Myriad of problems: Zonebac.B, Windows File Protection, Generic9

[cacfai]

I'm having the same problems as described by the poster in this thread:
techspot.com/vb/topic91214.html [It wouldn't let me link, since I have fewer than three posts]
If you need me to be more specific, I can try, but that person pretty much said it all.


Also, for the past few months, I've occasionally been getting this Windows File Protection pop-up that says, "Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must install the original versions of these files.

Insert your Windows XP Professional CD2 now."

Problem is, my machine came with XP already installed, so I don't have a CD...


And lastly, I turned my computer on this morning, and my AVG anti-virus freaked out, telling me that almost all of my startup files were infected with a Trojan called 'Generic9.tcw'. I just clicked Heal on all of the pop-ups, and it said the actions were successful.

After that, the Windows File Protection message came up again.


I ran HJT and attached my log.

I've posted in other forums in the past and received no help, so hopefully you guys can restore my faith. Please.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read this thread HERE and follow the instructions exactly.

Post the requested log files once done.

Regards Howard :wave: :wave:

This thread is for the use of cacfai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cacfai]

That was fast, thank you!

 

[howard_hopkinso]

Well done, your awf.txt is now clean.

Unfortunately, you`re running an outdated version of HJT and have not renamed it. SEE HERE.

Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt


Post the Combofix log as well as a fresh HJT log.

Regards Howard

This thread is for the use of cacfai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cacfai]

Sorry about the HJT thing. I've attached the new log.

Okay, I downloaded and ran ComboFix, all seemed to be going well until it rebooted my computer. When it did, I had no internet connection, and my AVG wasn't working. So I did a system restore, back to the point ComboFix created, and now I have internet again and AVG seems to be fine.

My clock is still messed up, though. Do I need to post the log anyway?

Is there a way to run ComboFix without losing the net?

Thanks.

 

[howard_hopkinso]

Your HJT log is clean.

Try running Combofix again from safe mode.

Then attach the Combofix log.

Regards Howard

This thread is for the use of cacfai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cacfai]

Okay, it worked that time.

Finally, here is the log.

 

[howard_hopkinso]

That looks fine. Combofix has deleted some useless stuff as well as a Trojan horse Downloader.

Delete the following folder.

C:\qoobox

Go HERE, download and install the latest version of Java.

Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of cacfai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cacfai]

Thank you, thank you, thank you!

Do I uninstall the 'Runtime Environment' ones, too?

And the Windows File Protection messages, will the files that were being replaced be okay now?

 

[howard_hopkinso]

Yes, uninstall all versions of Java, except for version 6 update 3.

What exactly was the Windows File protection message telling you and is it still giving you alerts?

Regards Howard

This thread is for the use of cacfai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cacfai]

It says: "Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must install the original versions of these files.

Insert your Windows XP Professional CD2 now."

And no, I haven't gotten one since this morning, upon startup. I was just wondering if I should be concerned about those files, since I was getting the alerts for a couple of months.

Nothing seems to be wrong, from what I can tell, though.

Thanks again.

 

[howard_hopkinso]

If you`re no longer getting the alerts, I think you should be ok.

See how it goes for a few days and if you still haven`t noticed any problems, then forget about it.

Regards Howard

This thread is for the use of cacfai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cacfai]

Will do.

Thanks for your help!