Update.exe & Downloader.Generic3.QFH killing me

[great.white.08]

Can anybody help?

I have !update.exe & Downloader.Generic3.QFH on my machine.

I am not even sure if they are the same malware or not.

I have Googled it and I have read up on it, including the posts here, but I cannot get rid of it for the life of me.

This is the first virus I have gotten that I couldn't take care of.

I am running the most current versions of AVG Free Edition, Spybot Search & Destroy, Ad-Aware, & Spyware Blaster. NOTHING!

I have looked at my running processes, and I do not have any processes running that resembles anything in the information I have read.

PLEASE HELP!!!

I can run HJT and post the logs. I haven't done anything with Combofix yet.

Can anyone help?

 

[Rik]

Hi great.white.08 and welcome to TechSpot. :wave:


You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.


This thread is for the use of great.white.08 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[great.white.08]

OK. Here is the HJT Log - Others to follow.

 

[Rik]

Is the HJT log file from before running combofix or after? If it's frome before then i will need a fresh one when you post the combofix log.



This thread is for the use of great.white.08 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[great.white.08]

The HJT log is before the ComboFix scan. I will run ComboFix and re-scan with HJT.

BTW...I changed the name of HJT to Crusty.exe. Should I have?

 

[Rik]

Yes, it's there in the instructions....

It is because some malware can spot HJT running and hide from it if it isnt renamed.



This thread is for the use of great.white.08 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[great.white.08]

OK....

Attached are the ComboFix log & HJT log after ComboFix scan.....

 

[Rik]

So where are the avg log and the panda antirootkit result?

We need all the logs asked for in the instructions in order to fully diagnose and cure a malware problem.


Quoted from step 11.
"DO NOT remove any UNKNOWN ROOTKITS at this stage. Instead, let me know the results.

Let me know the results in your reply."

And quoted from the end of step 15.
"Once you`ve finished these instructions, you should have 3 log files. HJT, Combofix and AVG Antispyware logs. They are the only logs we need, unless otherwise requested."




This thread is for the use of great.white.08 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[great.white.08]

Sorry...

AVG AntiSpy is running right now.

Where is the Panda AntiRootKit log created? I have ran that scan a few times now & cannot find it's log.

Jeff

 

[Rik]

I will quote it again.

Quoted from step 11.
"DO NOT remove any UNKNOWN ROOTKITS at this stage. Instead, let me know the results.

Let me know the results in your reply."


It asks for the results, not a log, as panda antiroot kit doesn't produce a log.




This thread is for the use of great.white.08 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[great.white.08]

OK -

Panda Rootkit Scan - No Results (See attached screenshot)

Also attaching AVG Spyeware Scan, HJT, & ComboFix logs.

Jeff

 

[Rik]

Your avg log says no action taken. All the threats need to be deleted.

There is a link to my pictorial guide within the instructions that you went through. Its here - https://www.techspot.com/vb/showthread.php?p=387464#post387464



This thread is for the use of great.white.08 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[great.white.08]

Rik -

It says no action taken because I selected to delete the file after reboot. I figured I had a better chance of deleting it before it got loaded into memory.

I will re-scan using the AVG Spyware client and see what it comes up with.

It may be a day or so before I post the scan log.

Jeff

 

[Rik]

Someone else will have to look at your logs, im quiting TS.

 

[Tedster]

https://www.techspot.com/vb/topic47826.html