Every time I run AVG scan (auto-scan) it finds the same 2 entries:
"C:\WINDOWS\System32\SERVICES.EXE (912):\memory_009e0000";"Virus identified Win32/Rustock.G";"Reboot is required to finish the action"
"C:\WINDOWS\System32\SERVICES.EXE (912)";"Virus identified Win32/Rustock.G";"Reboot is required to finish the action"
Reboot is done and only the first entry says "Moved to Virus vault". 2nd entry still says "Reboot required..."
Why is this happening? I am running Win XP pro, firewall on, AVG 9.0.725, DB 270.14.127/2603
No I can't. Gmer runs and finds a possible service in Win32 that it thinks is a RootKit activity. But if I try to copy the scan to anything, even if stopping Gmer, the Processor activity goes to 100% and nothing else will run. I have to power off the computer to get a reboot. If I try to run a full scan Gmer itself bogs down and the Task Manager shows 100% processor use. If I try to use the procedure referenced above and try to delete the file found in red it says that the "Path is not found".
Can we try another tool please?
is possible to share which file exactly is detected in red by Gmer? Is possible to run Gmer without the full scan (without "Scan" button usage) and use its features by ">>>" tab?
Else try please RootRepeal application.
Thanks ***************AVG Team
The file in red is C:\Windows\system32\drivers\a019a00d.sys
If I try to delete this file it tells me the file "Does not exist".
This is one of the parts of the Rustock virus according to this very interesting and highly detailed
It looks pretty hopeless that AVG can fix this virus. According to the article, which is a few years old,
there is no way to fix this at all.
Tried the RootRepeal program. It showed no problems in the Drivers or the 129 running processes I had. Then I tried to scan the files and it completely hung up so badly that I had to power off the computer to get a reboot. I'd say this Beta version is not ready for "prime time". It never showed any problems.
Oh, I forgot to mention that this virus has disabled my old virus program (Computer Associates). That is why I am trying AVG. But it also has disabled REGEDIT. Can you tell me how it has done this so that I can fix it and run REGEDIT again?
is possible to connect affected hard drive to another clean computer and check it against viruses? If some system file is found infected, please try to restore it from backup to proper OS functionality.
Pointed article showed possible injection in system files: