Author Topic: Internet Security 2010 and asc3550p.sys (Read 12306 times)

essexboy · « **Reply #15 on:** January 26, 2010, 12:09:09 AM »

In that case it is time for the big boy to find the driver/respawner responsible

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

spgass · « **Reply #16 on:** January 26, 2010, 12:43:37 AM »

OK, I turned off Avast and ran ComboFix. Here's the log.

spgass · « **Reply #17 on:** January 26, 2010, 02:31:22 AM »

I reran MBAM and it didn't find anything. Does this mean I'm cured?

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/25/2010 8:27:11 PM
mbam-log-2010-01-25 (20-27-11).txt

Scan type: Quick Scan
Objects scanned: 108697
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

essexboy · « **Reply #18 on:** January 26, 2010, 08:52:09 PM »

Combofix killed the file and removed the legacy keys

Run OTS and hit the cleanup button then all the tools should disappear

spgass · « **Reply #19 on:** January 27, 2010, 03:18:18 AM »

Essexboy, you rock!

Thank you, thank you, thank you!

Best Regards,

S.P. Gass

essexboy · « **Reply #20 on:** January 27, 2010, 10:14:00 PM »

My pleasure - enjoy

jan4uf · « **Reply #21 on:** January 31, 2010, 11:13:33 PM »

THANK YOU THANK YOU THANK YOU!!!!

You guys ROCK! I am VERY grateful to have been told about your forums to find the fix to this horrible virus/worm whatever it is.

I am a novice and had been trying to get rid of a virus on my husband's PC, we are both in college and need our computers.

My son told me about your forums and sent a link.

Once Malwarebytes removed the fifty something virus on the computer we ended up with this one that would not go away! My son told me it was a registry virus and he would look at it, the computer was down for a week and he did not have a chance to work on it, so I came to your forum and searched on asc3550p.

Since spgass had already gone through all of the trial and error steps, simutaneous to our problem all I had to do was follow Exxexboy's last instruction for the combofix.

WOW!

I am SO glad there are people out there like you all who want to help others get rid of malicious programs!!!

It is sad that others do not use their obvious talent in a positive manner.
THANK YOU!!!!

Again

essexboy · « **Reply #22 on:** January 31, 2010, 11:17:42 PM »

Welcome to the forum - enjoy

WestWycke · « **Reply #23 on:** February 03, 2010, 03:01:25 AM »

So I'm having the same problem as the original poster.
MBAM keeps identifying the asc3550p rootkit and deleting it, but when I reboot, there it is again.

I wanted to try the suggest solution using combofix, but I ran into a problem.
There are two links listed to download from.
One leads me to a forum in Spanish/Italian/Portuguese/whatever. It's no help as English is my only language.
The other starts to immediately download Combofix.exe. I tell it to save it to my desktop as per the instructions, but the download fails. I get a message box stating:

Cannot copy ComboFix[1]: Access is Denied.
Make sure the disk is not full or write-protected and that the file is not currently in use.

Then it gives me the option to cancel the download or not. If I don't, I get the same message; if I do, then I don't get the download.

I know the disk is not full; I believe it is not write-protected, and I can't imagine how I would already have the file in use.

Any help on this problem would be appreciated.

Author Topic: Internet Security 2010 and asc3550p.sys (Read 12306 times)

essexboy

Re: Internet Security 2010 and asc3550p.sys

spgass

Re: Internet Security 2010 and asc3550p.sys

spgass

Re: Internet Security 2010 and asc3550p.sys

essexboy

Re: Internet Security 2010 and asc3550p.sys

spgass

Re: Internet Security 2010 and asc3550p.sys

essexboy

Re: Internet Security 2010 and asc3550p.sys

jan4uf

Re: Internet Security 2010 and asc3550p.sys

essexboy

Re: Internet Security 2010 and asc3550p.sys

WestWycke

Re: Internet Security 2010 and asc3550p.sys