Generic Downloader K Problems

[kolo93]

I was wondering if anyone could have a look at the following HJT log and let me know what needs fixing. Mcafee kept telling me i had a trojan (generic downloader K) everytime I started up my computer. I thought I had gotten rid of it but it kept showing up everytime upon reboot. Its gotten to the point where I can no longer run normal mode, as the computer continually starts then restarts. Im still cabable of accessing safe mode but have no clue as to what files to delete or fix to get rid of this virus. Any help would be greatly appreciated. Heres the HJT log:



As far as I know I followed the instructions the best I could considering I can only work out of safe mode. Sorry I copied and pasted the above HJT log, the laptop I'm working on won't allow me to access the attachment file window.

My computer at first would work in normal mode with the virus, however it wasnt until I uninstalled JAVA and rebooted the computer to install the latest JAVA 1.5 that my computer started restarting automatically over and over each time I tried to open in normal mode.

Judging by my HJT log (which was executed in safe mode) where do I go from here in terms of fixing the problem?

I have had a friend physically remove my hardrive and run virus scans on it in his computer but nothing came up.

Once again feedback would be greatly appreciated.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow as many of the instructions as you can.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kolo93]

Find attached the AVG spyware log and HJT log. I followed all the instructions as posted. The HJT log however was performed in safe mode since I cannot access normal mode. Thanks.

Dan

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34A79~1\Bar888.dll (file missing)

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34A79~1\Bar888.dll (file missing)

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize

O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab

Click on the fix checked button.

Close HJT and reboot your system. Other than the above, your HJT log looks clean. However, because your HJT log is from safe mode, it`s hard to be sure.

Go to add remove programme in your control panel and uninstall anything to do with(if there).

Java

Close control panel.

See if you can access normal mode. If you can`t, I suggest trying a Windows repair as per this thread HERE.

Regards Howard

This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kolo93]

I followed your instructions, but I could still not access normal mode. However when I put the Windows XP CD in to try the repair, windows all of a sudden opened in normal mode! I have attached the HJT log performed in normal mode. Another thing is that in normal mode windows is giving me a warning saying "The system has recovered from a serious error" with the following:

Error Signature

BCCode : 10000050 BCP1 : BA87C8AC BCP2 : 00000000 BCP3 : B0C0A9F6
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1

Technical Files included in the error report are:

C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\WERb743.dir00\Mini122206-10.dmp
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\WERb743.dir00\sysdata.xml

Im not sure what all this mean, where should I go from here?

Thanks,

Dan

 

[howard_hopkinso]

Your HJT log is clean. Therefore, I don`t think your problem is virus/spyware related.

You did change the boot option in your bios to boot from cd first didn`t you? Then, with the Windows cd in the drive, save and exit bios. You should see a message to press any key to boot from cd.

I suggest you open a new thread in our Windows OS for the BSOD errors.

Regards Howard

This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kolo93]

Everything seems to have sorted itself out. I can now work in normal mode with no problems. Cheers for all the help, I really appreciate it.

Dan

 

[Milan]

Sorry for being late, but if people in the future see this thread and can't get it sorted the way you have do this:

Run, type in msconfig, at the top click Boot.ini, then click whichever option, if you're in safe mode and would like it to boot in normal mode, uncheck /SAFEBOOT, etc...

 

[howard_hopkinso]

Everything seems to have sorted itself out. I can now work in normal mode with no problems. Cheers for all the help, I really appreciate it.

Dan

That`s great news.

If you`d like to post a final HJT log from normal mode, I`ll check to see if it`s clean.

Regards Howard

This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kolo93]

Here's a final HJT log from normal mode. Let me know if you see anything that should be fixed. Thanks.

Dan

 

[howard_hopkinso]

Sorry for the delay in getting back to you.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [{34A79AAA-0A6B-1033-0926-031025200001}] "C:\Program Files\Common Files\{34A79AAA-0A6B-1033-0926-031025200001}\Update.exe" mc-110-12-0001411

O4 - HKLM\..\Run: [{34A79AAA-0A6A-1033-0926-031025200001}] "C:\Program Files\Common Files\{34A79AAA-0A6A-1033-0926-031025200001}\Update.exe" mc-110-12-0001411

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log.

Regards Howard

This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kolo93]

I fixed those four problems through HJT and attached a fresh HJT log. Let me know if you see anything else in need of fixing. Thanks. Dan.

 

[howard_hopkinso]

Your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of kolo93 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.