TrojanGeneric12.BFIO and related hard drive issues

Status
Not open for further replies.

sw123

Posts: 571   +0
Hey guys

My PC has developed a problem. It was working fine with maybe a couple issues with a Vundo trojan that I removed. However recently I found that my C:\ drive was complaining of low disk space. I uninstalled some unnecessary crap from that drive and still the disk space was decreasing at an alarming rate. At its lowest, it was at 17.3 MB left. Now it is 1.38 GB.

AVG showed a message that told me that I had been infected with the TrojanGeneric12.BFIO. I tried moving it to the vault, to no avail. Later it gave me trouble that more viruses and trojans were opening and infecting my system. I cannot remember the names but the Generic12.BFIO was there with them.

I used Malwarebyte's Anti-malware and AVG 8.0 Free to try and detect the malware, but AVG turned up clean and MBAM showed unrelated threats.

Attached is an HJT log. See if you can find anything. I tried looking through it and I found nothing. I haven't worked on malware removal in a while, so I'm not that great of a judge with those HJT logs anymore.

Also I should add that I've also installed a new CD-RW drive into my system: A Samsung SW-248F. I downloaded the firmware off the internet, but I'm not sure if that nasty little bastard was still attached to it anyway. Anyway thanks in advance. If you need more information, I'll try to provide it. However I've been extremely busy with my schoolwork.

Thanks
sw123
 
First thing I would do is dump AVG 8.0, and install Avira Antivir instead. I would also install Windows Defender, and SuperAntiSpyware... then run scans with each.
But I see nothing alarming in your HiJackThis.log.
 
I guess my HJT judgement was a little more keen then I thought :)

I heard SuperAntiSpyware was ineffective, and I haven't heard of the other thing you told me to replace AVG with. Anyway thanks for the reply.

I can post other logs if you need the information

sw123
 
It is up to you to refuse good advice, once given.

But where was it you "heard" that SuperAntiSpyware was ineffective? Did you read the logs on what people on this forum recommend?

Read and follow the 8 steps found elsewhere on TechSpot. If nothing else, it will rule out a bunch of things that are the usual suspects.
 
I heard superantispyware was ineffective from a good friend who used it. But I am willing to give it a try. I will post logs of those programs and let you know the result.

sw123
 
A useful part of every repair is ruling out possiblities. Even if SuperAntiSpyware finds nothing, you have eliminated one other possiblity.
Good luck.
 
I used SuperAntiSpyware and found 313 objects, though none were the trojan. The computer is running a little faster but the hard drive space is still very low. I have found a lot of hidden folders in my system folder, one called $NTSERVICEPACKUNINSTALLDNMitigationAPIs$

I figured that the trojan was creating a lot of these and it was cluttering my hard drive.

I'll run a scan with Avira Antivir and a disk defrag overnight to see if it helps.

sw123
 
Hi again all

I finished the scan with Avira and saved a log. I don't believe that the log shows the virus I was looking for. Maybe it was removed by the other programs. Here is the log:

sw123 :)

bumpbumpbump
 
Hi SW

What you cleaned can give insight as to what else we need to do.

Run MBAM and click logs and post all these back from oldest to newest!
Run SAS and click Preferences then Statistics/Logs post these back oldest to newest!

Then

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike
 
Thanks a lot Mike.

I have done what you asked, and the hard drive is back to normal. However, my system is infected with something I cannot remove.

It appears to be a trojan that is called Trojan.Drop12.Seneka. I have tried simultaneous scans using all of the tools recommended, all in safe mode. None have removed the trojan. I have some pics of various activities I do on the computer, such as email and web browsing. I contemplated having my dad take it to a shop, since he also uses this computer.

I have the pictures attached. I will try again overnight to try and purge the trojan as best I can.

Thanks a bunch


sw123

EDIT: I just minimized this window just now. My desktop picture is no longer there, replaced by a blank blue screen
 
Please confirm whether you tried the 8-Steps or not

UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

The images are not really helpful, except in a general way.
 
Yes! From my last post.
Hi SW

What you cleaned can give insight as to what else we need to do.

Run MBAM and click logs and post all these back from oldest to newest!
Run SAS and click Preferences then Statistics/Logs post these back oldest to newest!
If you can do all these fancy screens then you ought to be able to get us the logs.

Mike
 
Alright. I will read the updated instructions and commence overnight. I have tried every other option I know of and none have worked. I'll post logs in the morning.

sw123
 
I've done the 8-step removal instructions, and the trojan appears to be gone. It could be hiding somehow, so I've posted logs for review

Let me know if something's suspicious

sw123
 
Where is the Superantispyware (SAS) log? Need it!

Anyways!

Another run indicated!
OK there were found/removed items in MBAM so we need to run again as the first run likely exposed things that were not even seen the first time.

So another run Quick Scan will likely find more. So UPDATE run MBAM again.

Mike
 
Forgot to save a SAS log. Sorry!

I remember that it only detected 2 threats from low risk adware. I believe it was 166 accounts between the two of them.

I will run MBAM again after the update. Although the computer seems fine now.

Thanks again.

Jordan
 
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your reply
 
Startup HijackThis again and do another scan only
Tick the following quoted entries, and select Fix
(Note: All\any Internet browsers should be closed, before selecting Fix to all)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: startupvir.bat
O4 - Startup: virus.bat
O4 - Startup: Xfire.lnk = J:\Program Files\Xfire\xfire.exe
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O18 - Filter hijack: text/html - {6e03f8a1-7aad-46d3-970f-cb126f8b9383} - (no file)
O20 - AppInit_DLLs: C:\program,files\relevantknowledge\rlai.dll,C:\program,files\relevantknowledge\rlai.dll,C:\program,files\relevantknowledge\rlai.dll,C:\program,files\relevantknowledge\rlai.dll,C:\program files\relevantknowledge\rlai.dll xddcpv.dll
O20 - Winlogon Notify: efcYPhfG - efcYPhfG.dll (file missing)
I'd also recommend removing Spyware Doctor as this program may stop files from being removed in full

Restart, and let us know

Note: These logs must always be checked in full, and possible removal entries completed before other programs are installed or suggested
 
I did what was requested. Thanks all, the computer works totally fine now

Thx a lot!

sw123
 
Well who are you the doctor now?:D

Well you can quit now if you want to. If it you think you are clean by the way the computer works you may be surprised!

I don't believe it is clean.

I advise running the 2 processes below. But up to you!

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike
 
I already tried ComboFix and SDFix seperately. SDFix doesn't do much, but it saves a logfile with nothing in it, saying the computer is fine. I downloaded ComboFix but it said the file was corrupt. So i downloaded again, same problem.

I'm not sure what to think. This isnt exactly my forte, but maybe there's another way?

sw123
 
Status
Not open for further replies.
Back