is in bed now so check back tomorrow.  ;)


Offline bdp1971

  • Newbie
  • *
  • Posts: 18
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #13 on: March 24, 2013, 12:43:07 AM »
Okay will do.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Services.exe Causing Problems - Win32:Malware-gen/Win32:Trojan-gen
« Reply #14 on: March 24, 2013, 12:20:18 PM »
It looks as though an ADS has attached itself to the services file after it was cleaned.  I will remove that now

Quote
< MD5 for: SERVICES.EXE.93A035487F176007 >
[2012/09/29 10:18:19 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe.93A035487F176007
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Files
@C:\windows\SysNative\services.exe.93A035487F176007

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.