TechSpot

Trojan Downloader Generic TUC

By Mike1
Apr 8, 2006
  1. Everytime I boot computer, I get a virus saying Trojan Downloader Generic TUC. I heal the virus and when I boot back up it shows up again. I need help to get rid of this. Also been getting Trojan Downloader Generic WYR and same thing happens.

    Thanks,
    Mike
     
  2. Peddant

    Peddant TS Rookie Posts: 1,644

  3. Mike1

    Mike1 TS Rookie Topic Starter

    I did all you said and still get virus when reboot.
     
  4. Mike1

    Mike1 TS Rookie Topic Starter

    Here is my HJT log
     
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    This is the main culprit:
    O4 - HKCU\..\Run: [Tngqqxna] C:\WINDOWS\system32\?hkdsk.exe

    Now go check the Read: posts at the top of this forum and FOLLOW the advice given.
     
  6. Mike1

    Mike1 TS Rookie Topic Starter

    Can I not just fix what you said was problem with HJT? I am not that great with things like this! I have tried alot of things that I have read here with no avail.
     
  7. Peddant

    Peddant TS Rookie Posts: 1,644

    If you turned off system restore,and you ran HJT in safe mode,then you can fix it as suggested (in safe mode)

    Also Go into HJT->Config->Misc. Tools->Open process manager and if you see this-
    C:\WINDOWS\system32\?hkdsk.exe Kill it.
     
  8. Mike1

    Mike1 TS Rookie Topic Starter

    You guys are great! Thank you so much for your help. The problem seems to be fixed! :)
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Don`t forget to go and delete the bold file from safe mode.

    C:\WINDOWS\system32\?hkdsk.exe

    Regards Howard :wave: :wave:
     
  10. Meni

    Meni TS Rookie

    Everytime I boot my computer, I get a notification of a virus saying Trojan Downloader Generic TUC. Hope you can help me, I have done a lot of things to try to get rid of it. Thnx.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.


    Go HERE and follow the instructions in the order they are given.

    Then, open a new thread in this forum and post a fresh HJT log, only after doing the above.

    Regards Howard :wave: :wave:
     
     
  12. Meni

    Meni TS Rookie

    New log

    Hello, thank you for your help. I have fallowed all the steps, I still have the problem. Here is my new log. Hope you can help me. Thnx a lot.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I did ask you to start a new thread. However, since you`ve posted you fresh HJT log here, I`ll deal with it here.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    ?ymbols

    Close control panel.

    Click start/run and type regsvr32 /u C:\WINDOWS\system32\dla\tfswshx.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    w?auboot.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=ge

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ­nculos

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O4 - HKLM\..\Run: [ShowLOMControl] 

    O4 - HKCU\..\Run: [Klbgs] C:\Archivos de programa\?ymbols\w?auboot.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O18 - Protocol: msnim - 0 - (no file)

    O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\system32\dla\tfswshx.dll
    C:\Archivos de programa\?ymbols\w?auboot.exe

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
     
  14. Meni

    Meni TS Rookie

    I just want to thank you for your help... really... thnx a lot.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.