Infected by a trojan. The trojan created an open UDP port at 123.
Then another TCP at 135( I think... but this port is used by Netbios).
Then it creates a folder Recycler/S-5-3-42-2819952290-8240758988-879315005-3665/jwgkvsq.vmx
Size is 159KB. It also creates an autorun.inf file with the size of 58KB.
Services stared using the svhost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
By using services.msc I identified a few services that use svhost.exe
Service name:
1)Help and Support from the services menu.
2)COM+ Event System
3)Windows Management Instrumentation
4)Themes
5)System Event Notification
This is which i have disabled during startup so it should be the source of infection.
6)DHCP Client
7)Computer Browser
8)Secondary Logon
9)Server
6 years ago
1 comment:
Hi,
You might want to check up the following forum:
http://en.kioskea.net/forum/affich-43800-avg-windows-update-failure
They recommended the following:
http://www.simplysup.com/tremover/download.html
SFC
Post a Comment