Jump to content

VSSVC.exe infection


Rydhme
 Share

Recommended Posts

Hi, i have ran my first 2 scan with EEK and another scan with FRST. At the first (full) scan with EEK, one of its result surprise me :


C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe detected: Trojan.Injector.BMZ (B)


I try to click Quarantine selected (with the other detection selected), and i got a BlueScreen. I think the other result wasn't the cause. My Laptop rebooted in safe mode, and i rebooted it again in normal mode. Then, I run the 2nd scan (only C:\Users\user\) with EEK and it detects VSSVC.exe again in the same location. This time, i click the "delete selected" (with the other detection selected), and i got a BlueScreen again. I googling for the file and found FRST, tried to scan with it once. I dont know what to do, is it safe to remove the file ? I attached the 2nd EEK scan log too.


 


Any help would be appreciated.


 


scan_150724-112148.txt scan_150724-123240.txt FRST.txt Addition.txt


Link to comment
Share on other sites

Hello, Rydhme

Welcome to the Emsisoft Support Forum. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.

    Click Start, open My Computer, select the Tools menu and click Folder Options.

    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

    Uncheck: Hide file extensions for known file types

    Uncheck the Hide protected operating system files (recommended) option.

    Click Yes to confirm.

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Link to comment
Share on other sites

Hi Tom, Thanks for the help !

I didn't post in another forums and i will follow your instruction. I think i didn't make any significant changes to my system after posting here. I remember that i only browsing the net and 'shred' a large file (unneeded, a rar archive contains a game file) with a file shredder. I have followed your instruction to set my system to show all files. And, about AdwCleaner, after the scan finished and i click clean, it warns me to close all programs and then clik 'ok'. After i click 'ok' button, suddenly i got a BlueScreen, once again. I ran AdwCleaner in my Download folder, not my desktop, is it ok ?(i didn't notice "onto your desktop"). "Windows was shutdown to prevent damage ..." i remember that message showed when the BlueScreen occured. I rebooted it in safe mode, rebooted again in normal mode. Then, i found the AdwCleaner logfile. I also attach the BlueScreen error report (copied to and saved by notepad).

 

AdwCleanerR0.txt  BlueScreen.txt

Link to comment
Share on other sites

Due to the lack of time i had, today is the last holiday, tomorrow i'll back to school and maybe i won't have any time to fix this, and i need my laptop for studying.
 
I will try the solutions from http://www.solvusoft.com/en/files/error-virus-removal/exe/windows/microsoft/msdn-disc-2439-8/vssvc-exe/ to fix this. Anyway, thanks for the help and the advice !

Link to comment
Share on other sites

It's gone ! The file VSSVC.exe has finally gone. I think i've disinfected my pc now. The steps i remember used was :

 

Firstly, i clean the junk using command cleanmgr in cmd

Next, i check file system using command sfc /scannow in cmd. There was no error found.

Lastly, i update windows defender, full scan with it, and finally windows defender detected and remove the VSSVC.exe without having a Bluescreen !

 

After reboot, i open the directory to check the file and it's gone of my view. To ensure, i scanned it using EEK (only at C:\Users\user\) and it didn't detect VSSVC.exe again.

Link to comment
Share on other sites

Thank you for your feedback.

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...