TechSpot

How do I get rid of "Trojan horse Downloader.Generic2.EWQ"

By Saru
Aug 2, 2006
Topic Status:
Not open for further replies.
  1. AVG found 2 files it could not clean. Both are listed with the result in the title. One is an "Infected, Embedded object" and the other an "Infected, Archive"

    I have read a similar thread that instructed that poor soul to download Hijack This and do a scan. I have done so and have attached it to this post.

    Please, anybody who can help, any feedback will be helpful.

    Thanks kindly, Saru
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    All AVG means, is you have an infected zip or rar file. The best way to deal with that is to delete the infected files and empty the recycle bin. On no account should you try to extract the files.

    Now to your HJT log.

    Go to add remove programme in your contol panel and uninstall anything to do with(if there).

    Viewpoint\Viewpoint Manager

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ViewMgr.exe

    Close task manager.


    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - Default URLSearchHook is missing

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Viewpoint

    Other than the above, your HJT log is clean.

    Let me know how you get on with the infected archives.

    Regards Howard :wave: :wave:
     
  3. Saru

    Saru TS Rookie Topic Starter

    First, let me thank you for the prompt response Howard!

    I have deleted the .zip and the .idx file that were named by AVG and removed both the Viewpoint and Viewpoint Manager programs from the Add/Remove list but the task manager did not have a ViewMgr.exe running and the HJT list didn't have the "O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" line this time.

    But the big problem is that the Viewpoint folder will not allow me to delete it.
    "cannot delete AxMetaStream_0302021C: Access is denied." AxMetaStream_0302021C.dll is protected somehow.

    Shall I try it in safemode?

    Cheers! Saru
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Yes try from safe mode.

    If you still have problems, please post back.

    If you ever have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Saru only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Saru

    Saru TS Rookie Topic Starter

    Well, after deleting the folder in Safe Mode I have run a couple of AVG tests and it has come up clean. Hopefully this is the end of that saga.

    Thanks for your help Howard!!

    Cheers! Saru
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.