BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trojan Horse Generic2
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Trojan Horse Generic2  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : Trojan Horse Generic2  Printable version of : Trojan Horse Generic2
[ << Previous Thread | Next Thread >> ]

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/15/2006 6:16 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi all and I will thank you for your help in advance as I hoping you can help, I seem to be infected with a few different Trojan Horse Generic2 viruses as I kinda a noob to combating viruses I thought I would ask for some help, I have the following trojans on my computer.
 
Trojan Horse Generic2.LSA
Trojan Horse Generic2.LNX
Trojan Horse Downloader.Generic2.ZFY
 
I actually have em all in AVG Free 7.5.432 virus vault which im quite happy with but AVG tells me that they are all incureable and I don't like having any sign of a virus on my computer
 
is there anyway of healing (which I would prefer to do) or deleting the virus out of my computer safely
 
Back to Top
 

Levlard
Junior Member




Date Joined Dec 2006
Total Posts : 54
 
   Posted 12/16/2006 12:25 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi Michael and welcome to the forum,

Please follow these steps to post HijackThis log:

▪ Download HijackThis from this location: www.merijn.org/files/hijackthis.zip
▪ Make a new folder to put downloaded archive into and unzip it there. Any place on your hard drive is fine other than your Desktop or the Temp folder. This is to ensure it makes the necessary backups for recovery if needed.
▪ Run HijackThis.exe, push Do a system scan and save a logfile and highlight the entire log by pressing Ctrl+A and copy it here by CTRL+V.
Back to Top
 

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/16/2006 4:08 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
ok I have downloaded your program and here is the log file
is this program just a diagnostic program or does it do some cleaning

Logfile of HijackThis v1.99.1
Scan saved at 9:34:23 PM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Novatix\Cyberhawk\CHTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\BlazeVideo\BlazeDTV2.1\MediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Novatix\Cyberhawk\CHService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ecom\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cyberhawk] C:\Program Files\Novatix\Cyberhawk\CHTray.exe
O4 - HKLM\..\Run: [CustomXML] C:\Program Files\CustomXML\CustomXML.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV2.1\MediaDetector.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158713755437
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cyberhawk - Unknown owner - C:\Program Files\Common Files\Novatix\Cyberhawk\CHService.exe" service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Back to Top
 

Levlard
Junior Member




Date Joined Dec 2006
Total Posts : 54
 
   Posted 12/16/2006 5:00 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi Michael,

It is safe when viruses are in Virus Vault. Trojan horses are malicious programs themselves, they cannot be cured and they cannot infect other files. You can safely delete them from the Vault.
Yes, HijackThis is mainly diagnostic tool that shows main places of your computer that are used by malicious programs.

► Now, I suggest you to uninstall one of installed antiviruses. It mainly causes slow down and hanging of your computer. If you have bought AVG, uninstall Avast.

Your HijackThis log looks clean of viruses, but some entries should be fixed.

► Run HijackThis, press Do a system scan only button and at following entries check the boxes on the left:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab


Close any other windows except HijackThis and click Fix checked, then exit HijackThis.
Reboot your computer, rescan with HijackThis and make sure these entries aren't presented there.

► If you would like to make sure your computer isn't infected, there is one scanning tool called MWAV, based on very powerful antivirus Kaspersky. But its scanning takes a lot of time (a couple of hours) based on the size of the disc. It doesn't cure your system but it creates log that can tell about infected files.

Here is guide, if you would like to try it:

Please download MWAV scanner to a convenient location - www.mwti.net/download/tools/mwav.exe
This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.
▪ Run MWAV by double-clicking on mwav.exe
▪ Put a check next to the below items before scanning:

* Memory
* Startup Folders
* Drive - All Local Drives
* Registry
* System Folders
* Services
* Scan All Files

▪ Please make sure all of these are checked, then press the Scan button. This typically will take hours to complete.
▪ When it writes the scan is completed, on the bottom portion of the window, you will see the lower panel where MWAV is listing infected items - Virus Log Information, please highlight everything in that lower panel and copy it by pressing CTRL+C and then paste it here by CTRL+V.

