Wiaservg.log malware.trace infection

greenr18 · 11-03-2009, 09:51 AM

Alrighty, clicking fast on a website with out thinking followed by an unexpected pop up that got clicked lead to me getting like 400 viruses, spyware programs, malware, etc etc etc on my desktop. I ran malwarebytes and eset in regular windows mode detected and removed a bunch reset into safe, same thing, reset and scanned again only thing keeps coming up is wiaservg.log as malware.trace for vendor (mind you this is G not C, i believe C is more common from what ive read but like i said, its G) both say they remove it but it keeps coming back. the file itself is a 0kb and when opened its an empty notepad file. very strange in that when not in safemode malware bytes and eset cannot detect it. i refuse to rehook the ethernet into my desktop until it is cleansed. im on my laptop. id like to avoid a rebuild if possible, at the very least get my Fallout 3 save files off of it with out infecting other computers. im afraid if i hook the internet back into it itll download more crap. anyone got a solution? Dr. Delete deleted it fine, a program that deletes files in use, it keeps coming back as infected.

tetonbob · 11-03-2009, 10:55 AM

Hello -

Seems like a marker for BREDOLAB infection. There's usually a startup associated with this pest as well. There can be many variants of any pest, and without getting it all, the whole cycle starts over again.

Please note, about BREDOLAB

http://www.threatexpert.com/report.a...43686726082d4a

Quote:

A malicious backdoor trojan that runs in the background and allows remote access to the compromised system

Quote:

Bredolab, a trojan horse that downloads and executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (e.g. if it detects it is running under ThreatExpert, it might quit).

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

===========================

As stated at the top of this forum:

Quote:

This forum is not for malware removal assistance. For malware removal assistance, read the sticky topic at the top of the Virus/Trojan/Spyware Help forum, or the "First Steps" link at the top right of each page.

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs.

Please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

11-03-2009, 09:51 AM	#1 (permalink)
greenr18 Registered User Join Date: Apr 2005 Location: VT Posts: 21 OS: Windows XP SP2	Wiaservg.log malware.trace infection Alrighty, clicking fast on a website with out thinking followed by an unexpected pop up that got clicked lead to me getting like 400 viruses, spyware programs, malware, etc etc etc on my desktop. I ran malwarebytes and eset in regular windows mode detected and removed a bunch reset into safe, same thing, reset and scanned again only thing keeps coming up is wiaservg.log as malware.trace for vendor (mind you this is G not C, i believe C is more common from what ive read but like i said, its G) both say they remove it but it keeps coming back. the file itself is a 0kb and when opened its an empty notepad file. very strange in that when not in safemode malware bytes and eset cannot detect it. i refuse to rehook the ethernet into my desktop until it is cleansed. im on my laptop. id like to avoid a rebuild if possible, at the very least get my Fallout 3 save files off of it with out infecting other computers. im afraid if i hook the internet back into it itll download more crap. anyone got a solution? Dr. Delete deleted it fine, a program that deletes files in use, it keeps coming back as infected. Last edited by greenr18; 11-03-2009 at 10:05 AM.