DanishCoder
asked on
Removing a Trojan horse in Windows 7
Dear experts,
In AVG, I continually get a popup on my screen that a threat (dropper.generic_c.MMI) is detected in c:\windows\system32\servic es.exe. My only option in the popup is to "show details":
AVG tells me that services.exe is a whitelisted file and should not be removed. Here are some more information: http://goo.gl/GiJbY
I've googled the net to find out more, and read that it should be dangerous, but I don't feel like I experience those symptoms. I don't see changed homepages, or programs shut down. I don't see those keys in my regedit either, so I think my computer isn't that much infected. (Reference: http://goo.gl/qWiC4)
But what can I do to remove this, and how do I do it?
Is it safe to remove services.exe?
Thanks in advance!
DanishCoder
In AVG, I continually get a popup on my screen that a threat (dropper.generic_c.MMI) is detected in c:\windows\system32\servic
Processname: C:\Windows\System32\svchos t.exe
Process-ID: 732
...or ignore the threat.Process-ID: 732
AVG tells me that services.exe is a whitelisted file and should not be removed. Here are some more information: http://goo.gl/GiJbY
I've googled the net to find out more, and read that it should be dangerous, but I don't feel like I experience those symptoms. I don't see changed homepages, or programs shut down. I don't see those keys in my regedit either, so I think my computer isn't that much infected. (Reference: http://goo.gl/qWiC4)
But what can I do to remove this, and how do I do it?
Is it safe to remove services.exe?
Thanks in advance!
DanishCoder
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here are directions.
MartinLiss, just FYI, your hyperlink is broken. You simply need to remove the "http://" from the end.
AVG can show many false possitves.
I suggest you scan with another antivirus software to see if false or not,
Free online scanners:
Panda:
http://www.pandasecurity.com/homeusers/solutions/activescan/
Bitdefender:
http://www.bitdefender.com/scanner/online/free.html
I suggest you scan with another antivirus software to see if false or not,
Free online scanners:
Panda:
http://www.pandasecurity.com/homeusers/solutions/activescan/
Bitdefender:
http://www.bitdefender.com/scanner/online/free.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi experts,
It's time to catch up :-)
@Frosty555
Thanks for your description. I think you're right. I'm not sure that I can remove those *.exe files. Because when you say "Windows services" I think of Internet Information Server (IIS), and I don't want to make that one unstable ;-)
By the way, "services.exe" and "svchost.exe" was created, opened, and edited on July 14, 2009. But may that means that it could install itself there without changing the opening date?
@MartinLiss
I've seen the article before I asked this question.
In the regedit.exe, I don't see those 4 keys they mention.
When it comes to files, the only file is "C:\Windows\System32\servi ces.exe".
So I supposed nothing is wrong here.
@Michael-Best
I've tried out the two links, but it only gave me further problems.
Panda reported an update error "Sorry, updating is incomplete due to an error."
Bitdefender did not find anything, so I installed it, and it gave me the option to remove other virus software at the same time. I removed AVG Free, and after BD was installed, I was not able to start the computer or connect to the internet. I uninstalled BD, and was able to access the Internet again, and I reinstalled AVG and now there is no virus.
@RootsMan
Thanks for your description. I'll keep it for another time, but I don't believe that my OS is infected so much. I've backed-up my stuff using Carbonite for the last 4 years I think. Quite happy with the product.
Thanks for your help!
DC
It's time to catch up :-)
@Frosty555
Thanks for your description. I think you're right. I'm not sure that I can remove those *.exe files. Because when you say "Windows services" I think of Internet Information Server (IIS), and I don't want to make that one unstable ;-)
By the way, "services.exe" and "svchost.exe" was created, opened, and edited on July 14, 2009. But may that means that it could install itself there without changing the opening date?
@MartinLiss
I've seen the article before I asked this question.
In the regedit.exe, I don't see those 4 keys they mention.
When it comes to files, the only file is "C:\Windows\System32\servi
So I supposed nothing is wrong here.
@Michael-Best
I've tried out the two links, but it only gave me further problems.
Panda reported an update error "Sorry, updating is incomplete due to an error."
Bitdefender did not find anything, so I installed it, and it gave me the option to remove other virus software at the same time. I removed AVG Free, and after BD was installed, I was not able to start the computer or connect to the internet. I uninstalled BD, and was able to access the Internet again, and I reinstalled AVG and now there is no virus.
@RootsMan
Thanks for your description. I'll keep it for another time, but I don't believe that my OS is infected so much. I've backed-up my stuff using Carbonite for the last 4 years I think. Quite happy with the product.
Thanks for your help!
DC
ASKER
CONCLUSION:
After installing BitDefender (which denied my access to the Internet), I uninstalled BD and re-installed AVG Free. I run a scan, and AVG says no threats. I'm sure BitDefender is a good program, and that it did what it was supposed to do, but if my internet doesn't work, I can't keep the program on my computer.
After installing BitDefender (which denied my access to the Internet), I uninstalled BD and re-installed AVG Free. I run a scan, and AVG says no threats. I'm sure BitDefender is a good program, and that it did what it was supposed to do, but if my internet doesn't work, I can't keep the program on my computer.