w32/Conficker!mem trojan

w32/Conficker!mem trojan
svchost could not be repaired
c.JPG
tomar_10Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SaxtusCommented:
0
tomar_10Author Commented:
i have tried but it says nothinf foun you can see the log

But stinger says it exist

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\admin>cd desktop

C:\Documents and Settings\admin\Desktop>cd conficker

C:\Documents and Settings\admin\Desktop\conficker>econfickerremover
Win32/Conficker worm Removal Tool build: Jun 22 2009 (c) 2009 ESET, spol. s r.o.

Usage: removaltool.exe <options>
Options:  -autoclean  - clean automatically without confirmation
          -reboot     - reboot machine after successful cleaning
          -force      - force deletion of Conficker-like scheduled tasks
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.



0
tomar_10Author Commented:
i face this problem
c1info.JPG
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

SaxtusCommented:
I was trying to save you from a lot bigger download.
Here it is: ftp://ftp.f-secure.com/anti-virus/tools/beta/fsmrt.zip
0
rpggamergirlCommented:
You would need to install the MS Patch mentioned in the link if you haven't yet.
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx


And run removal like the tools below:
F-Secure Removal tool:
ftp://ftp.f-secure.com/anti-virus/tools/DownadupRemovalTool.zip
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

MS Malicous Removal tool:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&disp 
laylang=en

Symantec's W32.Downadup Removal Tool:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99



Also good idea to run Combofix, it should replace svchost.exe if it finds a clean one in the system.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)


Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 

If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 

 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tomar_10Author Commented:
this tool dose not detect anything, its of no use.
0
JeremySBrownCommented:
Try scanning with...Dr. Web Anti-Virus
http://www.freedrweb.com/
0
warturtleCommented:
Hello,

Open this webpage and see how many images you can actually see:

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

That will help us track down which variant of Conficker you have (and if you actually have it or not).

Hope it helps.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.