TR/Click.Cycler.ajsi.2

  Juba. 23:59 12 Jun 10
Locked

I just done a virus scan on my PC using Avira and the following trojan is showing TR/Click.Cycler.ajsi.2 . Avira can not delete it, it say it was moved to quarantine but everytime I log on its back. I have tried to clear temp files but it still comes back

I can't get into the System Volume Information\Microsoft\smss.exe' folder even though I am logged in as admin,

I have tried mailwarebytes, spybot, c cleaner and several others and still can not shift the dam thing. Below is part of the Avira log, these are the only parts infected. Does anyone know how I can get ride of it. Something that works, I have been trying to fix it for days. I have also used HIJACK This, but no luck there

Scan process 'smss.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\System Volume Information\Microsoft\smss.exe'
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\System Volume Information\Microsoft\services.exe'
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'smss.exe' has been terminated
Process 'services.exe' has been terminated
Catched Exception in SCAN_ProcessList
ACCESS_VIOLATION
EAX = 00000000 EBX = 00000000
ECX = 000001D8 EDX = 00469224
ESI = 00469214 EDI = 00000000
EIP = 7C91B21A EBP = 01F8FD3C
ESP = 01F8FCC8 Flg = 00010246
CS = 00000023 SS = 0000001B

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\Microsoft\services.exe
[DETECTION] Is the TR/Click.Cycler.ajsi.2 Trojan
C:\System Volume Information\Microsoft\smss.exe
[DETECTION] Is the TR/Click.Cycler.ajsi.2 Trojan
Begin scan in 'D:\'

Beginning disinfection:
C:\System Volume Information\Microsoft\services.exe
[DETECTION] Is the TR/Click.Cycler.ajsi.2 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4c860e63.qua'!
C:\System Volume Information\Microsoft\smss.exe
[DETECTION] Is the TR/Click.Cycler.ajsi.2 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4f3d2d2d.qua'!


End of the scan: 12 June 2010 23:45
Used time: 2:51:56 Hour(s)

The scan has been done completely.

16310 Scanned directories
690544 Files were scanned
5 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
690537 Files not concerned
4965 Archives were scanned
5 Warnings
4 Notes
57880 Objects were scanned with rootkit scan
0 Hidden objects were found

Cheers

  rdave13 00:17 13 Jun 10

Try running your AV in safe mode. If it clears it then disable system restore. Reboot to normal mode then check all is well. Enable sys restore.
If you think Avire Av is not for you then check a search engine for others.

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

Where HTML5 is headed next

MacBook Pro v Surface Pro 5