TechSpot

Downloader.Generic2.MUZ

By Milan
Dec 25, 2006
  1. AVG Anti-Virus is telling me that I have a Downloader.Generic2.MUZ Trojan every time I start up Windows. (I Run a Windows XP Professional). Anyways I can never completely get rid of this. I tried right clicking the file (called !update.exe) It was in my Temp files, just so I could maybe open it with notepad and delete the contents inside, but no go, it doesn't let you right click it. I noticed a problem with my Madden 07 copy as well, I have had it since release on the PC and just a couple of days ago (When this problem started to occur) there is lag to the point of it being unplayable. I downloaded FRAPS (A video Game Video capturing software) a few days ago, opened it but it wouldn't open, I'm assuming it's some sort of hidden proccess. That's when Madden started to lag. I'm running Firefox, and have uninstalled IE.

    Well anyways, here's my HijackThis log:




    ______________________________________________________________

    Is there anything you guys can do to help? Thanks.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I have moved your thread to the correct forum.

    Your system is infected with some real nasties.

    First, go and read this thread HERE and decide what it is you want to do.

    If you decide, you want to have your system cleaned, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Milan

    Milan TS Rookie Topic Starter

    The HouseCall Trendmicro virus scan won't work for me, it says that it hasn't done something with native binding. Can I not just Scan My PC With AVG?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Skip the Houscall and follow the rest of the instructions.

    Regards Howard :)

    This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Milan

    Milan TS Rookie Topic Starter

    Well all the things just finished, I forgot to do the anti-spyware log. As I'm typing this AVG Still detected that virus that I was talking about. AVG Anti-spyware caught about 39 malicious items including around 3-4 trojans.
    Here's my most recent hijackthis log
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go back to the instructions and place the analyze.exe file in it`s own directory as instructed. Post a fresh HJT log as per the instructions for attachments.

    Regards Howard :)

    This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Milan

    Milan TS Rookie Topic Starter

    It is in it's own directory C:\Documents and Settings\Owner\Desktop\Analyze

    Thanks again for the help.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    lfklown.exe
    ohycfpm.exe
    jintwhg.exe
    ?explore.exe<Not to be confused with explorer.exe or iexplore.exe which are a legit files. the question mark can be any random letter/number etc.

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R3 - URLSearchHook: (no name) - {96856BBA-F875-AD87-7077-FB1A09BB5894} - C:\WINDOWS\system32\bwlap.dll (file missing)

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: (no name) - {96856BBA-F875-AD87-7077-FB1A09BB5894} - C:\WINDOWS\system32\bwlap.dll (file missing)

    O4 - HKCU\..\Run: [Ukvuemp] C:\WINDOWS\?ystem32\?explore.exe

    O4 - HKCU\..\Run: [twdba] C:\WINDOWS\system32\jintwhg.exe

    O4 - HKCU\..\Run: [mxwxc] C:\WINDOWS\ohycfpm.exe

    O4 - HKCU\..\Run: [vtbsr] C:\WINDOWS\system32\lfklown.exe

    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
    Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab

    O20 - AppInit_DLLs: arpa.dll

    O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\lvpo0973e.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\?ystem32\?explore.exe<Note: This is not the same as C:\windows\system32 folder. make sure you don`t try and delete the wrong folder.

    C:\WINDOWS\system32\jintwhg.exe
    C:\WINDOWS\ohycfpm.exe
    C:\WINDOWS\system32\lfklown.exe

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\windows\system32\arpa.dll

    Once your system has rebooted, rehide your protected OS file.

    Post a fresh HJT log as well as an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Milan

    Milan TS Rookie Topic Starter

    Hey, back again after doing this. I did not run AVG Anti-Spyware, because frankly, it's 12:10AM here and I can't sit for another two hours while it goes.

    I deleted everything you told me to, it all went off without a hitch, except one. The file you told me to put into killbox would not be repaired by HijackThis. I have deleted that file so nothing wrong. The message of the !update.exe virus hasn't popped up yet.

    The explore file was pretty sneaky, inside a near empty folder called system32 called iexplore.exe, having a plain white icon so you couldn't see it.

    Here is my HJT Logfile:
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Run the AVG Antispyware scan when you get time and see what it finds. You can always post the log for me to look at.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Milan

    Milan TS Rookie Topic Starter

    Sorry to bother you again but I've found that my Madden is still lagging just about as much. I don't know if you're familiar with the game but it lets me run about 5-10 plays then it just starts to lag, gradually increasing to the point of it being unplayable. Do you have any solutions for that?

    I have been running the same settings since I got the game, it just started lagging not too long ago, I have about 85gigs of free space. I've tried lowering the settings and that didn't help so it must not be my hardware. I hardly have any processes running (like 7 of my own processes for my user account)

    Again thanks for the help in advance.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t play games, so I can`t be very specific as to what`s the most likely problem.

    My first instinct is to say uninstall and reinstall the game and see if that helps.

    However, I`d really like to see an AVG Antispyware log, as there may be something on your system that isn`t showing up in HJT.

    Regards Howard :)

    This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...