PSW.Generic2 in csdDriver.sys help

Status
Not open for further replies.
hi i keep getting a pop up for the above virus every time i open a programme avg heals it but it keeps coming back i have tried spybot adaware ccleaner and Ewido but none of these find it i have turned off system restore and rebooted in save mode to try and find the file but i couldnt find it please help
 
Hello and welcome to Techspot.

Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
here is the log files hope i done it right. the systems are the pc turns off by itself and is slow but more annoying is the avg popups every time i open anything thanks julie

cant seem to figure out how to save avg log file when it finished scanning it automaticly healed file and never give me an option to save julie
 
Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Poker.com

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Poker.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Poker.com<Delete the entire folder.

Reboot your system.

Other than the above, your HJT log is clean.

In order to save the AVG logfile do the following.

Run AVG Antispyware and click on the reports icon on the main toolbar. Click the report in the lefthand pane and click the save report as button. When the window opens, browse to where you want to save the report and click the save button. Close AVG Antispyware. You can now attach the report in exactly the same way as you did the HJT log.

Regards Howard :)

This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
here is the avg report done all that but still getting the pop warning julie

here is the one i done before removing poker and fixing hjt
 
Delete all files in AVG Antispyware quarantine.

Now do the following.

Run AVG antivirus and make sure you have the latest updates, by clicking on the check for updates button. Keep doing this untill no more updates are found. Close AVG antivirus.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Now run a full system scan with your AVG antivirus programme and delete whatever it finds. This includes anything in the virus vault.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Run another full system scan with your AVG antivirus programme and see if AVG antivirus finds anything.

Let me know the results.

Regards Howard :)

This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
done all that and no viruses found but still getting avg popup when opening anything it says avg resident shield threat detected while opening file c\windows\ system32\PSW.Generic2 in csdDriver.sys trojan horse PSW.generic2.QEO
i keep hitting heal or move to vault and it does that until you open up something else then it pops up again i have about 100 of them in the virus vault from yesterday thanks for all your help julie
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Click Start/Search and scroll down using the scroll bar on the right.
Click More advanced options.
Be sure the following three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders

Search for and delete(if there) Don`t worry if you can`t find some of the files. Right click on the files in the righthand pane and select delete.

CsdDriver.sys
UpperHost.dll
MemMan.dll

Close the search window and empty your recycle bin.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Let me know the outcome please.

Regards Howard :)

This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
wow its gone i deleted 11 of the first 0 of the second and 2 of the third and rebooted no nasty pop ups on startup thank you so much for all your help i really am grateful as it was driving me crazy julie
 
That`s good news.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi,
Got The Same Problem With The Trojen Psw.geneic 2. Tried Everything Before Except For Format H/disk. Then Follow Your Suggestion And The Problem Is Gone.

Thank You.

By The Way, How To Keep This From Repeating?
 
Hello and welcome to Techspot.

I`m glad your problem is solved.

Take a look at this thread HERE. It`ll show you how to keep your system more secure.

Regards Howard :wave: :wave:

This thread is for the use of jduffy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back