Over 1 million tech questions and answers.

Help remove Generic.dx

Q: Help remove Generic.dx

I somehow got Generic.dx. I have tried running McAfee, but it hasn't found anything, I also tried Exterminate and I am now trying to run Hijackthis. I don't know what else to do! Every few seconds a bubble pops up saying "you have a Security problem!". I have windows vista. please help! I am saving a log for hijackthis if that helps.

RELEVANCY SCORE 200
Preferred Solution: Help remove Generic.dx

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Help remove Generic.dx

Read other 16 answers
RELEVANCY SCORE 54

Have Compaq Presario CQ56 laptop running Win7 64bit. I use Norton thru my ISP and so far so good until a few days ago! Norton popped a box saying it had detected a problem and when I expanded the box it showed 3 trojans and only 1 removed. It then began popping up a box telling me to reboot so it could make the needed fix and I did but it didn't I downloaded Housecalls and the scan found nothing. Next I tried AVG and that scan found nothing! Now I can't even get on the web or open any desktop icons.... I get a pop-up stating "There was a problem sending the command to the program" and it refuses to do anything. I can't run any of the diagnostics posted on the self help instructions above... I need HELP Please!!! Thanks,
Jan
 

A:TROJANS: Generic dxlb2rms and Generic Backdoor!1sw - NEED HELP TO REMOVE PLEASE!!!

Please don't forget this post.... I really need help! THANKS!
 

Read other 1 answers
RELEVANCY SCORE 45.6

Macafee has found the Generic.dx!bk trojan, but fails to clean the file which seems to be in c:\windows\system32\winjet32.dllAs per these instructions I have tried using SDFix. Here is the DDS log. Would appreciate any help you can give!DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 13:01:48.30 on 11/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.18 [GMT 1:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.e... Read more

A:Trying to remove Generic.dx!bk

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 3 answers
RELEVANCY SCORE 45.6

I have generic.dx trojan on my computer, windows/system32/dcomcnfg.dll. I have McAfee Virus Scan and it detects the trojan but can not remove it, every few minutes the warning continues to pop back up. I tried going into safe mode and deleting the file, but I receive an error message stating that the file is write protected. I have been reading the posts and have ran the hijackthis, I will post my log below. Please help me fix this! Thanks in advance, Stacy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:30 PM, on 12/26/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nickjr.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-... Read more

A:Please help me remove generic.dx

Hi,

Any reason you do not have SP1 on your system. One of the reason I ask is as long as you do not have updates you are going to keep having issues with spywmare/malware programs
Download ComboFix to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download.

* Double click combofix.exe and follow the prompts.
* When finished, it shall produce a log for you. Post that log and in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Download and scan with SUPERAntiSpyware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for H... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

VirsuScan keeps popping up showing Generic.dx!bh as a trojan being deleted, every 2 min or so. It is being found in folder C:\Doucuments and Settings\bcraig\Local Settings\Temp.


DDS (Ver_09-05-14.01) - NTFSx86
Run by bcraig at 16:50:00.14 on Tue 05/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.686 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\S... Read more

A:Trying to remove Generic.dx!bh

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

What entries have you removed from startup in msconfig?

------------------------------------------------------

I need to see a rootkit scan before I can help you.

Download RootRepeal.zip to your Desktop and click 'Extract all files' to extract the compressed file to it's own folder.
Double-click on RootRepeal.exe to run it.
Click on the 'Report' tab, and then click on 'Scan'.
A window opens asking what to include in the scan.
Check the following boxes then click 'OK':
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services You will then be asked which drive to scan.
Check C: (or the drive your operating system is installed on, if not C:)
Click 'OK' once again.
The tool will begin scanning and may take a while to complete, so please be patient.
When the scan finishes, click on 'Save Report'.
Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
Post the log in your next reply.
------------------------------------------------------

Please go to: VirusTotalOn the page you'll f... Read more

Read other 4 answers
RELEVANCY SCORE 45.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:23:11 PM, on 10/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Olympus\DeviceDetector\DM1Service.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\NMSSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Webroot\WebrootSecurity\SpySweeper.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\GWMDMMSG.exeC:\Program Files\Ro... Read more

