TechSpot

PSW.Generic2 in csdDriver.sys help

By steinsters
Dec 18, 2006
  1. i have handling with this trojan horse PSW.Generic2.QEO in my laptop.It keeps popping up through AVG shield detecter, and when i deleted it, it keeps popping up again and again. Some of my applications such as, web browser saved in my laptop,yahoo messenger, metacafe couldnt work properly.please....i need some help here as this problem slowing my computer down.... herewith attached the HJT log file and AVG antispyware report....
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is infected with a variety of nasties.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of steinsters only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. steinsters

    steinsters TS Rookie Topic Starter

    didnt work....PSW.Generic2 in csdDriver.sys help!!!

    i have done all the instruction given...but still this trojan PSW generic2 keeps popping up again and again...it wont heal....i even couldnt finish the complete scanning of AVG antispyware, as the computer hung itself after 50% scanning.Same goes with AVG Antivirus, my laptop hung after 50%. The SS&D scan also hung when it reached 50% scanning.I dont know whats going on here.
    here is my latest HJT after completed all the task u gave.plus i also attached AVG antispyware report which i scanned not in 100% mode.please help me
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    CTI Central Management

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    cti.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

    O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM

    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB

    O17 - HKLM\System\CCS\Services\Tcpip\..\{037AE70D-76EA-4747-822E-62C223C3968E}: NameServer = 202.188.0.133,202.188.1.5

    O17 - HKLM\System\CCS\Services\Tcpip\..\{C883C8C7-5966-45A1-B159-770EC0558CB1}: NameServer = 202.188.0.133,202.188.1.5

    Only fix the above 017 entries, if they don`t belong to your ISP.

    O18 - Filter: text/html - (no CLSID) - (no file)

    O21 - SSODL: MemMan - {523455E4-ABCD-ABCD-1114-D709ADD3DDAB} - C:\WINDOWS\System32\MemMan.dll

    O23 - Service: CTI Central Management (CTIMngr) - Unknown owner - C:\WINDOWS\cti.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\cti.exe

    Delete all files in AVG Antispyware quarantine.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\System32\MemMan.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of steinsters only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. steinsters

    steinsters TS Rookie Topic Starter

    yahooo.....it really works

    dude.....its all ready gone....no more threat pop ups....everything went well...
    now i can open my saved web browser and any other applications with 100% satisfaction.....but how can i prevent my laptop from this type of virus/malware/spyware/adware in the future...what are the preventive measurement besides ur previous recommendatios????anyway........thanks a lot man.....ur da greatest!!!!herewith attached the latest HJT report for your further action.....TQ
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done, your HJT log is now clean.

    For advice of keeping your computer more secure, see this thread HERE.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of steinsters only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...