Jump to content


Photo

Trojan.inject.ia No Action Was Possible...........


  • Please log in to reply
23 replies to this topic

#1 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 10 August 2008 - 12:31 AM

Hi there,

I'm a newbie here at BitDefender.

Bought the whole package today to deal with a massive attack on my pc. That's what happens when you use freeware......but I digress.

I have cleaned up all of the problems, except for the Trojan.Inject.IA and as such subsequently the "No action was possible" message appears.

It is driving me insane! I've been going through all the file folders to see if I can detect anything for a manual deletion, but to no avail!

Please help!

Jan

#2 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 10 August 2008 - 06:29 PM

I have been looking in the forums, but have found nothing.

Is there not one person that can help??????



#3 AndreiASM

AndreiASM

    Virus Researcher

  • Bitdefender Labs
  • PipPipPip
  • 913 posts
  • Gender:Male
  • Location:Satu Mare, Romania
  • Interests:C/C++/C#, Java, Assembler, Delphi, VB, Art Caffe, football, music, etc.

Posted 10 August 2008 - 07:05 PM

A few extra info would be very helpful, like the location of the trojan. A scanning log would also be appreciated.

#4 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 10 August 2008 - 08:43 PM

Well it's stuck in some win32 cache (something to do with 'memory dump'), and I'm using another to pc to deny it access to the net.

I will do my best to get a scan log.

Edited by JanDaMan, 10 August 2008 - 08:45 PM.


#5 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 10 August 2008 - 09:00 PM

Here it is:

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : No
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 1436132
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
Archive plugins : 43
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 1881
Infected items : 2
Suspicious items : 0
Resolved items : 0
Individual viruses found : 1
Scanned directories : 611
Scanned boot sectors : 0
Scanned archives : 1
Input-output errors : 0
Scan time : 00:00:01:34
Files per second : 16


Scanned processes summaryScanned : 32
Infected : 0


Scanned registry keys summaryScanned : 319
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0


Remaining issues:Object Name Threat Name Final Status
[System] Trojan.Inject.IA No action was possible
[System] Trojan.Inject.IA No action was possible


Resolved issues:Object Name Threat Name Final Status


Objects that were not scanned:Object Name Reason Final Status


#6 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 10 August 2008 - 09:01 PM

Quoting the link at Bitdefender:

"What to do in case of unresolved items
Issue:
When performing a scan with BitDefender, in certain occasions Unresolved Items may be displayed in the Results Summary window. This may occur in one of the situations presented below.


Solution:


There are infected or suspect files included in the target scan for which BitDefender is not set to take any action.
Solution: Scan again the location where the files were detected and set the desired actions (Disinfect files, Delete files, Move to Quarantine)

All the possible actions fail when scanning certain files. These types of files are:
a. Archives or packed applications which cannot be repacked by BitDefender.
Solution: The archives or packed applications which are containing the infected files have to be deleted manually

b. Files which are surpassing the limit size set for the Quarantine.
Solution: Empty the Quarantine and scan again the location where the infected files were detected.

c. Email archives which cannot be repacked by BitDefender.
Solution: Manually delete the e-mails detected by BitDefender. BitDefender provides detailed information on the e-mail which contains an infected attachment. The following information is available: Subject, Date, name of the infected attachment."


Which is completely useless, thank you!


#7 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 10 August 2008 - 09:06 PM

The actual infected area is:

Windows\system32\svhost.exe(memory dump)
Windows\system32\svhost.exe(full dump)

This has been very distasteful!

Edited by JanDaMan, 10 August 2008 - 09:07 PM.


#8 Mihai CIMPOESU

Mihai CIMPOESU

    Virus Researcher

  • Members
  • 9 posts
  • Gender:Male
  • Location:Iasi

Posted 11 August 2008 - 02:42 PM

QUOTE (JanDaMan @ Aug 10 2008, 10:06 PM) <{POST_SNAPBACK}>
The actual infected area is:

Windows\system32\svhost.exe(memory dump)
Windows\system32\svhost.exe(full dump)

This has been very distasteful!



I've attach an archive with a beta product of ours called AVIS. Please run it and use it as follows:

* Go to General tab
* Use Submit a file button
* Click Add and select the file C:\Windows\system32\svhost.exe
* Click on dissinfectable
* Click on submit to and put on the text box "MCU"
* Click submit

On the System Info tab
* Click Create Log

After the log is created the archive with the log will be put on your desktop. Please submit that too attaching the archive on a reply post here in the forum.