A:need to remove mal/generic-a

Hello NeedsleepnowWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

Hi,
Can someone please help? I had Macfee V4.5.1 installed in my computer. I had just received that my computer is infected with Generic.dx with the infected file name: C:\Documents and Settings\Testing\Local Settings\Temporary Internet Files\Content.IE5\F7AAE53A\wssl657[1].exe. However, when I try to clean, delete, or move file to, it keep saying the
Access to file was denied. So it's still in my system and slow down my computer, can someone help or advise?
Thank you very much.
 

Read other answers
RELEVANCY SCORE 45.6

I was on my computer and then suddenly mcaffe popped up and said generic pup!hv.c . I tried to delete it but it said i couldn't. after this i runned quick scan on mcafee and still did not delete it. HELP ME PLEASE. I am using windows xps home edition.

Thanks sooooo much for your time,
Pam
 

Read other answers
RELEVANCY SCORE 44.8

PLEASE help me to remove the Generic.dx trojan

thank you
 

A:How to remove Generic.dx trojan

pls???
 

Read other 1 answers
RELEVANCY SCORE 44.8

Hi,

My computer became very slow and it is really frustrating working with it so I did an online scan by OneCare, BitDefender and McAfee.

McAfee descovered Generic.dx in a file that doesn't exists anymore (I deleted).

I already have KasperSky Internet Security 2009 which should discover such a trojan.

Anyhow below is the DDS log and attched the logs needed for analysts.

=========================================================
=========================================================
=========================================================


DDS (Ver_09-07-30.01) - NTFSx86
Run by amal at 15:08:32.37 on Tue 09/15/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1256.966.1033.18.1013.96 [GMT 3:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\s... Read more

Read other answers
RELEVANCY SCORE 44.8

my mcafee keeps catching the same virus everytime i restart the computer

FILE NAME GAOPDXRJBPJENB.DLL
ORIGINAL LOCATION C:WINDOWS\SYSTEM32
VIRUS generic PWS.y
IEMS C:WINDOWS\SYSTEM32\GAOPDXRJBPJENB.DLL

I run the anti virus it catches it i quarentine it i re-boot the visus is in the same location again. i cant update spybot or adaware for some reason. and my browser (IE) isnt running properly either. wether these probplems are related i dont know.

i can only presume the virus reloads itself somehow from a different location the anti virus cant find. please any help would be mint
many thanks PB
 

A:generic PWS.y unable to remove

Read other 6 answers
RELEVANCY SCORE 44.8

cant remove not 2 clever on computer please can u help
 

Read other answers
RELEVANCY SCORE 44.8

PLEASE PLEASE HELP. My computer is already dying as it is, but I can't afford a new one

Here is a screenshot of what I got on McAfee: http://i17.tinypic.com/63sgb38.jpg

And I already tried this: http://forums.techguy.org/security/568777-solved-i-need-help-remove.html
but I didn't have 02 BHO : ..... in my log files.

I ran HJT and this is what I got.

======================================

Logfile of HijackThis v1.99.1
Scan saved at 1:34:45 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c... Read more

A:Please help me remove the Generic.dx trojan.

Read other 7 answers
RELEVANCY SCORE 44.8

Well, got a problem here...
I am running Windows XP (SP2) and McAfee Antivirus
McAfee tells me there is a virus is infected on the following file: C:\\WINDOWS\SYSTEM32\WINDOWS
Detected as Generic.dx.
But after the restart,same problem is comin again and agian..what dhould i do now..?
i'l b so grateful for a help..plzz help

Here is the log file for the hijackthis scan..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:50 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Syn... Read more

A:trojan generic.dx.how 2 remove?

