Solved Trojan.gen & Trojan.gen2.. Please help me get rid of them

[kryspy99]

OTM results

I have been looking through the symantec website (quite confusing) I think i may found a patch but not to sure if I found the right one. I found a upgrade however I got this copy of symantec free though my university so I have to contact them to get the serial number they said I will need to get the upgrade. Right now my university is on christmas break so I will have to contact them after that.


Below is the results of the OTM: It said my computer had to be rebooted and then my computer would not turn on..it kept stalling (it has another issue)..anyway i had to take the battery out and reput it in ..then it turned on properly..here are the results:



All processes killed
========== PROCESSES ==========
========== FILES ==========
File/Folder C:\Users\Shane\AppData\Local\temp\DWH*.tmp not found.
C:\Users\Krystal\AppData\Local\temp\DWH8888.tmp moved successfully.
C:\Users\Krystal\AppData\Local\temp\DWH9A4E.tmp moved successfully.
C:\Users\Krystal\AppData\Local\temp\DWHE474.tmp moved successfully.
C:\Users\Krystal\AppData\Local\temp\DWHFAEF.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Krystal
->Temp folder emptied: 8501526 bytes
->Temporary Internet Files folder emptied: 1278066 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 99027924 bytes
->Flash cache emptied: 56099 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shane
->Temp folder emptied: 46707059 bytes
->Temporary Internet Files folder emptied: 754744 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50864451 bytes
->Flash cache emptied: 21777 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1844494 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33175 bytes
RecycleBin emptied: 20745129 bytes

Total Files Cleaned = 219.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12292010_200853

Files moved on Reboot...
File C:\Windows\temp\TMP00000077D3A4CF6B5BE072AF not found!
File C:\Windows\temp\~DF256E.tmp not found!
File C:\Windows\temp\~DF25A7.tmp not found!

Registry entries deleted on Reboot...

 

[Bobbye]

Tell me how the system is running now please. OTMoveIt removed a large numbers of files- this should make the system run a bit faster.

 

[kryspy99]

Hi

I think it may be running faster it is not stalling out as much as it was..it in general has a bunch of glitches( for example it only recognizes my hard drive 1/2 of the time)..i've had this computer only for 2.5-3 years and have had to reformat the hard drive 3 times in the past year. My windows experience rating has gone up .1 (i just checked) Until this symantec issue gets sorted out ( i will be contacting the school soon), I am and will continue to get warnings for Trojans.

However, until I get a real job w/ real money lol, I was wondering what best combos of programs do you recommend to fight viruses, malware etc...that is in the free range?

 

[Bobbye]

Okay, you can remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
===================================================
If you want to work on those system 'glitches', you can start a thread in the Windows OS forum. Mention you have gone through the cleaning here with me. Clearly there is some problem if you're having to reformat so often. It might be that you just don't know how to troubleshoot- a lot of users don't-and go to a reformat/reinstall instead.
=======================================
The following links are all for free programs. You don't have to get them all, but look through and see what you think would be helpful to you.
Tips for added security and safer browsing: (links are blue text)

1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
   This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
   
2. Have layered Security:
   • Antivirus Software(only one):Both of the following programs are free and known to be good:
     [o]Avira Free
     [o]Avast Home
   • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
     [o]Comodo
     [o]Zone Alarm
   • Antispyware: I recommend all of the following:
     [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
   [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
   For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
   IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
   Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
   [o]Replace the Host Files
   MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
   [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
   
3. Stay current on updates:
   [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
   [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
   [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
   
4. Reset Cookies to prevent Tracking Cookies:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   
5. Do regular Maintenance
   Remove Temporary Internet Files regularly:
   [o]ATF Cleaner by Atribune
   OR
   [o]TFC
   Disable and Enable System Restore:
   [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
   
6. Practice Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Last but not least, use a Site Advisor. Some AV programs have them. My preference has always been for the stand-along programs instead of 'bundles'
The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

Every time to do a search and the screen comes up with the sites, they will have the rating light. Green (2 shades), Amber/Yellow Caution, Red> not advised. A few sites haven't been rated and show as a blue flashlight.

If you want to link to another site from the page you're on on another, WOT will give you an Alert that the site is known for fraudulent entries, unreliable or other and the site won't load. Don't worry- those Alerts don't happen if you still to the green rating.

Give it a try- http://www.mywot.com/en/download

 

[kryspy99]

Hi Bobbye,
I just tried to uninstall the combo fix, and then it told me that symantec running is affecting it from running. Did I accidently wrote something wrong or does it take symantec being off for it to unistall?

