Seeking help removing mal/generic-a

By vman712
Dec 6, 2009
Topic Status:
Not open for further replies.
  1. Hello, I think my computer is infected. Webroot told me that I have the mal/generic-a virus but it fails to remove it. I have tried the 8 steps outlined in this forum to the best of my ability but I think something is still wrong. I am attaching the logs from the scans as directed in the 8 steps. Can someone please take a look and advise please?
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot, vman. My apology for the delay. If you still need help, I can assist you.

    Are you using the Webroot Spysweeper that also included an antivirus program? I don't see any other AV. If you do have a virus and only have the original Spysweeper anti-malware, it's not going to remove a virus.

    Please let me know your status now.
  3. vman712

    vman712 Newcomer, in training Topic Starter

    Hello, Sorry for the delayed response. I have Webroot Antivirus with Spy Sweeper.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    No problem. My system was down most of the day today and I'm just catching up.

    Let's see if an online scan picks up anything- your logs look okay:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Please attach log from the scan to your next reply.
  5. vman712

    vman712 Newcomer, in training Topic Starter

    Here is the log. Thanks!
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Got one to work on:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes	
      
      :Services
      
      :Reg
      
      :Files  
      C:\WINDOWS\system32\tdlcmd.dll
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Attach log to next reply.
  7. vman712

    vman712 Newcomer, in training Topic Starter

    OTM Log

    Here it is. Thanks!
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    vman, you got a lot of recovered 'space' from this. Please get on some kind of regular schedule for removing the temporary internet files and temp files.

    Looks like we got the malware infection taken care of. Are you having any related problem now? If yes, this is the time to tell me about them. If not, you can remove the cleaning tools:

    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes.

    If you are prompted to Reboot during the cleanup, select Yes.

    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you desire.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    Please follow these simple steps to keep your computer clean and secure:

    1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

    System Restore Guide


    2.Stay current on updates:
    • Visit the Microsoft Download Sitefrequently.
      You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP2
    • Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    3.Make Internet Explorer safer. Follow the suggestions HERE
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

    4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
    6.Use a good, bi-directional firewall(one software firewall)
    [*]See Understanding and Using Firewalls including links to download a firewall.

    7.Consider these programs for Extra Security
    • Spywareblaster:
    • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    • IE/Spyad
    • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    • Google Toolbar Get the free google toolbar to help stop pop up windows.

    If I can be of further assistance, please let me know. .
  9. vman712

    vman712 Newcomer, in training Topic Starter

    Bobbye, as I was looking around to test it out, I seem to get redirected on google searches. I am running my webroot now. Should I try going through the steps again? Webroot just told me:
    Virus found: Troj/Virtum-Gen (Threat marked as Always Remove)
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    That's usually from Vundo. Either we missed something or it's new.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Then delete the previous Eset online scan and rescan with it. (My post #4)

    Include Combofix report and new Eset log in next reply.
  11. vman712

    vman712 Newcomer, in training Topic Starter

    Bobbye, here are the 2 logs. Thanks,
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Eset is naming location as Qoobox- that's where Combofix puts the quarantines, so we'll remove them:

    Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Run one more HijackScan okay? Leave log.
  13. vman712

    vman712 Newcomer, in training Topic Starter

    Here it is Bobbye. I appreciate the help and the tips. I am actually up for renewal for my webroot software. In your opinion, is there a better antivirus software that I should consider? Maybe it's a coincedence but it seems like I started having all of these issues at about the time their renewal messages started popping up. Thanks again for your help.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    vman, I prefer stand-alone programs for security- I don't care for bundles-aka-av+spyware+???. I can boss them around easier when it's one at a time and if I have a problem, I don't have to wonder which program is causing it.

    You can get all the security you need free-or-like I do, use the paid AV program (I use the Eset Nod32) and use free firewall and spyware programs.

    I also discourage any settings for auto-update with the exception of the AV program. Most, like you have Real Player, QuickTime, Java, Google, Dell , iTunes, Office and various other programs set for auto-udate. That means that each of those programs will be accessing the internet at least daily and maybe multiple times daily, checking for updates. Then IF there is one, it automatically downloads and installs.

    The HJT log is clean.
    Go can to Step 1 in the removal thread and you will see links to 2 AV (use only 1) and 2 Firewalls (use only 1) These are all free and good programs.

    BTW, I use to use Spysweeper- before they bundled it with the AV. They had an update that totally trashed the network for my two computers. It took several days and emails to find a way to restore it. What bothered me the most was that it locked me out of making the changes to restore it.

    The following may be helpful:

    Please follow these simple steps to keep your computer clean and secure:
    1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

    System Restore Guide


    2.Stay current on updates:
    • Visit the Microsoft Download Sitefrequently.
      You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP2
    • Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    3.Make Internet Explorer safer. Follow the suggestions HERE
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

    4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
    6.Use a good, bi-directional firewall(one software firewall)
    [*]See Understanding and Using Firewalls including links to download a firewall.

    7.Consider these programs for Extra Security
    • Spywareblaster:
    • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    • IE/Spyad
    • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    • Google Toolbar Get the free google toolbar to help stop pop up windows.

    If I can be of further assistance, please let me know.
  15. vman712

    vman712 Newcomer, in training Topic Starter

    Thank you for all of your help Bobbye, I really appreciate it. I will follow your advice and hopefully i will no longer encounter these problems. You guys have a great forum here. Keep up the great work!
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You're welcome vman. My pleasure.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.