Deleting the undeletable and more

 

When I got everything turned on my AVG lit up. I proceeded to clean out several trojan hores (various forms of generic3, generic2, dialer.dam and dialer.28.F). There was and still is one that I can't get rid of. No matter what I do I can't seem to access it. I've renaimed it and the warning does't pop up any more but it is still there. I've tried movefile, CCleaner, working from safemode, and dos (changing the attributes). It's residing in the system32 folder. It was Kodaksync.exe but I renamed it to Kodakthreat.txt which seemed to satisfy AVG Resident Shield (it never showed up in the anti-virus scans though it is listed as unopenable it the Nod32 scans - but not as a virus).

 

There is/was another C:\:teQxp.exe (Trojan horse Generic.XDJ) that I couldn't see with any program (also set off the Resident Shield alarm only) that I may have taken care of with movefile "" but I can't be sure since I've never been able to see it. I'm open to suggestions you have for getting rid of and double checking that it has been deleated.

 

Since I was pretty sure that I wouldn't get off so easily I've run AVG anti-rootkit and Rootkitreveal, taken snapshotes with autorun and hijackthis, and tried looking at the system with program explorer. Unfortunately my ability to interpret what I've been looking at is extremely limited but it does seem that there are some odd files still living quite happily in their little nooks and crannies. Again, any suggestions for next steps are most welcome.

 

Thank you

Sorry for the repeat, I will give them a try. I think I reached to point of saying HELP!

I have to admit I'm a bit overwhelmed by a) the number of viruses I've read about but more importantantly b) by the number of tools out there that. Is there a catagorized listing of anti-malware tools out there in cyberspace? Like many other newbies to the anti-malware world who end up posting, I've already followed the advice I've seen in other posts from various forums, used I think 17 or 18 different tools (AV, rootkit, removal tools, monitoring tools, etc), run many of the tools multiple times, still have an infection that I know about, and there one or two other files that I can't confirm if they are a problem or not.

I will finish this by saying that I do GREATLY appreciate you're (in the royal sense) willingness to read these threads from people like myself who are struggling with the unknown and to provide useful advice. So... thanks.

Peral00

Thanks for the  moral support Karl. After days of working on this it comes in useful.

 

Hi, the file C:\:teQxp.exe is a ads(alternative data streams) Your pc is infected with gromozon(aka linkoptmizer) rootkit.

 

Good catch lucass, grazie e buon 25 aprile.

You've just confirmed what I also just learned from EP_XOFF in the Rootkit Revealer log thread except there the culprit showed up as c:\windows\system32\com6.eaz.

Because certain level of redundancy seems to be called for in these matters I'll repeat what I said in the other post.... I'm off to try and kill the beast. If I don't return by tomorrow please call my mom.

Peral00

I ran the Symantec tool and according to Unhooker and Rootkit Revealer the com6.eaz problem seems to be taken care of but C:/:teQxp.exe is still there according to Ice Sword.

 

Intel wrote back and said it isn't their file. It seems I mis-read the description in the Win32 Services, it actually states the the file
"Manages the event trace messages for all the components of Intel(R) PROset/Wireless software"

 

I've come to the realization that it isn't clear to me from Lucass' post if the file was utilized/infected by gromozon or was actually added by the rootkit and needs to be eliminated. Thoughts? An aside, if I need to delete it I'm not sure how to since the only place it shows up in Ice Sword I only have the choice to stop, run the process automatically, manually, or disable - I've disabled it for the time being.

 

Peral00