!update.exe really stubborn Virus

Status
Not open for further replies.
Hi, I'm relatively new to the forum but this is my first post. Thanks in advanced for looking.

I have what looks like a Trojan which launches adds on IE (Generic3.QFH).

So far I have done the following with no results.
1. Deleted my system restore points
2. Started in Safe mode
3. Ran CC Clean
4. Ran AVG

Generic3.QFH still comes up every time I re-run AVG and says its in a file called !update.exe.


I have attached my HJT and AVG logs.

Thanks again for any help.
 
Hello and welcome to Techspot.

Your system is infected with a variety of nasties.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of Matt Berg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Initial Scans Complete

Howard,

Thank you again for all the help. I completed the tasks in your reply and have attached the logs (the AVG scan did not find anything so no log is attached). It looks like some of the items are still there in the logs though.

Thanks again,

Matt
 
What was the result of the AVG Antirootkit scan?

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

?hkntfs.exe
?vchost.exe<Not to be confused with svchost.exe.
spoolsv.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Isdppvp] "C:\WINDOWS\system32\?ecurity\?hkntfs.exe" 99001122

O4 - HKCU\..\Run: [Anz] "C:\Program Files\Common Files\??stem32\?vchost.exe"

O4 - HKCU\..\Run: [Iora] "C:\WINDOWS\system32\SKS~1\spoolsv.exe" -vt ndrv

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Common Files\??stem32<Delete the entire folder.
C:\WINDOWS\system32\SKS~1<Delete the entire folder.
C:\WINDOWS\system32\?ecurity<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of Matt Berg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Is my system clean? Lots of processes running.

I completed the cclean, SS&D, online virus scan and adware scan but seem to have an enormous amount of processes running.

Could someone please take a look at my hijack this log and let me know if my system is clean?

Thanks in advanced guys.

Matt
 
Threads merged. please continue to post in this thread, untill your malware problem is gone.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://access.ssgcorp.com/dana-na/auth/url_default/welcome.cgi

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O8 - Extra context menu item: Sphericall &Dial - C:\Program Files\Sphere\Dial.htm

O16 - DPF: VIN.net Clients - http://app2.outtask.com/vinnet/clients/153.12/vin2-116.CAB

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://access.ssgcorp.com/dana-cached/setup/NeoterisSetup.cab

Click on the fix checked button.

Close HJT and reboot your system.

Locate and delete the following bold files and/or directories(if there).

C:\windows\ALCMTR.EXE

Other than the above, your HJT log is clean.

What were the results of the AVG Antirootkit scan?

See this thread HERE for details of how to speed up your system.

Regards Howard :)

This thread is for the use of Matt Berg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back