trojan horse virus

By bolun ยท 12 replies
Apr 3, 2006
  1. i have avg 7.1, and when ever i start up my comp, it says that i have a virus:

    Trojan horse Downloader.Generic.TUC, file name: !update.exe

    i click on heal, and it says it healed it succesfully, but when i restart again, still there. i did the Trend Houscall online scanner, but it showed up nothing.

    what should i do?
  2. Peddant

    Peddant TS Rookie Posts: 1,446

    Hi bolun,and welcome to Techspot.

    You have to do all scans in safe mode otherwise it will always return.

    Here is the official Techspot malware thread -

    Follow the steps exactly and post an HJT log (all instructions in the thread)
  3. bolun

    bolun TS Rookie Topic Starter Posts: 18

    for the link you gave me, do i follow those steps in safe mode? Because it doesn't say anything about safe mode in there.
  4. Peddant

    Peddant TS Rookie Posts: 1,446

  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions.

    Then post a fresh HJT log, only after doing the above.

    Regards Howard :wave: :wave:
  6. bolun

    bolun TS Rookie Topic Starter Posts: 18

    alright did all that in safe mode, and i turned system restore back on.
    avg still detects the virus at startup.

    i attached a log file after done all that.
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel. Uninstall anything to do with(if there).

    C:\Program Files\??pPatch

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).


    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135396918\ee\AOLSoftware.exe

    O4 - HKCU\..\Run: [Cafdy] C:\Program Files\??pPatch\rundll32.exe

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold file(if there).

    C:\Program Files\??pPatch\rundll32.exe

    Reboot into normal mode and turn system restore back on.

    Get yourself some antivirus protection and a firewall.

    AVG free and Zonealarm free are very good. Just Google for these.

    Regards Howard :)
  8. bolun

    bolun TS Rookie Topic Starter Posts: 18

    Thanks a lot, my system is fine now. I appreciate it. I was just wondering, how do you guys know all this? Did you learn it from somewhere? or is it just from experience? Like how can you pick out exactly whats bad from the log.
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I learned an awful lot from RBS. He is one of the Techspot mods.

    You`re quite right about the experience thing. You just get used to what should and what shouldn`t be in a HJT log. Google is a great source of info for malware etc.

    Glad your problem is solved.

    Regards Howard :)
  10. Spike

    Spike TS Evangelist Posts: 2,168

    It's a combination of knowledge, experience, and a question of knowing where to look if you don't know something (which then becomes knowledge and experience :p)

    I know Howard in particular has hundreds if not thousands of these HJT logs fixed. Sometimes, he can really work miracles, and fix things just by knowing the symptoms and doing a little guess work. RBS is the same. :)

    Me, I used to be reasonable at it, but I stopped doing them and it's as though everythings changed infectionwise these days, So I'm just learning all over again - a bit like riding a bike really. You never forget, but when you stop any length of time, you're not as good as you used to be, but will pick it up pretty quickly again, depending on how good you were before.

    edit: Howard got there first - again. lol
  11. bolun

    bolun TS Rookie Topic Starter Posts: 18

    which virus protection is better?
    AVG 7.1 Email server edition or AVG free, just for a personal computer.
  12. Spike

    Spike TS Evangelist Posts: 2,168

    AVG, because it doesn't cost anything, and it's a personal computer rather than an email server :)
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I only use the free version and have had absolutley no problems. I can`t comment on the 7.1 version as I`ve never used it.

    If it`s for private home use, go with the free version, unless you`ve got some specific reason for wanting the 7.1 version.

    Regards Howard :)

    Edit Damn, Spike got there first :p
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...