Trojan.inject.ia No Action Was Possible...........

Hi there,


I'm a newbie here at BitDefender.


Bought the whole package today to deal with a massive attack on my pc. That's what happens when you use freeware......but I digress.


I have cleaned up all of the problems, except for the Trojan.Inject.IA and as such subsequently the "No action was possible" message appears.


It is driving me insane! I've been going through all the file folders to see if I can detect anything for a manual deletion, but to no avail!


Please help!


Jan

Comments

  • I have been looking in the forums, but have found nothing.


    Is there not one person that can help??????

  • A few extra info would be very helpful, like the location of the trojan. A scanning log would also be appreciated.

  • Jan Santana
    edited August 2008

    Well it's stuck in some win32 cache (something to do with 'memory dump'), and I'm using another to pc to deny it access to the net.


    I will do my best to get a scan log.

  • Here it is:


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : No


    Target selection options:Scan registry keys : Yes


    Scan cookies : Yes


    Scan boot sectors : No


    Scan memory processes : Yes


    Scan archives : Yes


    Scan runtime packers : Yes


    Scan emails : Yes


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target ProcessingDefault action for infected objects : Disinfect


    Default action for suspicious objects : None


    Default action for hidden objects : None


    Scan engines summaryNumber of virus signatures : 1436132


    Archive plugins : 43


    Email plugins : 6


    Scan plugins : 12


    Archive plugins : 43


    System plugins : 4


    Unpack plugins : 7


    Overall scan summaryScanned items : 1881


    Infected items : 2


    Suspicious items : 0


    Resolved items : 0


    Individual viruses found : 1


    Scanned directories : 611


    Scanned boot sectors : 0


    Scanned archives : 1


    Input-output errors : 0


    Scan time : 00:00:01:34


    Files per second : 16


    Scanned processes summaryScanned : 32


    Infected : 0


    Scanned registry keys summaryScanned : 319


    Infected : 0


    Scanned cookies summaryScanned : 0


    Infected : 0


    Remaining issues:Object Name Threat Name Final Status


    [system] Trojan.Inject.IA No action was possible


    [system] Trojan.Inject.IA No action was possible


    Resolved issues:Object Name Threat Name Final Status


    Objects that were not scanned:Object Name Reason Final Status

  • Quoting the link at Bitdefender:


    "What to do in case of unresolved items


    Issue:


    When performing a scan with BitDefender, in certain occasions Unresolved Items may be displayed in the Results Summary window. This may occur in one of the situations presented below.


    Solution:


    There are infected or suspect files included in the target scan for which BitDefender is not set to take any action.


    Solution: Scan again the location where the files were detected and set the desired actions (Disinfect files, Delete files, Move to Quarantine)


    All the possible actions fail when scanning certain files. These types of files are:


    a. Archives or packed applications which cannot be repacked by BitDefender.


    Solution: The archives or packed applications which are containing the infected files have to be deleted manually


    b. Files which are surpassing the limit size set for the Quarantine.


    Solution: Empty the Quarantine and scan again the location where the infected files were detected.


    c. Email archives which cannot be repacked by BitDefender.


    Solution: Manually delete the e-mails detected by BitDefender. BitDefender provides detailed information on the e-mail which contains an infected attachment. The following information is available: Subject, Date, name of the infected attachment."


    Which is completely useless, thank you!

  • Jan Santana
    edited August 2008

    The actual infected area is:


    Windows\system32\svhost.exe(memory dump)


    Windows\system32\svhost.exe(full dump)


    This has been very distasteful!

  • The actual infected area is:


    Windows\system32\svhost.exe(memory dump)


    Windows\system32\svhost.exe(full dump)


    This has been very distasteful!


    I've attach an archive with a beta product of ours called AVIS. Please run it and use it as follows:


    * Go to General tab


    * Use Submit a file button


    * Click Add and select the file C:\Windows\system32\svhost.exe


    * Click on dissinfectable


    * Click on submit to and put on the text box "MCU"


    * Click submit


    On the System Info tab


    * Click Create Log


    After the log is created the archive with the log will be put on your desktop. Please submit that too attaching the archive on a reply post here in the forum.


    /applications/core/interface/file/attachment.php?id=2587" data-fileid="2587" rel="">BitDefender_AVIS.rar

  • Since regular users won`t be able to download it from here, I attched AVIS here.


    Regards.

  • Ok thank you, I will get back to you when done!


    :ph34r:

  • Jan Santana
    edited August 2008

    Having problems with the log, says it is passworded.


    But now I have seen why, I think!

