Results 1 to 2 of 2

Thread: spybot fails infection removal

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    1

    Unhappy spybot fails infection removal

    Hi all,

    I have also tried using counterspy, spyware doctor, SDFix, MalwareBytes Anti-Malware, Super Anti-Spyware, McAfee, AVG, BitDefender and Kaspersky however i still have an infection. Spybot reports an infection Win32.Agent.pz but it's not able to remove it as even though it says successful remove, it keeps appearing on each and every scan including after reboot.

    This link:

    http://www.threatexpert.com/report.a...27cb1cc0dfbcd9

    shows a report and I believe this is the exact infection that I have since. twex.exe has been identified by kaspersky not as a virus but placed in "Low Restricted" group of items. My Kaspersky firewall is collecting data attempting to be sent to 195.2.252.140. I have the registry key[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] infected with the twex.exe name which I have manually removed the twex.exe part but not re-checked for presence. I also have the %system%\twain32 and localservice\twain32 presence. AVG also reported the %system%\twain32 in the rookit scan however, doesn't seem to have removed it.

    I have used the sysinternals filemon application and determined that svchost is locking the %system\twain32 files local.ds etc. and therefore I believe that svchost is infected, svchost is also mentioned in the report link above.

    I have combofix installed on the computer not trend micro hijack this. The HJT logs seem to help identify infection but I think i've done that. My guess is with the right script and the information in the report I can clean up the system with combofix. Please advise.

    What should be the next step? At present I am connecting to the internet with another computer in the home since when I connect infected computer, it downloads other malware from the net (presumably from 195.2.252.140).

    Thanks in advance.

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hello cousincuzzer

    Please see this next

    Please follow the instructions in the above thread and then start a fresh topic with the logs required.

    Regards.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •