Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Help!! I can't get rid of a malware?
New Posts  All Forums:Forum Nav:

Help!! I can't get rid of a malware?

post #1 of 11
Thread Starter 
I've been using MSE for a while now and everything seemed fine and dandy but today afternoon I got a message saying it detected something. Info here. Anyways, when I try to delete or quarantine it, I get half way through and then BSOD. mad.gif I've tried looking at the details but there was no mention of the location of said virus. This happens every time I try to delete/quarantine.

I've tried V3 Lite (Korean program) and when I try to update database I get same BSOD.
I'm going to give Avast a go but what can I do to fix this? I'm very close to just formatting my drive but this will take me hours. Help please.
x58
(14 items)
 
  
CPUMotherboardGraphicsRAM
920 D0 (#3845B260) 4.2Ghz / HT on 1.3v Asus P6T Deluxe v2 Sapphire 7950 3GB 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Samsung SSD 840 Evo 1TB Swiftech H20-220 Edge Win10 x64 Dell U2410 
KeyboardPowerCaseMouse
LZ-MX Mini Corsair HX850 Silverstone TJ-09B Corsair Harpoon 
Audio
ASUS Xonar Essence STX 
  hide details  
Reply
x58
(14 items)
 
  
CPUMotherboardGraphicsRAM
920 D0 (#3845B260) 4.2Ghz / HT on 1.3v Asus P6T Deluxe v2 Sapphire 7950 3GB 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Samsung SSD 840 Evo 1TB Swiftech H20-220 Edge Win10 x64 Dell U2410 
KeyboardPowerCaseMouse
LZ-MX Mini Corsair HX850 Silverstone TJ-09B Corsair Harpoon 
Audio
ASUS Xonar Essence STX 
  hide details  
Reply
post #2 of 11
Sounds like system files were infected. I'd try and use an external disc to scan and boot from. If you do though be warned that you might not go back to an easily recoverable system.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #3 of 11
You could trying download Malwarebytes(Great little program), boot into safe-mode then try to remove the infection from there.
post #4 of 11
I'd start off by trying to remove it in safemode or through a bootdisk. And like mushroomboy said, it's probably got its self tangled up in some of the vb/visual c++ redistributable packs and system files.
Synthkart
(13 items)
 
  
CPUMotherboardGraphicsRAM
1055T Asus Onboard x4200 2x2GB GeIL DDR 1333 (9-9-9) 
Hard DriveOptical DriveOSMonitor
Seagate 320GB Sata3.0 Liteon iHAS124 Win7 x64 Some old crt 
KeyboardPowerCaseMouse
digital Raidmax-450K Some cheap raidmax Labtec 
Mouse Pad
  hide details  
Reply
Synthkart
(13 items)
 
  
CPUMotherboardGraphicsRAM
1055T Asus Onboard x4200 2x2GB GeIL DDR 1333 (9-9-9) 
Hard DriveOptical DriveOSMonitor
Seagate 320GB Sata3.0 Liteon iHAS124 Win7 x64 Some old crt 
KeyboardPowerCaseMouse
digital Raidmax-450K Some cheap raidmax Labtec 
Mouse Pad
  hide details  
Reply
post #5 of 11
If you cannot remove with anti-virus/malware, then try this.

Step 1 : Use Windows Task Manager to Remove VirTool:Win32/VBInject.gen!DG
Processes Remove the "VirTool:Win32/VBInject.gen!DG" processes files:
%ProgramFiles%\Bifrost\server.exe

Step 2 : Use Registry Editor to Remove VirTool:Win32/VBInject.gen!DG Registry Values
Locate and delete "VirTool:Win32/VBInject.gen!DG" registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost]
[HKEY_CURRENT_USER\Software\Bifrost]

Step 3 : Detect and Delete Other VirTool:Win32/VBInject.gen!DG Files

Remove the "VirTool:Win32/VBInject.gen!DG" processes files:
%ProgramFiles%\Bifrost\server.exe
post #6 of 11
time to reformat... then get copy of malwarebytes and enable protection mode.
luckii.3
(13 items)
 
  
CPUMotherboardGraphicsRAM
Xeon 3070 @ 3.5 GA-EP45-UD3R HD5850 2x2 XMS2 
Hard DriveOptical DriveOSMonitor
1 Tb Seagate 7200.12 LG 22X DVD Burner Ubuntu 22" Acer Wd 
PowerCaseMouse
Antec Neo HE500 Antec 9oo Logitech 
  hide details  
Reply
luckii.3
(13 items)
 
  
CPUMotherboardGraphicsRAM
Xeon 3070 @ 3.5 GA-EP45-UD3R HD5850 2x2 XMS2 
Hard DriveOptical DriveOSMonitor
1 Tb Seagate 7200.12 LG 22X DVD Burner Ubuntu 22" Acer Wd 
PowerCaseMouse
Antec Neo HE500 Antec 9oo Logitech 
  hide details  
Reply
post #7 of 11
Thread Starter 
Thanks for the suggestions. I just ran malwarebytes and found a few svchost.exe files with Trojans.Agent. However when I delete them in safe mode and boot into normal mode (using win7 x64 btw), malwarebytes detects a few svchost.exe with Trojans again.

