1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Trojan Horse Generic6.aeph Removal

By GoBroncos ยท 4 replies
Mar 7, 2008
  1. Hello all,

    I am in need of some assistance. I have obtained the trojan horse show in the title bar and am unable to remove it. AVG flags the trojan upon every restart. I've done multiple scans with AdAware, SpyBot, AVG, & VundoFix.

    Attached is my hijackthis file...

    Any assistance is much appreciated. Thanks in advance.
  2. kritius

    kritius TS Guru Posts: 2,084

    Hi GoBroncos,

    Please follow all the steps HERE an post the three requested logs as attachments.

    also get HJT to fix these entries,
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portal.ehana.com/kapu.aspx?ReturnUrl=/
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: 0 - {F04C5295-D55A-4FB4-119C-3C46464F6E05} - C:\Program Files\Windows Media Player\wohutapuj909.dll (file missing)
    O20 - Winlogon Notify: opnmlif - opnmlif.dll (file missing)
  3. GoBroncos

    GoBroncos TS Rookie Topic Starter

    Thanks for the quick response. I will go through the instructions.

    Looking at previous posts on this trojan I found a suspicious file in my log that looks similar some of the other situations....

    O4 - HKCU\..\Run: [Rzmc] C:\WINDOWS\system32\?asks\??chost.exe

    I will not take any action until I complete all the steps requested by I just wanted to throw that out there.
  4. kritius

    kritius TS Guru Posts: 2,084

    I know about that but its in the system32 folder so we'll go through the 15 steps first and see what comes up in those and what is gotten rid of.

    Just a quick note, when doing the AVG antispyware step make sure that you follow the instructions in the guide exactly it is very important to have the files quarantined and the log posted.

    Good luck and if you have any questions then just ask.
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    That is clickspring/Purity scan we can remove it manually after you have done the 15 steps - it's actually been very common lately, seems easy to remove but the problem with it is that is downloads additional malware, so good idea to get it off
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...