TechSpot

Generic Downloader K Problems

By kolo93
Dec 21, 2006
  1. I was wondering if anyone could have a look at the following HJT log and let me know what needs fixing. Mcafee kept telling me i had a trojan (generic downloader K) everytime I started up my computer. I thought I had gotten rid of it but it kept showing up everytime upon reboot. Its gotten to the point where I can no longer run normal mode, as the computer continually starts then restarts. Im still cabable of accessing safe mode but have no clue as to what files to delete or fix to get rid of this virus. Any help would be greatly appreciated. Heres the HJT log:



    As far as I know I followed the instructions the best I could considering I can only work out of safe mode. Sorry I copied and pasted the above HJT log, the laptop I'm working on won't allow me to access the attachment file window.

    My computer at first would work in normal mode with the virus, however it wasnt until I uninstalled JAVA and rebooted the computer to install the latest JAVA 1.5 that my computer started restarting automatically over and over each time I tried to open in normal mode.

    Judging by my HJT log (which was executed in safe mode) where do I go from here in terms of fixing the problem?

    I have had a friend physically remove my hardrive and run virus scans on it in his computer but nothing came up.

    Once again feedback would be greatly appreciated.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow as many of the instructions as you can.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. kolo93

    kolo93 TS Rookie Topic Starter

    Find attached the AVG spyware log and HJT log. I followed all the instructions as posted. The HJT log however was performed in safe mode since I cannot access normal mode. Thanks.

    Dan
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Delete all files in AVG Antispyware quarantine.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34A79~1\Bar888.dll (file missing)

    O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34A79~1\Bar888.dll (file missing)

    O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize

    O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

    O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab

    Click on the fix checked button.

    Close HJT and reboot your system. Other than the above, your HJT log looks clean. However, because your HJT log is from safe mode, it`s hard to be sure.

    Go to add remove programme in your control panel and uninstall anything to do with(if there).

    Java

    Close control panel.

    See if you can access normal mode. If you can`t, I suggest trying a Windows repair as per this thread HERE.

    Regards Howard :)

    This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. kolo93

    kolo93 TS Rookie Topic Starter

    I followed your instructions, but I could still not access normal mode. However when I put the Windows XP CD in to try the repair, windows all of a sudden opened in normal mode! I have attached the HJT log performed in normal mode. Another thing is that in normal mode windows is giving me a warning saying "The system has recovered from a serious error" with the following:

    Error Signature

    BCCode : 10000050 BCP1 : BA87C8AC BCP2 : 00000000 BCP3 : B0C0A9F6
    BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1

    Technical Files included in the error report are:

    C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\WERb743.dir00\Mini122206-10.dmp
    C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\WERb743.dir00\sysdata.xml

    Im not sure what all this mean, where should I go from here?

    Thanks,

    Dan
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. Therefore, I don`t think your problem is virus/spyware related.

    You did change the boot option in your bios to boot from cd first didn`t you? Then, with the Windows cd in the drive, save and exit bios. You should see a message to press any key to boot from cd.

    I suggest you open a new thread in our Windows OS for the BSOD errors.

    Regards Howard :)

    This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. kolo93

    kolo93 TS Rookie Topic Starter

    Everything seems to have sorted itself out. I can now work in normal mode with no problems. Cheers for all the help, I really appreciate it.

    Dan
     
  8. Milan

    Milan TS Rookie

    Sorry for being late, but if people in the future see this thread and can't get it sorted the way you have do this:

    Run, type in msconfig, at the top click Boot.ini, then click whichever option, if you're in safe mode and would like it to boot in normal mode, uncheck /SAFEBOOT, etc...
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s great news.

    If you`d like to post a final HJT log from normal mode, I`ll check to see if it`s clean.

    Regards Howard :)

    This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. kolo93

    kolo93 TS Rookie Topic Starter

    Here's a final HJT log from normal mode. Let me know if you see anything that should be fixed. Thanks.

    Dan
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Sorry for the delay in getting back to you.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

    O4 - HKLM\..\Run: [{34A79AAA-0A6B-1033-0926-031025200001}] "C:\Program Files\Common Files\{34A79AAA-0A6B-1033-0926-031025200001}\Update.exe" mc-110-12-0001411

    O4 - HKLM\..\Run: [{34A79AAA-0A6A-1033-0926-031025200001}] "C:\Program Files\Common Files\{34A79AAA-0A6A-1033-0926-031025200001}\Update.exe" mc-110-12-0001411

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. kolo93

    kolo93 TS Rookie Topic Starter

    I fixed those four problems through HJT and attached a fresh HJT log. Let me know if you see anything else in need of fixing. Thanks. Dan.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...