Read other 16 answers
RELEVANCY SCORE 44.8

I have comcast and their version of mcafee. It ran an automatic scan and detected 3 items. One of which is the 'Generic!Artemis'. I could not find what the other 2 were so I suppose they are registry keys from the Generic Artemis as mcafee was unable to completely remove the virus. Please help me with this issue. Below is the HJT log that was run after the failed attempt to remove by mcafee. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:42 PM, on 1/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStu... Read more

A:Generic!Artemis please help me remove it

Its been over a week with no reply, so I am bumping in hopes of help. Thank you.
 

Read other 3 answers
RELEVANCY SCORE 44.8

Scan found virus....cannot heal. I've restored but still there.
It's an exe file embedded and listed at A0023135.CPY. Any suggestions
I have windows ME, I used AVG to remove it. Thanks for any help you can give me.
 

A:Generic UGR.EXE A0023135 Can Remove

Read other 15 answers
RELEVANCY SCORE 44.8

after boot nortons anti-virus 2009 reports the virus but cannot remove it. have installed malwarebytes,superantispyware et.. ran in safe mode but all do not remove or detect generic..... tried kapersky on the net but also does not detect it. have attached combofix log file..any help would be appreciated.


Louis

xppro with sp3 fully updated................

A:cannot remove generic.packed.200

Hello and welcome to TSF.

Apologies for the long delay in response. However, please note that ComboFix is not a commercial malware removal tool.

If you?ve read the Disclaimer (which you should have) you would have seen the statement in no uncertain terms that this tool is meant for private use and should never be used in an unsupervised environment.

As such, please note that any support, be it personal or public, is not provided. Any continued use without supervision is done so at your own risk.

Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

Read other 1 answers
RELEVANCY SCORE 44.8

Hi I need help. McAfee found a Generic.dx!psw trojan and I don't know what to do. It has been quarantined. I am new to this.

Original location was in: C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP335

File name: A0042816.exe

I just ran Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:20 PM, on 3/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C... Read more

Read other answers
RELEVANCY SCORE 44.8

Hi

I was so stupid to press on a link send to me over messenger, and now i have a trojan on my computer.

I have windows xp (sp2), kaspersky internet security 6.0 with the latest signatures from 16-02-2008.

I have done a full scan of my computer twice, without finding any virus!!? After that i did a full scan with the McAfee online scanner and it found 1 infected file. It was the generic.dx trojan. The trojan hid in a Daemon Tools file and i deleted the program via add/remove programs. I am just not sure whether or not i deleted every part of the trojan.

I have read this thread which is about the same problem.
http://forums.techguy.org/malware-removal-hijackthis-logs/659257-solved-trojan-generic-dx-keeps.html

If anyone can have a look at the HJT logfile and tell me what to do now.

Thank in advance
Peter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:58, on 16-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Kas... Read more

Read other answers
RELEVANCY SCORE 44.8

I've amassed a large group of trojans the other day and McAfee is able to quarantine all but one called the "generic.dx!bmb" My computer is running quite slow and I have problems always accessing online functions. Thanks in advance! Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:11 PM, on 7/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:... Read more

A:Generic Trojan--cant remove

Read other 11 answers
RELEVANCY SCORE 44.8

A friend left his antivirus off for many months despite paying the full subs fees! Anyhow, I updated his antivirus software and removed many of the infections his pc had. Two trojans remain and cannot be removed by the anti virus software:

Generic.dx - virus software identifies this virus as infecting file powrprof.dll file in system32 folder
Generic.dx!jnd - infecting kernel32.dll also in system32 folder.

Also, the pc is starting up and running very slow. Would appreciate your skills to remove this trojan.

Please see Hijack this data below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:20, on 26/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\windows\soundman.exe
c:\windows\alcwzrd.exe
c:\progra~1\mcafee.com\person~1\mpftray.exe
c:\program files\hp\hp software update\hpwuschd2.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\quicktime\qttask.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\windows\system32\ctfmon.exe
c:\program files\microsoft activesync\wcescomm.exe
c... Read more

Read other answers
RELEVANCY SCORE 44.8

I need help I have tried everything norton said and still have this virus.
It is Packed.Generic.200........please help!
 