  • Jan Santana
    edited August 2008

    It's ok now.

  • Did a scan with the AVIS program and it is picking stuff up that the Total Security does not!


    Does not good! :huh:

  • Did a scan with the AVIS program and it is picking stuff up that the Total Security does not!


    Does not good! :huh:


    AVIS shouldn't be used for scanning files. It contains some heuristic routines that sometimes can generate false alarms. Please use AVIS only for cleaning or logging purposes.


    From the attached log, i see these suspicious files:


    C:\WINDOWS\msauc.exe


    C:\WINDOWS\system32\Drivers\Iap44.sys (this is probably the source of the Trojan.Inject.IA infection. It is injected in the "svchost.exe" process and therefore cannot be disinfected. Try to copy the file to another location using GMER or Windows Recovery Console)


    Then, try to archive the files and attached them to a post here.

  • AVIS shouldn't be used for scanning files. It contains some heuristic routines that sometimes can generate false alarms. Please use AVIS only for cleaning or logging purposes.


    From the attached log, i see these suspicious files:


    C:\WINDOWS\msauc.exe


    C:\WINDOWS\system32\Drivers\Iap44.sys (this is probably the source of the Trojan.Inject.IA infection. It is injected in the "svchost.exe" process and therefore cannot be disinfected. Try to copy the file to another location using GMER or Windows Recovery Console)


    Then, try to archive the files and attached them to a post here.


    Ok so it is not a happy camper situation then...........


    What is the GMER (excuse my ignorance) and if using the recovery console how shall I trap the files?


    Thanks

  • I would really appreciate a complete reference to what I should to do get rid of this.


    It is frustrating to have bought this product and it cant actually do anything to help me!

  • Read this: http://forum.bitdefender.com/index.php?showtopic=1054


    Use the instructions to move (and rename) the file(s) to another location. After that, reboot normally, pack the files (in a password protected archive) and attach the archive to your next post.


    Cris.

  • Jan Santana
    edited August 2008

    Unfortunately the keyboard does not allow me to boot from the CD when required, the ms-dos prompt in Windows does not let me format C:.


    This has to be the most messed up PC infection I've seen in a long time, so new hardisk it is!


    Thanks for the help anyway.

  • Hello JanDaMan,


    Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.


    Kind regards,


    Niels

  • I've attach an archive with a beta product of ours called AVIS. Please run it and use it as follows:


    * Go to General tab


    * Use Submit a file button


    * Click Add and select the file C:\Windows\system32\svhost.exe


    * Click on dissinfectable


    * Click on submit to and put on the text box "MCU"


    * Click submit


    On the System Info tab


    * Click Create Log


    After the log is created the archive with the log will be put on your desktop. Please submit that too attaching the archive on a reply post here in the forum.


    My boss has the same problem on his computer at work, and since I'm the geek-in-residence, I've been following the thread and attached the avis file. Are there any updates to this trojan, since this thread started 2-3 weeks ago? Any help would be appreciated.

    /applications/core/interface/file/attachment.php?id=2881" data-fileid="2881" rel="">bd_sys_log.xml.zip

  • My boss has the same problem on his computer at work, and since I'm the geek-in-residence, I've been following the thread and attached the avis file. Are there any updates to this trojan, since this thread started 2-3 weeks ago? Any help would be appreciated.


    Hi there!


    I found the same infection in our friends' PC. They called me to help them a bit, since their PC stopped responding. I've run an online scan with BD since I consider it to be the best AV tool out there.


    It found the same trojan discussed in this topic. I've tried deleting it, renaming it, changing the .dll into .mov and then I tried to archive it with Winrar and deleting it, but no chance. It doesn't work...


    Here's the report created by AVIS. I've already submitted the file to MCU.


    Thanks for your help.


    A.

  • Hi there!


    I found the same infection in our friends' PC. They called me to help them a bit, since their PC stopped responding. I've run an online scan with BD since I consider it to be the best AV tool out there.


    It found the same trojan discussed in this topic. I've tried deleting it, renaming it, changing the .dll into .mov and then I tried to archive it with Winrar and deleting it, but no chance. It doesn't work...


    Here's the report created by AVIS. I've already submitted the file to MCU.


    Thanks for your help.


    A.


    I can't seem to find a way to upload the file... :S

  • I can't seem to find a way to upload the file... :S


    OK, this should be it. Apparently the reason for not being able to upload was the new IE8 :)


    Thanks again and waiting for your help or suggestions.


    A.

    /applications/core/interface/file/attachment.php?id=4696" data-fileid="4696" rel="">bd_sys_log.xml.zip