system file infected/corrupt


XXN

Joined
Dec 26, 2012
Messages
10
Reaction score
0
hi,
few days ago my PC was infected with jeefo. I used "jeefogui" and I cured most part of the infected files (.exe). But, some system files it can't cure. Dr. web so can't do it.
Infected files (@ jeefogui):
C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_2d4ce84c4a0b8470\fsquirt.exe
C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\fsquirt.exe
C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_a6bf6d613b46f6a5\fsquirt.exe
C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_x86_neutral_a651bb730e78eedd\dpinst.exe
C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_x86_neutral_a651bb730e78eedd\nvudisp.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_744c2e2719d350a0\fsquirt.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_745a00d719c87ddb\fsquirt.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_740585d71a078a5f\fsquirt.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_74d7cd6c32ef203f\fsquirt.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_74b739963307a1a2\fsquirt.exe

I runned sfc /scannow. Either that hasn't helped.
sfc Scan log: View attachment CBS.zip

what can i do to solve this issue?
 
Last edited by a moderator:
Ad

Advertisements

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,342
Reaction score
1,584
Download TDSSKiller and RKill from our Freeware DB. If you do not have an anti-virus then download, install, and allow to update Malwarebytes Anti-Malware (MBAM). Then reboot your system into safe mode without networking (Reboot and, when it says "Starting Windows," Press F8; If you get a message asking continue in safe mode or perform a system restore, choose continue in safe mode). Now run TDSSKiller and after that run RKill and after that run a full virus scan. The first two will take maybe 5 minutes each but a full virus scan can take anywhere from 30 minutes to several hours depending on your hard drive size and number of files.

TDSSKiller is designed specifically to look for rootkits. RKill is designed to stop the stealthing programs that hide/protect/regenerate some nasty viruses. Running these first will help ensure your A/V has the best chance of cleaning up the infected files.
 

Digerati

Post Quinquagenarian
VIP Member
Joined
Apr 7, 2010
Messages
1,094
Reaction score
277
If you do not have an anti-virus then download, install, and allow to update Malwarebytes Anti-Malware (MBAM).
That's a great product but note MBAM (Free) does not run full time, but "on-demand" only. Therefore, it is good as a supplemental anti-malware solution - great to verify your real-time anti-malware solution did not miss anything and I use and highly recommend MBAM for that purpose.

So if you don't have an anti-virus program, you need to download and install a "full-time" solution now. If you want to pay for MBAM Pro, fine. It's a great product. But there are many capable free anti-malware solutions. I use and recommend Microsoft Security Essentials (MSE).
 

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,342
Reaction score
1,584
My information was merely to rid your computer of the infected files. I agree with Digerati that once you have your system cleaned you want to avoid these situations in the future by running active anti-virus protection such as MSE.
 

XXN

Joined
Dec 26, 2012
Messages
10
Reaction score
0
@ TrainableMan,
no threats detected (both programs)

Rkill
:
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/27/2012 06:18:03 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Update (wuauserv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/27/2012 06:18:27 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)
TDSSKiller: http://pastebin.com/6VfVa8Fb
 

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,342
Reaction score
1,584
And you ran them in safemode, correct?

Then what happened when you ran a complete anti-virus scan in safe mode? Was it able to delete the offending files?
 
Ad

Advertisements

XXN

Joined
Dec 26, 2012
Messages
10
Reaction score
0
first time, i ranned them in normal windows boot mode

but now i did it in safe mode
results attached
 

Attachments

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,342
Reaction score
1,584
The results look fine, but while still in safe mode you must then run a complete anti-virus scan.

Does everything seem to be working alright?

Did you install Malwarebytes and run it in safe mode?
 

XXN

Joined
Dec 26, 2012
Messages
10
Reaction score
0
MBAM can't detect it.
Only jeefogui and Windows sfc scan

yes, everything work properly.
 

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,342
Reaction score
1,584
Have you tried booting up to the W7 Ult DVD and running "system repair" (On the install menu system repair is in the bottom left corner).
 
Ad

Advertisements

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,342
Reaction score
1,584
Download & burn it to DVD ... preferably on a computer you don't suspect is infected. W7 SP1

If we do not have links to "Ultimate" in your language then you will need to download "Professional" and then delete ei.cfg before you burn it to DVD. See this thread: "Get four versions from one".
 
Last edited:
Ad

Advertisements

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,342
Reaction score
1,584
If you cannot get that to work then quite honestly I would probably reinstall rather than take a chance on being infected.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top