Read other answers
RELEVANCY SCORE 44.8

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

A:TROJ Generic.dis -Can you help remove?

Hello.Are you still there?If you are please follow the instructions in my previous post.If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.Thanks for understanding. With Regards,Extremeboy

Read other 3 answers
RELEVANCY SCORE 44.8

Hi

AVG has detected a Trojan, but can't remove it.

Can anyone please help me get rid of this?
Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:12:53, on 12/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Endian VPN Client\Endian VPN Service.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editin... Read more

A:Please help me Remove PSW.Generic8 / VBS/Generic ?????

I've downloaded Kaspersky Virus Removal Tool. I ran it 3 times. it finds loads of stuff & says it's removing them, but they're still there after re-boot & it finds the same ones again.

Mostly :

Win32.Nimnul.a
Win32.Zbot.E

Any ideas please?
Thanks!
 

Read other 2 answers
RELEVANCY SCORE 44.8

Hi again!! I ran my Norton Full System Scan and this cam up once each in two locations. My computer seems to running fine-ish. It was a bit slow, we ran AdAware and it seemed normal again. This came to my attention last night during the routine scan. I looked online and it said risk was low, First came to attention May 16, 2008. I turned off System Restore, ran update through Norton, restarted in Safe Mode, ran a full scan again and nothing showed up. We figured it was gone. Restarted the computer and ran another scan (just to make sure) and the Packed.Generic.128 was there again. Under details is lists it in anti-msopa.exe and anti-msopa_1-3.zip. I know, bad girl for even having that program. But really, the cost of MS Office is outrageous. Is there a way to delete the virus without losing that program? I didn't want to go back and System Restore prior to May 16th since I wasn't sure that wouldn't screw something else up. I've got a HJT log here that might help?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:31 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Progra... Read more

Read other answers
RELEVANCY SCORE 44.8

I am not a PC Tech-ee. I cannot get rid of this thing. I'm in this virus up to my eyeballs...Will somebody please help me?

Thanks,
nshubert
 

A:Trojan-Generic: How to Remove?

Closing duplicate.
Continue posting here: http://forums.techguy.org/security/548892-same-issue-troj-generic.html
 

Read other 1 answers
RELEVANCY SCORE 44.4

Hello, Mcafee found the trojan Generic PUP.x!bi and could not remove it completely. And it keeps comming up on subsequent scans. My computer has also been running slower than normal. Please help if you can. HJT file below. Thanks.

Tony
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:48 PM, on 10/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\... Read more

Read other answers
RELEVANCY SCORE 44.4

Hello
I was wondering if someone can help me.
I keep getting win32/vundo!generic on my virus scan.I have eTrust EZ Virus by ca. And what it is it detects the win32/vundo!generic and deletes it but it keeps coming back.
So I did a search and hats what brought me here.
Thanks
Here is my logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:44 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\File System Information\SystemFolder\PVService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\NVATray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsch... Read more

A:Help to remove win32/vundo!generic

Hello again. Is there anyone that can take a look at this and see what could be wrong. Thanks
 

Read other 1 answers
RELEVANCY SCORE 44.4

Can you help me how to remove Trojan Generic.dx. it is deleted by Mcaffe but it generate with winlogon.exe application after every 5 seconds.
 

A:How to remove Trojan virus Generic.dx

Hi there and welcome to TSG

Download HJTsetup.exe to your desktop.
Double-click HJTsetup.exe icon on your desktop to start the installation.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back to this thread and Paste the log (Ctrl+V) in your next reply.

