Various Viruses VB.ASD, Generic8.GHY

By mam_01
Jul 30, 2008
  1. Hello, recently a friends computer was acting strangely and I suspected it was infected by viruses. The Task Manager could not be accessed (ctrl+alt+delete), nor the registry (regedit), and when connecting to the internet, Internet Explorer would constantly shut down.
    After he ran his virus scanner (AVG), these two were found: VB.ASD and Generic8.GHY.

    After reading a few threads on this site, i followed the instructions for removing viruses/spyware/malware etc from this site, and I have attached the requested logs as advised.

    I am now able to see the task manager and view the registry editor, but I thought I would attach the log files, as per instructions.

    Also, with Step 11- Panda Antirootkit Programme - no known or unknown rootkits were found.

    I appreciate any feedback.
    thank you.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I only looked at the HijackThis log. You did a good job

    One more I suggest removing is the Alexa Search: Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot.

    You might want to check the AVG Status v7. Is that version being supported any more>
  3. mam_01

    mam_01 TS Rookie Topic Starter Posts: 34

    Thank you for that.
    I did run HijackThis again but was unable to find that item - it seems to have disappeared? (which I guess is a good thing).

    The AVG is version 7.5 which I think seems to be the latest, I have updated its virus definitions and any updates...

    This pc isn't connected to the Internet either, which isnt to say the viruses won't come in, as this one came in through a document saved on a Uni computer and then put onto a USB...

    Thank you so much for your help!

    and if there is anything else I should be doing, please let me know?

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You are running the Tea Timer feature from Spybot Search and Destroy. The AdAware Service is also running. However you have 16 Tracking cookie that need to be removed. Please delete the Tracking Cookies. This can be done in Windows explorer:
    Right click on Start> explore> Docs & Settings> Cookies> change the view to List> delete all the Cookies listed in the SuperAntiSpyware log.

    When done, it would be a good idea to run Hijack again, with any Real Time protections disabled, such as Tea Timer and AdAware. But leave the AV active.

    You can attach a new Hijack log here.
  5. mam_01

    mam_01 TS Rookie Topic Starter Posts: 34

    Hi Bobbye,

    I decided to redo the steps again, and i turned off the realtime monitors. I noticed the tracking cookies came up and were removed.

    I have attached the new Hijackthis log, as requested.

    I will await your feedback.

    thank you,

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Maria, it looks pretty clean to me. You did a good job! There are a few things that I recommend removing or disabling. They are legitimate programs, but in some cases, high resource users:
    Stop this:
    Turn this auto-update off in the Control Panel> Java> Update tab> uncheck 'automatically check for update':
    Unless this person is the head of a network and need to contact the other systems on the network as the Administrator, I suggest stopping these processes:
  7. mam_01

    mam_01 TS Rookie Topic Starter Posts: 34

    Hi Bobbye,
    Thank you! I managed to stop the first 2, however i am unsure about how to stop MSN.. but at the same time, this pc won't be on the internet, and the person using it doesn't use MSN anyway, so I guess it will be ok to leave it be?

    I appreciate all your help!

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    msmsgs.exe is the MSN Messenger Internet chat tool installed by default on most Windows computers.

    I should not have grouped the two "messengers" together. They are different- my apology. However disabling either does not break the connection to the MSN ISP.

    If the user is not actively using the MSN Messenger on a regular basis, it should be disabled and removed. It can also be discouraged by renaming it:
    Right click on Start> Explore> Programs> right click on Messenger> Rename> add 'old' to the name, like this:

    As for the Windows Messenger, remove the entry I left. Then:
    Start> Administrative Tools> Services> find an right click on Messenger> Properties> Disable the Startup mode of this Service. Stop this Service if running.

    I tis a legitimate Service, used for the reason I left, but it is also used unethically by third parties to display a Microsoft-like message via pop-ups, usually giving some type of warning, urging the user to click on something to fix it. When they do, they get malware. Because the display is disguised to appear it has been sent from Microsoft, which is a use of "social networking", the user thinks it's valid.
    Screen shots here:
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...