Levlard
Back to Top
 

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/16/2006 6:29 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Levlard thank you so much for your help so far, I am relieved that so far that I have a clean system except for the parts that you have highlighted which I am going to get onto soon, u said it was fine to delete the files from my Virus Vault but what about the actualy files on my computer?

c:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP166\A0022463.exe which has the Trojan Horse Generic2.LNX
c:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP143\A0017035.dll which has the Trojan Horse Downloader.Generic2.ZFY

and c:\documents and settings\ecom\local settings\temp\jqxmrlky.exe which has the Trojan Horse Generic2.LSA

are all these files safe to delete?
Back to Top
 

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/16/2006 6:48 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
I ran that Hijackthis scan and fixed the entries that you informed me of

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

after that I rebooted and re ran the scan and the above entries were gone so that seems to have solved that problem, but if you don't mind me asking what is the problem with those entries, I would like to find out so I can prevent getting em again and if I do would like to be able to find the problem myself next time

I am about to run that mwav program so im hoping that will come up clean aswell

As for your suggestion about Avast and AVG running both on my system, I don't seem to have any hang ups or a sluggish system I would prefer to keep aVast as a back up for AVG but if you knwo of a conflict running both of em at the same time
Back to Top
 

Levlard
Junior Member




Date Joined Dec 2006
Total Posts : 54
 
   Posted 12/16/2006 7:56 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi Michael,

► To delete files in System Volume Information folder do this:

▪ Right-click the My Computer icon on the Desktop and click on Properties.
▪ Click on the System Restore tab.
▪ Put a check mark next to Turn off System Restore.
▪ Click the OK button and restart your computer.

To delete file C:\Documents and Settings\ecom\local settings\temp\jqxmrlky.exe do this:

► Please download and run ATF Cleaner - www.atribune.org/ccount/click.php?id=1
▪ Under Main choose: Select All and click the Empty Selected button.
▪ If you use Firefox browser, click Firefox at the top and choose: Select All and click the Empty Selected button (NOTE: If you would like to keep your saved passwords, please click No at the prompt).
▪ If you use Opera browser, click Opera at the top and choose: Select All, click the Empty Selected button (NOTE: If you would like to keep your saved passwords, please click No at the prompt).
▪ Click Exit on the Main menu to close the program.

It isn't normal to have infected file running in Temp folder (I mean usually it is created by some other process), so the MWAV scan is good idea.

Those HijackThis entries weren't real threat.

Certainly don't let both antiviruses run at same time (resident shields), they could prevent each other from accessing files so the main purpose may be opposite.
Back to Top
 

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/17/2006 6:21 AM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi Levlard, just while im running the mwav scan I was wondering if you have heard of a program called Novatix Cyberhawk v1.2.0 it says it's a Zero Day virus scanner? after all my problems with getting so many trojans and such within a few days time I thought I would search download.com for some extra virus scanner
Back to Top
 

Levlard
Junior Member




Date Joined Dec 2006
Total Posts : 54
 
   Posted 12/17/2006 11:40 AM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi Michael,

Novatix Cyberhawk is not a virus scanner. It is so called behaviour blocker, it analyzes files and processes for malicious activity and eventually prevents from their accessing. I don't recommend this product to common computer user, there are some other security programs and security tips you can try:

Make your own System Security Suite for Free - www.castlecops.com/t116539-Guide_Make_your_own_System_Security_Suite_for_Free.html
How to clean infected computer - www.geekstogo.com/forum/You_Must_Read_This_Before_Posting_A_Hijackthis_Log-t2852.html
How did I get infected - security tips - www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html
Back to Top
 

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/17/2006 3:19 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
here's the report for the MWAV scan

Object "midnight oil Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "midnight oil Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.PathControl" refers to invalid object "{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.Sequence" refers to invalid object "{4F241DB1-EE9F-11D0-9824-006097C99E51}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.SequencerControl" refers to invalid object "{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.SpriteControl" refers to invalid object "{FD179533-D86E-11D0-89D6-00A0C90833E6}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.StructuredGraphicsControl" refers to invalid object "{369303C2-D7AC-11D0-89D5-00A0C90833E6}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\securelogin.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\mpgfiltr.ax". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\securelogin.ocx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2B257128-0B59-4A88-AFDF-BE12E5F5B9A0}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2B257128-0B59-4A88-AFDF-BE12E5F5B9A1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{55FA89BD-21D3-42F7-9249-C94C0094A83C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
File C:\Program Files\Morpheus\morpheustoolbar.exe tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP114\A0015634.exe infected by "HackTool.Win32.Yacra.21" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP143\A0017042.exe tagged as "not-a-virus:AdWare.Win32.Softomate.u". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP143\A0017043.dll tagged as "not-a-virus:AdWare.Win32.Softomate.u". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP143\A0017044.exe tagged as "not-a-virus:AdWare.Win32.Softomate.u". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP59\A0009011.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken.
File C:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP59\A0009015.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.as. No Action Taken.
File C:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP59\A0009016.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken.
File C:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP87\A0011332.exe tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
Back to Top
 

Levlard
Junior Member




Date Joined Dec 2006
Total Posts : 54
 
   Posted 12/17/2006 3:38 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi Michael,

► To delete files in System Volume Information folder do this:

▪ Right-click the My Computer icon on the Desktop and click on Properties.
▪ Click on the System Restore tab.
▪ Put a check mark next to Turn off System Restore.
▪ Click the OK button and restart your computer.