 

Read other 1 answers
RELEVANCY SCORE 44.4

PLEASE help me to remove the Generic.dx trojan, I just run HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 02:42:41 p.m., on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.e xe
C:\Archivos de programa\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe
C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\lotus\notes\ntmulti.exe
C:\Archivos de programa\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
C:\Archivos de progra... Read more

A:Solved: I need help to remove the Generic.dx trojan

Read other 11 answers
RELEVANCY SCORE 44.4

I got a rar file from a friend that has apparently infected my pc. According to my VShield the name is Generic PWS.y!ti.It's main location from what i've learned so far is C:\lsass.exe. It keeps extensions and system files hidden, this is how i found out my infection because i do not have extensions and system files hidden normally.From a dos window i can see the file in my root. (dir /a)08/04/2004 14:00 380,928 lsass.exeWhen i'm in Windows my VShield keeps alerting me, C:\lsass.exe\000535a8.EXE cannot be cleaned. Neither can i move or delete it.Using a 3rd party program (hiddenfinder) i did Properties of the lsass.exe located in the root and it strangely enough had a Font tab. So maybe it has itself connectec to fonts too?!I searched my registry and it has 'connected' itself to userinit.exe:HLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogin C:\WINDOWS\system32\userinit.exe,c:\lsass.exeMy OS is Windows XP SP2This is my hyjackthis log and DDS log. I hope somebody can help me get rid of this bugger.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:30:10, on 10/7/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WIND... Read more

A:Cant remove virus/trojan (Generic PWS.y!ti) ?

Well after 3 days i must say i really hoped someone could help me get this virus beaten. I guess no experts have been present in the forum. I read that it normally takes 24 hours tops for a reply!

Well guys, for what it's worth, i got the virus out myself. In case somebody else gets the same virus just just Malwarebytes' Anti-Malware. It seems to work good enough to rid of the virus after a reboot.
At first i was manually deleting reg keys, (the virus kept sticking itself to userinit.exe), but it kept coming back.

Cheers.

Read other 2 answers
RELEVANCY SCORE 44.4

Hello all,

First, thanks in advance.

I have tried the four step and five step removal processes, along with others I've found here and there.

Spybot S&D finds the malware, but doesn't completely remove it. I ran the DSS scanner. It created Main.txt, but not extra.txt...please find it attached. Also included is the hijackthis log.

Any direction would be appreciated.

Jonathan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:21 PM, on 4/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sleepy\monitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Sleepy... Read more

A:Unable to remove Smitfraud-C.generic

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

=================================


Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this w... Read more

Read other 6 answers
RELEVANCY SCORE 44.4

Was infected with multiple virus, trogans and back doors
Have run McAfee antivirus, Malwarebyte's pro, Stinger, and Mcaffe says it cannot remove "generic!Artemis"
It was located in blstoolbar folder in program foler. C drive.
renamed it blstoolbar1.
the uninstall does not work and it doesn't show up in ad/remove programs list.
My computer is running much cleaner, but I wonder if I'm still infected.
Can anyone Please Help?

I'm going to College in Computer Information Systems, and have some self learned skills.

i've used your services before and would like to continue learning the art of Security and Threat removal.

Tahnk you for all your help guys.
your wonderful!!!!

Beverly

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Owner at 14:07:51.70 on Sat 02/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.156 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hps... Read more

A:Mcafee says cannot remove Generic!Artemis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

Hi, I have been experiencing some difficulties for the past 2 days... I have Bitdefender Internet security 2011. It says I have a virus with the name Trojan.Generic.3964442, Acessed by: SearchProtocolHost.exe , and Location: C:\Windows\temp\tmp00003cf4\tmp0000015f. So i scanned with Malwarebytes the latest version, assuming it would just get rid of the virus but it said there was nothing. So i manually went to the file destination and tried deleting it but would not allow me too because it was being used by another program. So i use File assassin on malwarebytes to delete it then turned off my computer for the night. I wake up this morning getting multiple pop ups as you can see in my picture.. It's really annoying and I do notice somewhat of a performance difference but overall seems okay. Just could someone help me! thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:12:15 PM, on 12/27/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Program Files (x86)\ZeroK\Micro\Micro.exe
C:\Nexon\MapleStory\MapleStory.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Mozill... Read more

A:Trojan.Generic.396442 Cannot remove

Still doing it :O
 

Read other 2 answers
RELEVANCY SCORE 44.4

I have a message that keeps popping up from McAffee that says I have a trojan virus called Generic.dx located in c:windows\system32\AppCert\wnl32.dll. MaAffee cannot quarantine nor remove it. Any ideas on how to get rid of it?

