Trojan.inject.ia =>no Action Possible!
Hi there!
I found a trojan infection in our friends' PC. They called me to help them a bit, since their PC stopped responding. I've run an online scan with BD since I consider it to be the best AV tool out there.
It found the trojan "Trojan.inject.ia". I've tried deleting it, renaming it, changing the .dll into .mov and then I tried to archive it with Winrar and deleting it, but no chance. It doesn't work...
Here's the link to the report created by AVIS: http://forum.bitdefender.com/index.php?sho...adeux&st=20
I've already submitted the file to MCU.
Thanks for your help.
A.
Comments
-
Please paste here the full scan log. We need to see the file location
0 -
Hi,
i`ve been infected with trojan.inject.ia too!
no attempt to delete it or the like works for me.
unfortunately my log file is german so i think you guys should have quite a few problems understanding it.
Is there any news on this problem?
Hopefully
Bastian0 -
Hi Guys,
I'm also infected .. any updates on how to successful remove this ?
the infected file is /windows/system32/svchost.exe (memory & full dump)
Thanks,
Mike
dump of log file :
BitDefender Log File
Product : BitDefender Internet Security 2009
Version : BitDefender UIScanner v.12
Scanning task : windows scan
Log date : 13:13:39 15/03/2009
Log path : C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs\user_0001\1237119219_1_02.xml
Scan Paths:Path 0000: C:\WINDOWS\system32
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 2793184
Archive plugins : 45
Email plugins : 6
Scan plugins : 13
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 4622
Infected items : 5
Suspicious items : 0
Resolved items : 0
Unresolved items : 5
Password-protected items : 0
Individual viruses found : 2
Scanned directories : 339
Scanned boot sectors : 2
Scanned archives : 26
Input-output errors : 30
Scan time : 00:16:53
Files per second : 3
Scanned processes summaryScanned : 47
Infected : 0
Scanned registry keys summaryScanned : 1103
Infected : 0
Scanned cookies summaryScanned : 1103
Infected : 0
Remaining issues:Object Name Threat Name Final Status
[system]=]C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (memory dump) Gen:Trojan.Heur.85B14E1C1C Disinfect Failed
[system]=]C:\WINDOWS\System32\svchost.exe (memory dump) Trojan.Inject.IA Disinfect Failed
[system]=]C:\WINDOWS\System32\svchost.exe (full dump) Trojan.Inject.IA Disinfect Failed
[system]=]C:\WINDOWS\System32\svchost.exe (memory dump) Trojan.Inject.IA Disinfect Failed
[system]=]C:\WINDOWS\System32\svchost.exe (full dump) Trojan.Inject.IA Disinfect Failed0 -
Have you tried running BD in safe mode - it is possible that you need to be in safemode to get rid?
How about getting Malwarebytes Anti Malware (it's free) updating it to the latest update and then doing a full scan in safe mode.
In addition to BD I have Malwarebytes Anti Malware and Win Patrol .. both free. They all do a good job. Zone Alarm Pro v 7.4 is the firewall.0 -
This is an injector, which means that it will inject its code into one or more processes. In this case, the trojan may have launched svchost into execution, and basically, overwrote the original code with its own. This way, the file remains clean, only its memory image gets infected. However, to make sure and remove any doubt, please attach c:\windows\system32\svchost.exe in a password protected zip/rar archive (using the password infected).
Best regards!0 -
Please pack the file(s) in an archive, protected with the password infected.
Upload it on www.rapidshare.com or other server and leave here the download link.
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe0