Every time my son's computer runs it getrs the trojan generic2 notification with a different random extension. I've run AVG, CW Shredder, Adaware etc. I've done this in safe mode. Also disabled system restore. I'm very frustrated. A friend suggested I may have to reformat this computer, which I'd much rather avoid. What can I do??? Can this computer be saved? My HJT log follows:
How to get rid of trojan generic2
- Thread starter joanp
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
The Windows firewall is complete rubbish and can easily be bypassed or turned off by malware.
I have used Zonealarm for a number of years without issues. However, I do know that it can cause problems on some systems. Therefore the Kerio firewall would be a good alternative.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I have used Zonealarm for a number of years without issues. However, I do know that it can cause problems on some systems. Therefore the Kerio firewall would be a good alternative.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
All done, but still have problems.
Hello Howard,
I've done everything (except I haven't yet downloaded ZoneAlarm) in order. When I rebooted into regular mode and ran HijakThis, I was distressed to see the message: Some files extrated from HijackThis1991.exe.zip were modified or new files were created. Do you wish toput them to the archive." I answered yes. (Hope this was the right thing to do.) And then the popup from AVG appeared with threat of the same Trojan generic2 with yet another extension of various inceipherable letters.
SSS&D found: mircrosoftwindowssecuritycenter.firewalldisable and antivirusdisable, as well as smtfraud-c & smitfraud-c.toolbar888, and doubleclock.
Adaware SE found nothing.
AVG antivirus came up clean, but the AVG antispyware found some malware.
Thanks very much for your guidance.Where do I go from here?
Here's the new HJT log:
Hello Howard,
I've done everything (except I haven't yet downloaded ZoneAlarm) in order. When I rebooted into regular mode and ran HijakThis, I was distressed to see the message: Some files extrated from HijackThis1991.exe.zip were modified or new files were created. Do you wish toput them to the archive." I answered yes. (Hope this was the right thing to do.) And then the popup from AVG appeared with threat of the same Trojan generic2 with yet another extension of various inceipherable letters.
SSS&D found: mircrosoftwindowssecuritycenter.firewalldisable and antivirusdisable, as well as smtfraud-c & smitfraud-c.toolbar888, and doubleclock.
Adaware SE found nothing.
AVG antivirus came up clean, but the AVG antispyware found some malware.
Thanks very much for your guidance.Where do I go from here?
Here's the new HJT log:
howard_hopkinso
Posts: 21,238 +17
First, go HERE and follow the instructions for removing the ntsystem.exe infection.
Post fresh HJT and AVG Antispyware logs as attachments, only after doing the above.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Post fresh HJT and AVG Antispyware logs as attachments, only after doing the above.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Help. I did something wrong. I was using the Reanimator program and had to work to get to the ntsystem.exe but first deleted C:\Programfiles\WINRAR\WINRAR.EXE. This was obviously dumb. Now I can't run Hijack this. How can I get this file back. I feel really, really dumb and thank you again for your patient help.
howard_hopkinso
Posts: 21,238 +17
What's next?
I went to the site to reload the winrar file and loaded it back into the WINRAR folder in my PROGRAM FILES folder. Hopefully this was the right things to do. Do I need to click on it to install it or just leave it there, as I did? It wasn't entirely clear to me. Sorry for asking a question that must seem so evident.
I am attaching the most recent HJT log.
Thanks for letting me know what's next.
Joan
I went to the site to reload the winrar file and loaded it back into the WINRAR folder in my PROGRAM FILES folder. Hopefully this was the right things to do. Do I need to click on it to install it or just leave it there, as I did? It wasn't entirely clear to me. Sorry for asking a question that must seem so evident.
I am attaching the most recent HJT log.
Thanks for letting me know what's next.
Joan
howard_hopkinso
Posts: 21,238 +17
You need to double click on the WinRar.exe file and install it.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
PowerReg Scheduler V3.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\David & Joshua\Local Settings\Temp\{46B823F5-5742-47E3-A158-40C37142FA67}\{907B4640-266B-4A21-92FB-CD 1A86CD0F63}\ATR1.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
PowerReg Scheduler V3.exe<Search your system for this file and delete all instances of it.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Other than the above, your HJT log is clean.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
PowerReg Scheduler V3.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\David & Joshua\Local Settings\Temp\{46B823F5-5742-47E3-A158-40C37142FA67}\{907B4640-266B-4A21-92FB-CD 1A86CD0F63}\ATR1.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
PowerReg Scheduler V3.exe<Search your system for this file and delete all instances of it.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Other than the above, your HJT log is clean.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I followed your instructions and hopefully the nasty Trojan bugger is gone for good. Thanks so very much Howard for sharing your accumulated knowledge with people like me who, without your guidance, would have no clue how to revive the machines that we depend on!
