Tojan or Malware?? Help !!

[Sridhar_Rao]

Hello,
When i inserted a flash drive, the avast AV detected
VBS:Malware-gen in autorun.inf. Every attempt to delete repair and
move to chest failed. I disabled autorun feature on all drives using microsoft
TWEAK UI. Finally I used an untested application flash disinfector,
which solved the problem but left its own autorun folder on all
drives.

Whenever I try to connect to net the comodo firewall detects
an application C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
trying to modify the memory of internet explorer and connecting to
some remote location. I am sure there is a trojan. Complete scan
(including boot time) using avast, spybot S&D, Avast adaware, windows
malicious software removal tool, rootkit revealer (all updated
versions) failed to detect anything. There are entries of spoolsv.exe
in registry too. This file exists in recycler too. What is this file doing in recycler and trying to connect internet. Should I delete all
entries in registry? what should i do now?

Any useful help is welcomed.

[pirates1323]

hmm.. first of all Google is your friend ..

Download Spyware doctor .. and scan your pc(COMPLETE SCAN) with it... and remove spywares if found any...

Go to Start> RUn .. type msconfig.. and then go to startup tab .. check for any suspicious application trying to run at startup.. uncheck it ..

I suggest you Kaspersky Internet Security..

Download CCleaner .. clean all your temp files and also scan for registry errors..

Format your flash drive in safe mode... in FAT32 ... then again format in NTFS... try all the options in format ....

[Sridhar_Rao]

Thanks for the post. Since I had so many precautions in place, I always thought my system is immune to any attack. It is now practically evident that no anti-spyware can fully detect all malware/spyware out there. The infected file was there in the recycler folder, none of them detected any problem in that file. It wasn't until I installed trial version of Ashampoo Antispyware 2 guard that the presence of a trojan was officially revealed. The negative aspect of this software is that it does not scan files at boot like avast so removing a file after booting becomes difficult. I restarted in safe mode with command prompt and deleted spoolsv.exe residing in the cycler.
I feel sad that presence of avast, adaware, microsoft malicious software removal tool, all failed to detect the trojan despite being update almost every other day.
I have run full system scan using Ashampoo antispyware guard and have not found anything suspicious. Does it mean there are no harmful files lurking around in my computer. I now use on-screen keyboard to type passwords.

[ravi_9793]

This may help you.
How To Do Effective System Scanning

[Ecko]

Install Avast from then on installation time only it will ask for a boot time scan & check yes for it
On next boot it will scan for virus & press Key 2 (Numeric) from your keyboard
You're done with trojan/virus

Now comes the registry part which you may disinfect using above posts Spyware Doctor or using Spybot Search & Destroy since Spyware Doctor is paid software

Other anytispyware dat can be used Spyware Terminator

Happy Disinfection

[Sridhar_Rao]

There are so many free antivirus, obviously not a single out of them can effectively block or find all malwares/viruses/trojans/ etc. How about a combination of them? Using more than one antivirus on a system is NOT ADVISABLE and may cause COMPATIBILITY issues.
I am using avast antivirus and it runs in the background all the time. Can I additionally install any one among these: AVG Antivirus, AntiVir Personal Edition, BitDefender Free Edition, McAfee® VirusScan Plus - Special edition from AOL without having them run in the background? So that I can their scan functions only when I require. Is this possible?

[Sridhar_Rao]

There has been no reply since 4 days to my query.

Here is the update to my problem:
Lavasoft adaware, Avast antivirus, Spybot S&D, microsoft windows defender, microsoft malicious software removal tool, all of which are updated regularly have failed to detect any virus/malware/trojan etc. After obtaining free key for Ashampoo antispyware 2 guard, I updated the definitions and scanned the system.

Here is what I found:

Date & Time Infection/threat found Infection location

15.08.2008 02:36:42 Trojan-Dropper.Win32.Agent.rvv C: \ System Volume Information \ _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F} \ RP444 \ A0130672.exe
15.08.2008 02:35:34 Trojan-DDoS.Win32.Agent.bs C: \ System Volume Information \ _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F} \ RP436 \ A0129687.exe
15.08.2008 02:05:54 Worm.Win32.AutoRun.efq C: \ Program Files \ Alwil Software \ Avast4 \ DATA \ moved \ autorun.inf.vir
15.08.2008 00:45:53 Trojan-Dropper.Win32.Agent.rvv C: \ WINDOWS \ RegisteredPackages \ {3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$ \ System \ setup_wm.exe
11.08.2008 01:47:07 Trojan-DDoS.Win32.Agent.bs C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ spoolsv.exe
11.08.2008 01:01:14 Trojan-DDoS.Win32.Agent.bs C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ spoolsv.exe
11.08.2008 00:56:18 Trojan-DDoS.Win32.Agent.bs C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ spoolsv.exe
11.08.2008 00:54:36 Trojan-DDoS.Win32.Agent.bs C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ spoolsv.exe
11.08.2008 00:28:27 Trojan-DDoS.Win32.Agent.bs C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ spoolsv.exe
11.08.2008 00:26:06 Trojan-DDoS.Win32.Agent.bs C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ spoolsv.exe
11.08.2008 00:21:59 Trojan-DDoS.Win32.Agent.bs C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ spoolsv.exe
10.08.2008 21:40:29 Trace.Registry.AdClicker Key: HKEY_USERS \ S-1-5-21-619038027-3559541245-3755859725-1006 \ software \ install

Even the system restore has been affected. An infection was present in Avast folder too.

This sums up that Lavasoft adaware, Avast antivirus, Spybot S&D, microsoft windows defender, microsoft malicious software removal tool have all miserably failed in protecting my computer despite keeping them updated.

I now want to install bitdefender in addition to these existing softwares. Will its installation cause any conflicts, please reply based on your own experience.