A:I Need To Remove The Trojan Virus Generic.dx

Welcome to BC cadoodle32 For a start, I suggest scanning the file in question at Jottiscan and Virustotal to rule out the possibility of a False Positive. Please post the results in your next reply.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 44.4

Hi,

This is my first time posting. I followed all the newbie steps (which helped ALOT) but I am still unable to get rid of Dialer.Generic. Norton AntiVirus (realtime protection) keeps detecting it in the following locations:

c:\windows\system32\cool.exe
Temporary Internet Files\srvlec[1].exe

It also sometimes finds a registry entry. Each time it does, Norton says it has quaranteened all the items, requiring a reboot.

I've run Spybot, AdAware, Norton AntiVirus, CWShredder, VX2 Cleaner in Safe Mode.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:58:14 AM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\Rational\SDP\6.0\RCL_Client\common\lmgrd.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\IBM\Rational\SDP\6.... Read more

A:Dialer.Generic (cool.exe) - Cannot Remove

BUMP please

Read other 2 answers
RELEVANCY SCORE 44.4

My system is XP I have McAfee and Defender. McAfee finds and deletes every time I log on to computer. Generic.dx c:\windows\tk58.exe\program file\func.js. And finds and deletes Generic.dex c:\Documents and settings\temporary files\content.IE5\ JVWWD690tk58.exe, also finds and deletes Zquest c:\program files\func.exe. Note, Found TA_start vdgrng.exe CHD003 in start menu\programs\startup\windows\system32. I have disabled system restore in File system. Rebooted many times The .Dat files are up todate. Please help. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:24 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Commo... Read more

Read other answers
RELEVANCY SCORE 44.4

Help
I have been trying to remove this virus for two days and still it is showin up.

It first started out with the securitytool virus and would not let me se the desktop nor open anything.

I was able to find that and remove it. I then turnred off system restore and tried several times to remove the PACked. Generic.254 virus, but it is still not coming off. I tried to download spybot and malwarebytes, but it doesn't install or open properly.

Please help. I work at a healthcare industry and I need this pc clean, before it spreads.

(((I HAD PLACE THIS I ANOTHER AREA, HOWEVER I WAS GETTING VIEWS BUT NO REPLYS))) I MUST HAVE PLACED IN THE WRONG FORUM PREVIOUSLY

A:Can't remove PACKED.GENERIC.254 VIRUS

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr================================================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press an... Read more

Read other 5 answers
RELEVANCY SCORE 44.4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:22 AM, on 8/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explo... Read more

Read other answers
RELEVANCY SCORE 44.4

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP871\A0315177.exe=](Instyler o)=](Instyler Module 2)
After bitdefender scan, it could not remove this malware.
Please provide info on how to remove this malware.

The following is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:22 PM, on 4/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Seema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Seema\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seema\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seema\Desktop\HiJackThis.exe

R1 - HKLM... Read more

A:How to remove: Application.Generic.25021

?help anyone?
 

Read other 1 answers
RELEVANCY SCORE 44.4

Hi.
I have run avg free and it detects that i have a trojan horse virus however it does not allow me to remove the file saying access denied. Would be really grateful if anyone can help me.
Thanks
Emily

AVG scan result
"Object name";"C:\Windows\Temp\ppbr.tmp\svchost.exe"
"Detection name";"Trojan horse Generic15.CFJX"
"Object type";"file"
"SDK Type";"Core"
"Result";"Infected"
"Action history";"Moved to Virus vault"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:37, on 07/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\b... Read more

A:Can't remove trojan Generic 15.CFJX

Read other 16 answers
RELEVANCY SCORE 44.4

Trying to open more than one IE window will cause my PC to freeze up. Certain web pages will not open. My anti-virus AVG found avirus I 'm unable to delete, I have Windows XP but no access to a Windows Install disc, or a Boot CD. I have attempted deleting virus using online virus software without success.