I think the damn virus/malware indeed got itself into vb/visual c++ redistributable packs and system files. Should I just try Doogiehouser's method now?
x58
(14 items)
 
  
CPUMotherboardGraphicsRAM
920 D0 (#3845B260) 4.2Ghz / HT on 1.3v Asus P6T Deluxe v2 Sapphire 7950 3GB 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Samsung SSD 840 Evo 1TB Swiftech H20-220 Edge Win10 x64 Dell U2410 
KeyboardPowerCaseMouse
LZ-MX Mini Corsair HX850 Silverstone TJ-09B Corsair Harpoon 
Audio
ASUS Xonar Essence STX 
  hide details  
Reply
x58
(14 items)
 
  
CPUMotherboardGraphicsRAM
920 D0 (#3845B260) 4.2Ghz / HT on 1.3v Asus P6T Deluxe v2 Sapphire 7950 3GB 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Samsung SSD 840 Evo 1TB Swiftech H20-220 Edge Win10 x64 Dell U2410 
KeyboardPowerCaseMouse
LZ-MX Mini Corsair HX850 Silverstone TJ-09B Corsair Harpoon 
Audio
ASUS Xonar Essence STX 
  hide details  
Reply
post #8 of 11
Thread Starter 
Here's a list of what each svchost.exe does.

svc.jpg

Does anything look out of the ordinary here? All the svchost.exe *32 ones are N/A but it says they're Visual Basic Command Line Compiler. No clue what this is lol. It also turns out all of the N/A ones are actually a single file located in windows/temp folder.

Is this a false positive?
x58
(14 items)
 
  
CPUMotherboardGraphicsRAM
920 D0 (#3845B260) 4.2Ghz / HT on 1.3v Asus P6T Deluxe v2 Sapphire 7950 3GB 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Samsung SSD 840 Evo 1TB Swiftech H20-220 Edge Win10 x64 Dell U2410 
KeyboardPowerCaseMouse
LZ-MX Mini Corsair HX850 Silverstone TJ-09B Corsair Harpoon 
Audio
ASUS Xonar Essence STX 
  hide details  
Reply
x58
(14 items)
 
  
CPUMotherboardGraphicsRAM
920 D0 (#3845B260) 4.2Ghz / HT on 1.3v Asus P6T Deluxe v2 Sapphire 7950 3GB 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Samsung SSD 840 Evo 1TB Swiftech H20-220 Edge Win10 x64 Dell U2410 
KeyboardPowerCaseMouse
LZ-MX Mini Corsair HX850 Silverstone TJ-09B Corsair Harpoon 
Audio
ASUS Xonar Essence STX 
  hide details  
Reply
post #9 of 11
You need to do a full scan and remove all files, which might break your install. Other than that format/new system is probably the only other decent option. I hate saying that too but once a trojan gets embedded so far it can do some serious damage to a system after removal. System repair might fix things but you really should use a liveCD that has AV on it (remove files, then system repair).
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #10 of 11
Thread Starter 
After trying to fix this BS for hours I gave up and just formatted. No matter what method I tried to kill it it always came back. I lost most of my save files in games though. FUUU

Anyways now the trojan sob is gone for good.
x58
(14 items)
 
  
CPUMotherboardGraphicsRAM
920 D0 (#3845B260) 4.2Ghz / HT on 1.3v Asus P6T Deluxe v2 Sapphire 7950 3GB 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Samsung SSD 840 Evo 1TB Swiftech H20-220 Edge Win10 x64 Dell U2410 
KeyboardPowerCaseMouse
LZ-MX Mini Corsair HX850 Silverstone TJ-09B Corsair Harpoon 
Audio
ASUS Xonar Essence STX 
  hide details  
Reply
x58
(14 items)
 
  
CPUMotherboardGraphicsRAM
920 D0 (#3845B260) 4.2Ghz / HT on 1.3v Asus P6T Deluxe v2 Sapphire 7950 3GB 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Samsung SSD 840 Evo 1TB Swiftech H20-220 Edge Win10 x64 Dell U2410 
KeyboardPowerCaseMouse
LZ-MX Mini Corsair HX850 Silverstone TJ-09B Corsair Harpoon 
Audio
ASUS Xonar Essence STX 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Help!! I can't get rid of a malware?