TechSpot

TrojanGeneric12.BFIO and related hard drive issues

By sw123
Feb 6, 2009
  1. Hey guys

    My PC has developed a problem. It was working fine with maybe a couple issues with a Vundo trojan that I removed. However recently I found that my C:\ drive was complaining of low disk space. I uninstalled some unnecessary crap from that drive and still the disk space was decreasing at an alarming rate. At its lowest, it was at 17.3 MB left. Now it is 1.38 GB.

    AVG showed a message that told me that I had been infected with the TrojanGeneric12.BFIO. I tried moving it to the vault, to no avail. Later it gave me trouble that more viruses and trojans were opening and infecting my system. I cannot remember the names but the Generic12.BFIO was there with them.

    I used Malwarebyte's Anti-malware and AVG 8.0 Free to try and detect the malware, but AVG turned up clean and MBAM showed unrelated threats.

    Attached is an HJT log. See if you can find anything. I tried looking through it and I found nothing. I haven't worked on malware removal in a while, so I'm not that great of a judge with those HJT logs anymore.

    Also I should add that I've also installed a new CD-RW drive into my system: A Samsung SW-248F. I downloaded the firmware off the internet, but I'm not sure if that nasty little bastard was still attached to it anyway. Anyway thanks in advance. If you need more information, I'll try to provide it. However I've been extremely busy with my schoolwork.

    Thanks
    sw123
     
  2. raybay

    raybay TS Evangelist Posts: 7,241   +9

    First thing I would do is dump AVG 8.0, and install Avira Antivir instead. I would also install Windows Defender, and SuperAntiSpyware... then run scans with each.
    But I see nothing alarming in your HiJackThis.log.
     
  3. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    I guess my HJT judgement was a little more keen then I thought :)

    I heard SuperAntiSpyware was ineffective, and I haven't heard of the other thing you told me to replace AVG with. Anyway thanks for the reply.

    I can post other logs if you need the information

    sw123
     
  4. raybay

    raybay TS Evangelist Posts: 7,241   +9

    It is up to you to refuse good advice, once given.

    But where was it you "heard" that SuperAntiSpyware was ineffective? Did you read the logs on what people on this forum recommend?

    Read and follow the 8 steps found elsewhere on TechSpot. If nothing else, it will rule out a bunch of things that are the usual suspects.
     
  5. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    I heard superantispyware was ineffective from a good friend who used it. But I am willing to give it a try. I will post logs of those programs and let you know the result.

    sw123
     
  6. raybay

    raybay TS Evangelist Posts: 7,241   +9

    A useful part of every repair is ruling out possiblities. Even if SuperAntiSpyware finds nothing, you have eliminated one other possiblity.
    Good luck.
     
  7. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    I used SuperAntiSpyware and found 313 objects, though none were the trojan. The computer is running a little faster but the hard drive space is still very low. I have found a lot of hidden folders in my system folder, one called $NTSERVICEPACKUNINSTALLDNMitigationAPIs$

    I figured that the trojan was creating a lot of these and it was cluttering my hard drive.

    I'll run a scan with Avira Antivir and a disk defrag overnight to see if it helps.

    sw123
     
  8. rezzzy

    rezzzy TS Rookie

    just run spybot search and destroy..i think will help you alot
     
  9. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    Hi again all

    I finished the scan with Avira and saved a log. I don't believe that the log shows the virus I was looking for. Maybe it was removed by the other programs. Here is the log:

    sw123 :)

    bumpbumpbump
     
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi SW

    What you cleaned can give insight as to what else we need to do.

    Run MBAM and click logs and post all these back from oldest to newest!
    Run SAS and click Preferences then Statistics/Logs post these back oldest to newest!

    Then

    Download SDFix to Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    =========================================
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
     
  11. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    Thanks a lot Mike.

    I have done what you asked, and the hard drive is back to normal. However, my system is infected with something I cannot remove.

    It appears to be a trojan that is called Trojan.Drop12.Seneka. I have tried simultaneous scans using all of the tools recommended, all in safe mode. None have removed the trojan. I have some pics of various activities I do on the computer, such as email and web browsing. I contemplated having my dad take it to a shop, since he also uses this computer.

    I have the pictures attached. I will try again overnight to try and purge the trojan as best I can.

    Thanks a bunch


    sw123

    EDIT: I just minimized this window just now. My desktop picture is no longer there, replaced by a blank blue screen
     
  12. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Please confirm whether you tried the 8-Steps or not

    UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    The images are not really helpful, except in a general way.
     
  13. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes! From my last post.
    If you can do all these fancy screens then you ought to be able to get us the logs.

    Mike
     
  14. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    Alright. I will read the updated instructions and commence overnight. I have tried every other option I know of and none have worked. I'll post logs in the morning.

    sw123
     
  15. mflynn

    mflynn TS Rookie Posts: 2,655

    Well you are at the right place so get us the info and we will fix it!

    Mike
     
  16. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    I've done the 8-step removal instructions, and the trojan appears to be gone. It could be hiding somehow, so I've posted logs for review

    Let me know if something's suspicious

    sw123
     
  17. mflynn

    mflynn TS Rookie Posts: 2,655

    Where is the Superantispyware (SAS) log? Need it!

    Anyways!

    Another run indicated!
    OK there were found/removed items in MBAM so we need to run again as the first run likely exposed things that were not even seen the first time.

    So another run Quick Scan will likely find more. So UPDATE run MBAM again.

    Mike
     
  18. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    Forgot to save a SAS log. Sorry!

    I remember that it only detected 2 threats from low risk adware. I believe it was 166 accounts between the two of them.

    I will run MBAM again after the update. Although the computer seems fine now.

    Thanks again.

    Jordan
     
  19. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

     
  20. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    here it is
     
  21. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Startup HijackThis again and do another scan only
    Tick the following quoted entries, and select Fix
    (Note: All\any Internet browsers should be closed, before selecting Fix to all)
    I'd also recommend removing Spyware Doctor as this program may stop files from being removed in full

    Restart, and let us know

    Note: These logs must always be checked in full, and possible removal entries completed before other programs are installed or suggested
     
  22. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    I did what was requested. Thanks all, the computer works totally fine now

    Thx a lot!

    sw123
     
  23. mflynn

    mflynn TS Rookie Posts: 2,655

    Well who are you the doctor now?:D

    Well you can quit now if you want to. If it you think you are clean by the way the computer works you may be surprised!

    I don't believe it is clean.

    I advise running the 2 processes below. But up to you!

    Download SDFix to Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    =========================================
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
     
  24. sw123

    sw123 TS Rookie Topic Starter Posts: 595

    I already tried ComboFix and SDFix seperately. SDFix doesn't do much, but it saves a logfile with nothing in it, saying the computer is fine. I downloaded ComboFix but it said the file was corrupt. So i downloaded again, same problem.

    I'm not sure what to think. This isnt exactly my forte, but maybe there's another way?

    sw123
     
  25. mflynn

    mflynn TS Rookie Posts: 2,655

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...