TechSpot

PSW.Generic2 in csdDriver.sys  help

By jduffy
Nov 15, 2006
  1. hi i keep getting a pop up for the above virus every time i open a programme avg heals it but it keeps coming back i have tried spybot adaware ccleaner and Ewido but none of these find it i have turned off system restore and rebooted in save mode to try and find the file but i couldnt find it please help
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. jduffy

    jduffy TS Rookie Topic Starter

    here is the log files hope i done it right. the systems are the pc turns off by itself and is slow but more annoying is the avg popups every time i open anything thanks julie

    cant seem to figure out how to save avg log file when it finished scanning it automaticly healed file and never give me an option to save julie
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Poker.com

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Poker.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Poker.com<Delete the entire folder.

    Reboot your system.

    Other than the above, your HJT log is clean.

    In order to save the AVG logfile do the following.

    Run AVG Antispyware and click on the reports icon on the main toolbar. Click the report in the lefthand pane and click the save report as button. When the window opens, browse to where you want to save the report and click the save button. Close AVG Antispyware. You can now attach the report in exactly the same way as you did the HJT log.

    Regards Howard :)

    This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. jduffy

    jduffy TS Rookie Topic Starter

    here is the avg report done all that but still getting the pop warning julie

    here is the one i done before removing poker and fixing hjt
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Delete all files in AVG Antispyware quarantine.

    Now do the following.

    Run AVG antivirus and make sure you have the latest updates, by clicking on the check for updates button. Keep doing this untill no more updates are found. Close AVG antivirus.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Now run a full system scan with your AVG antivirus programme and delete whatever it finds. This includes anything in the virus vault.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Run another full system scan with your AVG antivirus programme and see if AVG antivirus finds anything.

    Let me know the results.

    Regards Howard :)

    This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. jduffy

    jduffy TS Rookie Topic Starter

    done all that and no viruses found but still getting avg popup when opening anything it says avg resident shield threat detected while opening file c\windows\ system32\PSW.Generic2 in csdDriver.sys trojan horse PSW.generic2.QEO
    i keep hitting heal or move to vault and it does that until you open up something else then it pops up again i have about 100 of them in the virus vault from yesterday thanks for all your help julie
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Click Start/Search and scroll down using the scroll bar on the right.
    Click More advanced options.
    Be sure the following three boxes are selected:
    Search System folders
    Search Hidden Files and folders
    Search SubFolders

    Search for and delete(if there) Don`t worry if you can`t find some of the files. Right click on the files in the righthand pane and select delete.

    CsdDriver.sys
    UpperHost.dll
    MemMan.dll

    Close the search window and empty your recycle bin.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Let me know the outcome please.

    Regards Howard :)

    This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. jduffy

    jduffy TS Rookie Topic Starter

    wow its gone i deleted 11 of the first 0 of the second and 2 of the third and rebooted no nasty pop ups on startup thank you so much for all your help i really am grateful as it was driving me crazy julie
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s good news.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. iliassonata

    iliassonata TS Rookie

    Hi,
    Got The Same Problem With The Trojen Psw.geneic 2. Tried Everything Before Except For Format H/disk. Then Follow Your Suggestion And The Problem Is Gone.

    Thank You.

    By The Way, How To Keep This From Repeating?
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I`m glad your problem is solved.

    Take a look at this thread HERE. It`ll show you how to keep your system more secure.

    Regards Howard :wave: :wave:

    This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...