A couple of days ago I started getting messages from Mcafee Total Protection that my computer was in danger from a virus. It recommended a restart, which i did. However every time i use my laptop the message returns.
I completed a full scan both in normal and safe mode and yet the warnings persist.
The scan/alerts point to files such as windows/assembly/gac/desktop.ini amongst others which I cant find and the alert says that Mcafee cant delete the files/trojan whilst files are in use.
I'm getting a bit stuck and wondered if there was a solution?
When you have completed the recomendations and if you still have an issue you may want to try to run the free version of Malwarebytes found at www.malwarebytes.org You may need to download this to a usb stick and rename the download and installations files as sometimes malware self protects itself and by renaming of the files the malware will allow the installation to proceed. When you have installed the program check for the lates update and run the scan and let it clean everything that it finds and reboot the computer.
Let us know if this works for you and good luck.
I tried both SAFE boot, then scan and also McAfee Stinger. Neither showed anything but strangely the trojan alert has stopped and so far no more Droppers have appeared in the quarantined area. They were appearing every couple of minutes.
Not quite sure what happened but problem has not occured for nearly two days.
System Restore to before all this happened could also be an option if it returns.
As a precaution I would post a Hijackthis (or DDS) scan log on one of the specilist forums listed on that document near the bottom (along with the download links).
They might spot something that needs attention.
Was the trojan problem fixed for good? I have the same one, same location: windows/assembly/gac/desktop.ini
McAfee is can't delete, tried safe mode scane and stinger but also couldn't delete, might try system restore. Please let me know if what you did worked!!
The presence of that file in that location is a sure sign you've been infected with ZeroAccess - a widespread rootkit. There may be other infections as well. ZeroAccess interferes with the working of anti-virus programs so you need to try a few things to get rid of it.
Stinger works on many variants of ZeroAccess but not all. It's always worth downloading the latest version and running it to see if it gets rid of the infection; if it doesn't try the following -
If the thing still persists you may need specialist help from one of the malware-removal forums (see Ex_Brit's list at the end of this document). They have an extensive collection of anti-malware tools and can interpret the output better than I can (they certainly get more practice).
Thanks for the help. Downloaded and ran Rootkit Remover and TDSSKiller but they found nothing. Then tried Malwarebytes again it also found nothing this time although it had deleted several trojans the night before just not desktop.ini. Tried Stinger again and it detected and deleted the desktop.ini trojan!! Not sure why it worked this time but not the day before because I had not updated it since the time I used it the last time. Anyway it worked somehow and just to confirm ran McAfee scan again and it didn't pick up anything.