Hi there,

I'm a newbie here at BitDefender.

Bought the whole package today to deal with a massive attack on my pc. That's what happens when you use freeware......but I digress.

I have cleaned up all of the problems, except for the Trojan.Inject.IA and as such subsequently the "No action was possible" message appears.

It is driving me insane! I've been going through all the file folders to see if I can detect anything for a manual deletion, but to no avail!

Please help!

Jan

I have been looking in the forums, but have found nothing.

Is there not one person that can help??????

A few extra info would be very helpful, like the location of the trojan. A scanning log would also be appreciated.

Well it's stuck in some win32 cache (something to do with 'memory dump'), and I'm using another to pc to deny it access to the net.

I will do my best to get a scan log.

Here it is:

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : No
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 1436132
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
Archive plugins : 43
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 1881
Infected items : 2
Suspicious items : 0
Resolved items : 0
Individual viruses found : 1
Scanned directories : 611
Scanned boot sectors : 0
Scanned archives : 1
Input-output errors : 0
Scan time : 00:00:01:34
Files per second : 16


Scanned processes summaryScanned : 32
Infected : 0


Scanned registry keys summaryScanned : 319
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0


Remaining issues:Object Name Threat Name Final Status
[System] Trojan.Inject.IA No action was possible
[System] Trojan.Inject.IA No action was possible


Resolved issues:Object Name Threat Name Final Status


Objects that were not scanned:Object Name Reason Final Status

Quoting the link at Bitdefender:

"What to do in case of unresolved items
Issue:
When performing a scan with BitDefender, in certain occasions Unresolved Items may be displayed in the Results Summary window. This may occur in one of the situations presented below.


Solution:


There are infected or suspect files included in the target scan for which BitDefender is not set to take any action.
Solution: Scan again the location where the files were detected and set the desired actions (Disinfect files, Delete files, Move to Quarantine)

All the possible actions fail when scanning certain files. These types of files are:
a. Archives or packed applications which cannot be repacked by BitDefender.
Solution: The archives or packed applications which are containing the infected files have to be deleted manually

b. Files which are surpassing the limit size set for the Quarantine.
Solution: Empty the Quarantine and scan again the location where the infected files were detected.

c. Email archives which cannot be repacked by BitDefender.
Solution: Manually delete the e-mails detected by BitDefender. BitDefender provides detailed information on the e-mail which contains an infected attachment. The following information is available: Subject, Date, name of the infected attachment."


Which is completely useless, thank you!

The actual infected area is:

Windows\system32\svhost.exe(memory dump)
Windows\system32\svhost.exe(full dump)

This has been very distasteful!

I've attach an archive with a beta product of ours called AVIS. Please run it and use it as follows:

* Go to General tab
* Use Submit a file button
* Click Add and select the file C:\Windows\system32\svhost.exe
* Click on dissinfectable
* Click on submit to and put on the text box "MCU"
* Click submit

On the System Info tab
* Click Create Log

After the log is created the archive with the log will be put on your desktop. Please submit that too attaching the archive on a reply post here in the forum.

Since regular users won`t be able to download it from here, I attched AVIS here.

Regards.

Ok thank you, I will get back to you when done!

Having problems with the log, says it is passworded.

But now I have seen why, I think!

It's ok now.

Ok here we go......

Did a scan with the AVIS program and it is picking stuff up that the Total Security does not!

Does not good!

AVIS shouldn't be used for scanning files. It contains some heuristic routines that sometimes can generate false alarms. Please use AVIS only for cleaning or logging purposes.

From the attached log, i see these suspicious files:

C:\WINDOWS\msauc.exe
C:\WINDOWS\system32\Drivers\Iap44.sys (this is probably the source of the Trojan.Inject.IA infection. It is injected in the "svchost.exe" process and therefore cannot be disinfected. Try to copy the file to another location using GMER or Windows Recovery Console)

Then, try to archive the files and attached them to a post here.

Ok so it is not a happy camper situation then...........

What is the GMER (excuse my ignorance) and if using the recovery console how shall I trap the files?

Thanks

I would really appreciate a complete reference to what I should to do get rid of this.

It is frustrating to have bought this product and it cant actually do anything to help me!

Read this: http://forum.bitdefender.com/index.php?showtopic=1054

Use the instructions to move (and rename) the file(s) to another location. After that, reboot normally, pack the files (in a password protected archive) and attach the archive to your next post.

Cris.

Unfortunately the keyboard does not allow me to boot from the CD when required, the ms-dos prompt in Windows does not let me format C:.
This has to be the most messed up PC infection I've seen in a long time, so new hardisk it is!

Thanks for the help anyway.

Hello JanDaMan,

Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.

Kind regards,
Niels

My boss has the same problem on his computer at work, and since I'm the geek-in-residence, I've been following the thread and attached the avis file. Are there any updates to this trojan, since this thread started 2-3 weeks ago? Any help would be appreciated.

Hi there!

I found the same infection in our friends' PC. They called me to help them a bit, since their PC stopped responding. I've run an online scan with BD since I consider it to be the best AV tool out there.
It found the same trojan discussed in this topic. I've tried deleting it, renaming it, changing the .dll into .mov and then I tried to archive it with Winrar and deleting it, but no chance. It doesn't work...
Here's the report created by AVIS. I've already submitted the file to MCU.
Thanks for your help.
A.

I can't seem to find a way to upload the file... :S

OK, this should be it. Apparently the reason for not being able to upload was the new IE8

Thanks again and waiting for your help or suggestions.
A.