I do have a follow-up though. All those programs you had me download earlier? I presume that I should keep them and run them, but will they conflict with each other? How often should they be scanning my computer? And should they be used in the order that you originally specified?
One last question--I keep getting a box telling me that something from AIM is ready to be installed but then it stopes. It "could not initialize installation. Count not extract Wise 0132.dll ..." Is this related to my previous problem or something completely different? I wonder if I have to uninstall AIM and reinstall it? If these questions should be redirected to another source, please do let me know.
Again, many thanks.
Joan
I do have a follow-up though. All those programs you had me download earlier? I presume that I should keep them and run them, but will they conflict with each other? How often should they be scanning my computer? And should they be used in the order that you originally specified?
One last question--I keep getting a box telling me that something from AIM is ready to be installed but then it stopes. It "could not initialize installation. Count not extract Wise 0132.dll ..." Is this related to my previous problem or something completely different? I wonder if I have to uninstall AIM and reinstall it? If these questions should be redirected to another source, please do let me know.
Again, many thanks.
Joan
howard_hopkinso
Posts: 21,238 +17
I would still like you to post an AVG Antispyware log, along with a fresh HJT log, just so I can give your system a final check.
The only programmes you need to keep are SS&D/Ad-Aware personal/Ccleaner/AVG free antivirus/AVG Antispyware. You should also install one of the firewall programmes that was recommended in the Trojan pakes thread.
I also suggest you install the Spyware Blaster programme. Follow the instructions. It doesn`t use any system resources and will help to keep your system safe
Once your system is clean, you should use the above programme to scan your computer once every week or two.
As for your Aim problem, uninstalling and reinstalling may well solve that.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The only programmes you need to keep are SS&D/Ad-Aware personal/Ccleaner/AVG free antivirus/AVG Antispyware. You should also install one of the firewall programmes that was recommended in the Trojan pakes thread.
I also suggest you install the Spyware Blaster programme. Follow the instructions. It doesn`t use any system resources and will help to keep your system safe
Once your system is clean, you should use the above programme to scan your computer once every week or two.
As for your Aim problem, uninstalling and reinstalling may well solve that.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I don't think that this uploaded properly. I saved the report to the desktop, but I did this scan under regular conditions, meaning that I did not disable system restore etc. and enter Safe Mode. I think I need to scan again and save another report.
Again had problem with upload error. Again, should I redo this in Safe Mode with all system files showing etc., as before?
Thanks,
Joan
Again had problem with upload error. Again, should I redo this in Safe Mode with all system files showing etc., as before?
Thanks,
Joan
howard_hopkinso
Posts: 21,238 +17
You should be able to run AVG Antispyware in normal mode. Then save the log file to wherever you want and attach it here.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I hope that the AVG AntiSpyware is attached to this.
And I hope that the HJT log is attached to this one.
Why can't I tell if I have anything attached to this message? And if it's not, I can't figure out why not, as I'm doing exactly as before and followed your instructions. Am I doing something wrong?
And I hope that the HJT log is attached to this one.
Why can't I tell if I have anything attached to this message? And if it's not, I can't figure out why not, as I'm doing exactly as before and followed your instructions. Am I doing something wrong?
howard_hopkinso
Posts: 21,238 +17
I don`t know why you`re having a problem attaching your log files. However, because you are having problems, just copy and paste them instead.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
It`s ok, don`t worry about it.
Just copy and paste the logs into your next reply.
I will remove them once I`ve finished with them.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Just copy and paste the logs into your next reply.
I will remove them once I`ve finished with them.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
I think you`re good to go.
I still think you should install a firewall. This will help to stop hackers and such like from getting into your system. However, it`s upto you.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I think you`re good to go.
I still think you should install a firewall. This will help to stop hackers and such like from getting into your system. However, it`s upto you.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of joanp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