The following is from AVG virus found:
C:\system volume information\microsoft\smss.exe
Trojan Horse Generic 18.RUJ detected open
Process name:C\windows\system32\winlogin.exe
Process ID:608



DDS (Ver_10-03-17.01) - NTFSx86
Run by Steven at 18:38:27.35 on Sun 07/04/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1229 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wirele... Read more

A:Remove Trojan Generic Horse

Welcome to TSF :)

What is the location of the virus AVG keeps detecting?

Read other 19 answers
RELEVANCY SCORE 44

McAfee can't clean something called Generic Artemis on my computer. Please help me remove this malware/virus.
 

Read other answers
RELEVANCY SCORE 44

Hi guys,

I got a virus on my computer yesterday. It popped up something like "XP Deluxe Anti Virus" all over my screen, pretending to be a security program. After downloading/installing Malwarebytes through a bunch of hoops, I was able to get rid of all the pop ups and programs that seem to be starting up by themselves. When I ran a full scan with Malwarebytes, it only detects 1 object, vendor "Trojan.Agent" and for Items field it gives the path C:\WINDOWS\system32\uacinit.dll

When I select it to be removed, it says it can't be removed and will be deleted on reboot, and of course that never happens.

I had Norton Internet Security installed prior to yesterday, and now I get a message from it periodically saying "Packed.Generic.200 Remove Failed". I have instaleld Avast! scanner, and it did it's thing on startup, said it located 1 file to be removed, I deleted it, and it still shows up in Malwarebytes.

Here is my Malwarebytes log:

Malwarebytes' Anti-Malware 1.37
Database version: 2232
Windows 5.1.2600 Service Pack 2

6/6/2009 12:48:40 AM
mbam-log-2009-06-06 (00-48-38).txt

Scan type: Full Scan (C:\|D:\|P:\|X:\|)
Objects scanned: 627033
Time elapsed: 1 hour(s), 30 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious ... Read more

A:uacinit.dll / packed.generic.200 remove failed

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 2 answers
RELEVANCY SCORE 44

I have had this problem for a week now. I have a Mcafee software installed by the way. Before this happened, my lil brother accidentally approved the prompt from mcafee if you will "allow change" (something like that) for the computer. he was downloading an mp3 converter so without reading the details he just pressed allow. So the Generic!Artemis was added on the "trusted" list. 2 days later while using the PC i noticed the mouse pointer would always go haywire after every 3mins opening windows clicking on items on the computer without me moving it. I figured it was a virus because i had a trojan on my pc before (had it fixed and did a reformat) and it was the same symptom. so i checked my Mcafee log and saw the Generic!Artemis allow change that happened. I quickly removed it from the trusted list and did a scan. It came up with zero viruses/malware etc. found. Still, the mouse pointer was doing the same thing. so i asked for help at the Mcafee tech support. they wanted me to pay for help. i went to their forums and found a lot of posts recently about this problem. They had a basic procedure. download malwarebytes and scan the pc. So i did.After almost 3 hours it has removed one file with a trojan. here is the log:Malwarebytes' Anti-Malware 1.34Database version: 1765Windows 5.1.2600 Service Pack 22/16/2009 11:07:31 PMmbam-log-2009-02-16 (23-07-31).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 167987Time elapsed: 2 hour(s), 15 minute(... Read more

A:Cannot remove Generic!Artemis (hijack log inside)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 44

Hi, I'm having a terrible time trying to remove the Virus Virtumonde or Vundo. Everytime I run a system scan with Spybot Search and Destroy, it pulls it up. I select delete and I restart my computer. When I come back and run another scan, Virtumonde.generic and other virtumonde virus are still on my computer. I recently install HJT and did a system scan. This is the log from my scan:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:44:41 PM, on 2/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Fil... Read more

A:How Do I Remove Virtumonde.generic Virus...it Won't Delete!

Hello latique18Welcome to Bleeping Computer I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 2 answers