Downloader.Generic2.MUZ

[Milan]

AVG Anti-Virus is telling me that I have a Downloader.Generic2.MUZ Trojan every time I start up Windows. (I Run a Windows XP Professional). Anyways I can never completely get rid of this. I tried right clicking the file (called !update.exe) It was in my Temp files, just so I could maybe open it with notepad and delete the contents inside, but no go, it doesn't let you right click it. I noticed a problem with my Madden 07 copy as well, I have had it since release on the PC and just a couple of days ago (When this problem started to occur) there is lag to the point of it being unplayable. I downloaded FRAPS (A video Game Video capturing software) a few days ago, opened it but it wouldn't open, I'm assuming it's some sort of hidden proccess. That's when Madden started to lag. I'm running Firefox, and have uninstalled IE.

Well anyways, here's my HijackThis log:




______________________________________________________________

Is there anything you guys can do to help? Thanks.

 

[howard_hopkinso]

Hello and welcome to Techspot.

I have moved your thread to the correct forum.

Your system is infected with some real nasties.

First, go and read this thread HERE and decide what it is you want to do.

If you decide, you want to have your system cleaned, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Milan]

The HouseCall Trendmicro virus scan won't work for me, it says that it hasn't done something with native binding. Can I not just Scan My PC With AVG?

 

[howard_hopkinso]

Skip the Houscall and follow the rest of the instructions.

Regards Howard

This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Milan]

Well all the things just finished, I forgot to do the anti-spyware log. As I'm typing this AVG Still detected that virus that I was talking about. AVG Anti-spyware caught about 39 malicious items including around 3-4 trojans.
Here's my most recent hijackthis log

 

[howard_hopkinso]

Go back to the instructions and place the analyze.exe file in it`s own directory as instructed. Post a fresh HJT log as per the instructions for attachments.

Regards Howard

This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Milan]

It is in it's own directory C:\Documents and Settings\Owner\Desktop\Analyze

Thanks again for the help.

 

[howard_hopkinso]

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

lfklown.exe
ohycfpm.exe
jintwhg.exe
?explore.exe<Not to be confused with explorer.exe or iexplore.exe which are a legit files. the question mark can be any random letter/number etc.

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: (no name) - {96856BBA-F875-AD87-7077-FB1A09BB5894} - C:\WINDOWS\system32\bwlap.dll (file missing)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {96856BBA-F875-AD87-7077-FB1A09BB5894} - C:\WINDOWS\system32\bwlap.dll (file missing)

O4 - HKCU\..\Run: [Ukvuemp] C:\WINDOWS\?ystem32\?explore.exe

O4 - HKCU\..\Run: [twdba] C:\WINDOWS\system32\jintwhg.exe

O4 - HKCU\..\Run: [mxwxc] C:\WINDOWS\ohycfpm.exe

O4 - HKCU\..\Run: [vtbsr] C:\WINDOWS\system32\lfklown.exe

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab

O20 - AppInit_DLLs: arpa.dll

O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\lvpo0973e.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\?ystem32\?explore.exe<Note: This is not the same as C:\windows\system32 folder. make sure you don`t try and delete the wrong folder.

C:\WINDOWS\system32\jintwhg.exe
C:\WINDOWS\ohycfpm.exe
C:\WINDOWS\system32\lfklown.exe

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

C:\windows\system32\arpa.dll

Once your system has rebooted, rehide your protected OS file.

Post a fresh HJT log as well as an AVG Antispyware log.

Regards Howard

This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Milan]

Hey, back again after doing this. I did not run AVG Anti-Spyware, because frankly, it's 12:10AM here and I can't sit for another two hours while it goes.

I deleted everything you told me to, it all went off without a hitch, except one. The file you told me to put into killbox would not be repaired by HijackThis. I have deleted that file so nothing wrong. The message of the !update.exe virus hasn't popped up yet.

The explore file was pretty sneaky, inside a near empty folder called system32 called iexplore.exe, having a plain white icon so you couldn't see it.

Here is my HJT Logfile:

 

[howard_hopkinso]

Your HJT log is clean.

Run the AVG Antispyware scan when you get time and see what it finds. You can always post the log for me to look at.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Milan]

Sorry to bother you again but I've found that my Madden is still lagging just about as much. I don't know if you're familiar with the game but it lets me run about 5-10 plays then it just starts to lag, gradually increasing to the point of it being unplayable. Do you have any solutions for that?

I have been running the same settings since I got the game, it just started lagging not too long ago, I have about 85gigs of free space. I've tried lowering the settings and that didn't help so it must not be my hardware. I hardly have any processes running (like 7 of my own processes for my user account)

Again thanks for the help in advance.

 

[howard_hopkinso]

I don`t play games, so I can`t be very specific as to what`s the most likely problem.

My first instinct is to say uninstall and reinstall the game and see if that helps.

However, I`d really like to see an AVG Antispyware log, as there may be something on your system that isn`t showing up in HJT.

Regards Howard

This thread is for the use of Milan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.