How do I get rid of "Trojan horse Downloader.Generic2.EWQ"

Status
Not open for further replies.

Saru

Posts: 7   +0
AVG found 2 files it could not clean. Both are listed with the result in the title. One is an "Infected, Embedded object" and the other an "Infected, Archive"

I have read a similar thread that instructed that poor soul to download Hijack This and do a scan. I have done so and have attached it to this post.

Please, anybody who can help, any feedback will be helpful.

Thanks kindly, Saru
 
Hello and welcome to Techspot.

All AVG means, is you have an infected zip or rar file. The best way to deal with that is to delete the infected files and empty the recycle bin. On no account should you try to extract the files.

Now to your HJT log.

Go to add remove programme in your contol panel and uninstall anything to do with(if there).

Viewpoint\Viewpoint Manager

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe

Close task manager.


Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint

Other than the above, your HJT log is clean.

Let me know how you get on with the infected archives.

Regards Howard :wave: :wave:
 
First, let me thank you for the prompt response Howard!

I have deleted the .zip and the .idx file that were named by AVG and removed both the Viewpoint and Viewpoint Manager programs from the Add/Remove list but the task manager did not have a ViewMgr.exe running and the HJT list didn't have the "O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" line this time.

But the big problem is that the Viewpoint folder will not allow me to delete it.
"cannot delete AxMetaStream_0302021C: Access is denied." AxMetaStream_0302021C.dll is protected somehow.

Shall I try it in safemode?

Cheers! Saru
 
Yes try from safe mode.

If you still have problems, please post back.

If you ever have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Saru only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Well, after deleting the folder in Safe Mode I have run a couple of AVG tests and it has come up clean. Hopefully this is the end of that saga.

Thanks for your help Howard!!

Cheers! Saru
 
Status
Not open for further replies.
Back