Attached Files



#9 AndreiASM

AndreiASM

    Virus Researcher

  • Bitdefender Labs
  • PipPipPip
  • 913 posts
  • Gender:Male
  • Location:Satu Mare, Romania
  • Interests:C/C++/C#, Java, Assembler, Delphi, VB, Art Caffe, football, music, etc.

Posted 11 August 2008 - 04:08 PM

Since regular users won`t be able to download it from here, I attched AVIS here.

Regards.

#10 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 11 August 2008 - 06:32 PM

Ok thank you, I will get back to you when done!

ph34r.gif

#11 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 11 August 2008 - 07:11 PM

Having problems with the log, says it is passworded.

But now I have seen why, I think!

Edited by JanDaMan, 11 August 2008 - 07:21 PM.


#12 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 11 August 2008 - 07:16 PM

It's ok now.

Edited by JanDaMan, 11 August 2008 - 07:21 PM.


#13 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 11 August 2008 - 07:20 PM

Ok here we go......

smile.gif

Attached Files



#14 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 11 August 2008 - 08:49 PM

Did a scan with the AVIS program and it is picking stuff up that the Total Security does not!

Does not good! huh.gif

#15 danton

danton

    Virus Researcher

  • Regular Bitdefender Poster
  • 39 posts

Posted 12 August 2008 - 09:55 AM

QUOTE (JanDaMan @ Aug 11 2008, 09:49 PM) <{POST_SNAPBACK}>
Did a scan with the AVIS program and it is picking stuff up that the Total Security does not!

Does not good! huh.gif

AVIS shouldn't be used for scanning files. It contains some heuristic routines that sometimes can generate false alarms. Please use AVIS only for cleaning or logging purposes.

From the attached log, i see these suspicious files:

C:\WINDOWS\msauc.exe
C:\WINDOWS\system32\Drivers\Iap44.sys (this is probably the source of the Trojan.Inject.IA infection. It is injected in the "svchost.exe" process and therefore cannot be disinfected. Try to copy the file to another location using GMER or Windows Recovery Console)

Then, try to archive the files and attached them to a post here.

#16 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 12 August 2008 - 05:36 PM

QUOTE (danton @ Aug 12 2008, 08:55 AM) <{POST_SNAPBACK}>
AVIS shouldn't be used for scanning files. It contains some heuristic routines that sometimes can generate false alarms. Please use AVIS only for cleaning or logging purposes.

From the attached log, i see these suspicious files:

C:\WINDOWS\msauc.exe
C:\WINDOWS\system32\Drivers\Iap44.sys (this is probably the source of the Trojan.Inject.IA infection. It is injected in the "svchost.exe" process and therefore cannot be disinfected. Try to copy the file to another location using GMER or Windows Recovery Console)

Then, try to archive the files and attached them to a post here.


Ok so it is not a happy camper situation then...........

What is the GMER (excuse my ignorance) and if using the recovery console how shall I trap the files?

Thanks

#17 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 12 August 2008 - 09:40 PM

I would really appreciate a complete reference to what I should to do get rid of this.

It is frustrating to have bought this product and it cant actually do anything to help me!



#18 Cris

Cris

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,360 posts
  • Gender:Male
  • Location:Galați/Iași, România
  • Interests:- Programming and scripting (C/C++, ASM, Java, Haskell, a little PHP, JS and XSL for the moment...hope for more)<br />- Biking trips

Posted 12 August 2008 - 10:08 PM

Read this: http://forum.bitdefe...?showtopic=1054

Use the instructions to move (and rename) the file(s) to another location. After that, reboot normally, pack the files (in a password protected archive) and attach the archive to your next post.

Cris.

#19 JanDaMan

JanDaMan

    Newbie

  • Members
  • 14 posts

Posted 13 August 2008 - 04:31 AM

Unfortunately the keyboard does not allow me to boot from the CD when required, the ms-dos prompt in Windows does not let me format C:.
This has to be the most messed up PC infection I've seen in a long time, so new hardisk it is!

Thanks for the help anyway.

Edited by JanDaMan, 13 August 2008 - 04:31 AM.


#20 Niels

Niels

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,353 posts
  • Gender:Male
  • Location:Belgium
  • Interests:watching horror movies , PC and security , moutainbiking

Posted 13 August 2008 - 09:26 PM

Hello JanDaMan,

Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.

Kind regards,
Niels




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users