Before I make a restore point would i have to first get the the symantec issue figured out?
Thanks, I appreciate all the security information
Krystal

 

[Bobbye]

I don't know of any reason why the Symantec Endpoint would prevent the uninstall of Combofix. Please try again- you're not trying to run a scan which does require the security to be disabled,:

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

The restore point doesn't have anything to do with Symantec either. Since you're using the Symantec Enterprise edition through the school, you will need to contact their IT person for any problems with it.

Once you remove the cleaning tools and their logs, Symantec shouldn't be popping up with old entries that have been removed. Running OTM handled the eset entries. The logs can be deleted if needed.

 

[kryspy99]

hello

Hi Bobbye,
Well I tried it again (uninstall combo fix), double checked everything and I recieved the warning: warning: combofix has detected real time scanners. ( proceeds to mention about symantec)... I hit the ok button then I get..combo fix will continue to run.. .. after that I get a box asking me to update combo fix..i proceed to x out of this box and then a blue adminstrator box pops up which i x out of.

Awhile ago I unistalled something off my computer, ( i dont' remember what I uninstalled, I think i was just trying to take off things that i didn't use). However I don't find combo fix in my programs and features icon in my control panel. the only thing I have of combo fix that I know of is the 3.80 mb application icon on my desktop.

I haven't used OTC yet or restore a point yet since the uninstall combo fix was first on my list to do.

 

[Bobbye]

Please reboot the computer- into Normal Mode. Then try this again. Perhaps the image will help.

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

 

[Bobbye]

Were you able to remove the cleaning tools?

 

[kryspy99]

Sorry I have not posted response, i have been busy with work and I did not realize time went by so fast, I am going to try to remove the tool right now..

 

[kryspy99]

Was I supposed to uninstall combofix in Uninstall mode in the first place? My prior attempts have been from normal mode to uninstall from combofix. I tried it again in normal mode and this time a window briefly popped up that said about combofix was incompatible and i glanced at the rest of the window and I could not understand the words (another language? i don't know)..the window disappeared 2 secs later and so did the windows that I had this site up, techspot..com disappeared also. And the windows disappearing did a weird dinging/buzzing sound. Though that weird dinging/buzzing sound has been happening every so often lately when the screen turns black when I am changing users and the cursor blinks across the screen so that is probably a separate issue.

 

[Bobbye]

I don't know what is causing the problem uninstalling Combofix. It's not scanning and therefore shouldn't give warnings. But by now, it's possible the uninstaller has been damaged. Do a search on the computer for Combofix. Do a right click> Delete on ant entries you find. This is not the proper way to uninstall the program however.

As for ongoing Norton problems, as mentioned previously, since it is the Enterprise version through the school, you will need to contact their IT department.

These is all separate issues and are most likely system problems, not malware:

And the windows disappearing did a weird dinging/buzzing sound. Though that weird dinging/buzzing sound has been happening every so often lately when the screen turns black when I am changing users and the cursor blinks across the screen so that is probably a separate issue.

 

[kryspy99]

I used the OTC tool. What exactly is it supposed to do? Is it is supposed to remove other tools i put on my computer? On my desktop i see, CCleaner (is this something good to have in general?), hikjack this, TFC, esetsmartscan.

 

[Bobbye]

CCleaner (is this something good to have in general?), hikjack this, TFC, esetsmartscan.

I'm not a fan of CCleaner. Keep TFC is you want. Scan with it according to how much you use the systeem.
OTM is suppose to remove most of the cleaning tools we used and their logs. If any remain, please uninstall and delete any left over files or logs. There is no one program that will clean all of the cleaning tools- there are just too many variables.

As for Combofix, you are suppose to do anything in Safe Mode unless I instruct you to or if, while infected, you can't get into Normal mode. You probably damaged the Combofix uninstaller. There is no 'uninstall mode' untill you type in the Command to uninstall it.

If there are left overs you can't remove, use the Windows Installer Cleanup Utility HERE to remove them.

And the windows disappearing did a weird dinging/buzzing sound. Though that weird dinging/buzzing sound has been happening every so often lately when the screen turns black when I am changing users and the cursor blinks across the screen so that is probably a separate issue.

This isn't malware related. Please start thread in the Windows OS forum for help with a system problem.

Are there any other questions?

 

[kryspy99]

hi

Nope no other questions, I just now need to get my computer in order and talk to my school about symantec. Thanks for your help! Have a good year!

 

[Bobbye]

You're welcome. Make those IT guys at school work!