TechSpot

How to get rid of trojan generic2

By joanp
Nov 6, 2006
  1. Every time my son's computer runs it getrs the trojan generic2 notification with a different random extension. I've run AVG, CW Shredder, Adaware etc. I've done this in safe mode. Also disabled system restore. I'm very frustrated. A friend suggested I may have to reformat this computer, which I'd much rather avoid. What can I do??? Can this computer be saved? My HJT log follows:
     
  2. sw123

    sw123 TS Rookie Posts: 595

    Remove:

    C:\Program Files\WinRAR\WinRAR.exe


    Hopefully that will help


    sw123
     
  3. joanp

    joanp TS Rookie Topic Starter Posts: 24

    What is the "WinRAR" file? I'll try it. Thanks for the quick response.
     
  4. sw123

    sw123 TS Rookie Posts: 595

    Actually, i wouldnt do it. I thoguht it was bad, but its actually and archive program. I can't find anything. I will refer you to someone more knowledgeable.


    sw123
     
  5. joanp

    joanp TS Rookie Topic Starter Posts: 24

    I went into My Computer to delete this and got a warning that deleting, renaming or moving it might make other programs not run. Should I be concerned?

    Thanks sw123. I didn't do it and look forward to another response.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. joanp

    joanp TS Rookie Topic Starter Posts: 24

    Howard,

    I am currently using Windows firewall, which I think you advise does not afford enough protection. I tried ZoneAlarm on another computer recently and felt that it slowed my system down a lot. Is this still your first choice?

    Thanks,
    Joan
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The Windows firewall is complete rubbish and can easily be bypassed or turned off by malware.

    I have used Zonealarm for a number of years without issues. However, I do know that it can cause problems on some systems. Therefore the Kerio firewall would be a good alternative.

    Regards Howard :)


    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. joanp

    joanp TS Rookie Topic Starter Posts: 24

    All done, but still have problems.

    Hello Howard,

    I've done everything (except I haven't yet downloaded ZoneAlarm) in order. When I rebooted into regular mode and ran HijakThis, I was distressed to see the message: Some files extrated from HijackThis1991.exe.zip were modified or new files were created. Do you wish toput them to the archive." I answered yes. (Hope this was the right thing to do.) And then the popup from AVG appeared with threat of the same Trojan generic2 with yet another extension of various inceipherable letters.

    SSS&D found: mircrosoftwindowssecuritycenter.firewalldisable and antivirusdisable, as well as smtfraud-c & smitfraud-c.toolbar888, and doubleclock.

    Adaware SE found nothing.
    AVG antivirus came up clean, but the AVG antispyware found some malware.

    Thanks very much for your guidance.Where do I go from here?

    Here's the new HJT log:
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    First, go HERE and follow the instructions for removing the ntsystem.exe infection.

    Post fresh HJT and AVG Antispyware logs as attachments, only after doing the above.

    Regards Howard :)

    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. joanp

    joanp TS Rookie Topic Starter Posts: 24

    Help. I did something wrong. I was using the Reanimator program and had to work to get to the ntsystem.exe but first deleted C:\Programfiles\WINRAR\WINRAR.EXE. This was obviously dumb. Now I can't run Hijack this. How can I get this file back. I feel really, really dumb and thank you again for your patient help.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No problem, redownload and install WinRar from HERE.

    Regards Howard :)

    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. joanp

    joanp TS Rookie Topic Starter Posts: 24

    Whew. Disaster averted. I'll do this in the morning. Hopefully functionality will be restored and I can send you the newest HJT log.
     
  14. joanp

    joanp TS Rookie Topic Starter Posts: 24

    What's next?

    I went to the site to reload the winrar file and loaded it back into the WINRAR folder in my PROGRAM FILES folder. Hopefully this was the right things to do. Do I need to click on it to install it or just leave it there, as I did? It wasn't entirely clear to me. Sorry for asking a question that must seem so evident.

    I am attaching the most recent HJT log.

    Thanks for letting me know what's next.
    Joan
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You need to double click on the WinRar.exe file and install it.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    PowerReg Scheduler V3.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll

    O4 - Startup: PowerReg Scheduler V3.exe

    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\David & Joshua\Local Settings\Temp\{46B823F5-5742-47E3-A158-40C37142FA67}\{907B4640-266B-4A21-92FB-CD 1A86CD0F63}\ATR1.exe

    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    PowerReg Scheduler V3.exe<Search your system for this file and delete all instances of it.


    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Other than the above, your HJT log is clean.


    Regards Howard :)

    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. joanp

    joanp TS Rookie Topic Starter Posts: 24

    I followed your instructions and hopefully the nasty Trojan bugger is gone for good. Thanks so very much Howard for sharing your accumulated knowledge with people like me who, without your guidance, would have no clue how to revive the machines that we depend on!

    I do have a follow-up though. All those programs you had me download earlier? I presume that I should keep them and run them, but will they conflict with each other? How often should they be scanning my computer? And should they be used in the order that you originally specified?

    One last question--I keep getting a box telling me that something from AIM is ready to be installed but then it stopes. It "could not initialize installation. Count not extract Wise 0132.dll ..." Is this related to my previous problem or something completely different? I wonder if I have to uninstall AIM and reinstall it? If these questions should be redirected to another source, please do let me know.

    Again, many thanks.
    Joan
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I would still like you to post an AVG Antispyware log, along with a fresh HJT log, just so I can give your system a final check.

    The only programmes you need to keep are SS&D/Ad-Aware personal/Ccleaner/AVG free antivirus/AVG Antispyware. You should also install one of the firewall programmes that was recommended in the Trojan pakes thread.

    I also suggest you install the Spyware Blaster programme. Follow the instructions. It doesn`t use any system resources and will help to keep your system safe

    Once your system is clean, you should use the above programme to scan your computer once every week or two.

    As for your Aim problem, uninstalling and reinstalling may well solve that.

    Regards Howard :)

    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. joanp

    joanp TS Rookie Topic Starter Posts: 24

    I don't think that this uploaded properly. I saved the report to the desktop, but I did this scan under regular conditions, meaning that I did not disable system restore etc. and enter Safe Mode. I think I need to scan again and save another report.

    Again had problem with upload error. Again, should I redo this in Safe Mode with all system files showing etc., as before?
    Thanks,
    Joan
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You should be able to run AVG Antispyware in normal mode. Then save the log file to wherever you want and attach it here.

    Regards Howard :)

    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. joanp

    joanp TS Rookie Topic Starter Posts: 24

    I hope that the AVG AntiSpyware is attached to this.

    And I hope that the HJT log is attached to this one.

    Why can't I tell if I have anything attached to this message? And if it's not, I can't figure out why not, as I'm doing exactly as before and followed your instructions. Am I doing something wrong?
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know why you`re having a problem attaching your log files. However, because you are having problems, just copy and paste them instead.

    Regards Howard :)

    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. joanp

    joanp TS Rookie Topic Starter Posts: 24

    Did they attach properly this time?

    I can't figure out why I'm having a problem with this Howard. Sorry for the repetition.
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It`s ok, don`t worry about it.

    Just copy and paste the logs into your next reply.

    I will remove them once I`ve finished with them.

    Regards Howard :)

    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. joanp

    joanp TS Rookie Topic Starter Posts: 24

    Today attachments worked!

    Howard,

    Thanks for your patience. I just tried again this morning to attach the files and both of them cooperated. I guess that the planets are aligned. Thanks for looking these over one more time. Hopefully the Trojan is gone.

    Joan
     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    I think you`re good to go.

    I still think you should install a firewall. This will help to stop hackers and such like from getting into your system. However, it`s upto you.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...