Then you can turn System Restore back on.

► Try to find and uninstall Morpheus Toolbar throught Add/Remove Programs in Control Panel.
Plus certainly delete this folder: C:\Program Files\Morpheus\

Then tell if your virus problems persist.
Back to Top
 

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/17/2006 3:51 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
ok I've disabled System Restore and I tried to delete the System Volume Information folder but to no success, I think that might be normal tho

I also used that AFT cleaner problem on the main and the firefox window and freed up some bytes so what im thinking of doing next is deleting the information I have in the AVG virus vault but I don't want to of done t\all this for nothing so Im hoping that your gonna say that is fine to do

As for Morpheus, I had stop using that program ages ago and uninstalled it so there was nothing in the Add/Remove panal but I did get rid of the folder in Program Files

As for NovaTix Cyberhawk, I do alot of downloading from P2P and bit torrents and I was thinking that that would be a good defence for possible new virus coming out
Back to Top
 

Levlard
Junior Member




Date Joined Dec 2006
Total Posts : 54
 
   Posted 12/17/2006 4:32 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi Michael,

It's all right you cannot delete System Restore folder itself. But by disabling it, you can delete files presented in that folder (include these infeceted).

Yes, it is fine to do.

Well, how I said i certainly don't recommend Behaviour Blocker to someone unexperienced. You are right it can defend against new viruses, but it can also produce false positives. Nowadays antivirus programs have so called heuristic analysis and generic detection that can detect new malware (by running it in virtual environment / recognize malware by its structure).
Back to Top
 

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/17/2006 5:01 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
ahh good stuff, now as for the my AVG virus vault I hoping to find out that it is safe to delete the entries in there?

When I was running the MWAV scan my AVG came up with 3 more Trojans found in my System Volume Information folder, the fact that I have cleared it out now is not my concearn, but the fact that only when I was running a full MWAV scan brang em up when I have ran constant scan onmy computer with AVG and I have no seen any sign of em b4, would you class AVG a competant program or would u suggest another free Anti Virus progam? As with my MWAV result log, what can you tell me about that? stuff like "smitfraud Browser Hijacker" really gets me worried
Back to Top
 

Michael2615
New Member


Date Joined Dec 2006
Total Posts : 9
 
   Posted 12/18/2006 6:08 AM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
thanks mate for all your help, you've done alot of good around here and you've taught me a few things aswell
Back to Top
 

Pawel
New Member


Date Joined Nov 2010
Total Posts : 1
 
   Posted 11/24/2010 11:32 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi
My computer is infected with Trojan horse Generic2.BXVH. I have AVG antivirus. Please tell me is any think to heal my computer


Michael2615 said...
Hi all and I will thank you for your help in advance as I hoping you can help, I seem to be infected with a few different Trojan Horse Generic2 viruses as I kinda a noob to combating viruses I thought I would ask for some help, I have the following trojans on my computer.
 
Trojan Horse Generic2.LSA
Trojan Horse Generic2.LNX
Trojan Horse Downloader.Generic2.ZFY
 
I actually have em all in AVG Free 7.5.432 virus vault which im quite happy with but AVG tells me that they are all incureable and I don't like having any sign of a virus on my computer
 
is there anyway of healing (which I would prefer to do) or deleting the virus out of my computer safely
 
Back to Top
 

maxinee
New Member


Date Joined Apr 2011
Total Posts : 2
 
   Posted 4/25/2011 6:19 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
I think that free antivirus can't remove trojan type viruses, free antivirus can only remove small viruses. so i think you have to buy a full version of antivirus so it will protect your computer.

good luck

Post Edited (Tavi) : 22-09-2011 08:05:02 GMT

Back to Top
 

diggzvz
New Member


Date Joined Jun 2011
Total Posts : 1
 
   Posted 6/4/2011 11:38 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Hi, I recently had this happen to me as well. My antivirus was able to remove it I believe, however I lost everything on my desktop and favorites in my IE. I tried a system restore and this did not help. Any recommendations on how to get this stuff back?
Back to Top
 

Jenny Ledd
New Member


Date Joined Jun 2011
Total Posts : 1
 
   Posted 6/5/2011 12:17 PM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
Very interesting post. Thanks for the information.

Post Edited (Tavi) : 22-09-2011 08:05:12 GMT

Back to Top
 

rpggamergirl
Forum Moderator




Date Joined Dec 2005
Total Posts : 1562
 
   Posted 6/26/2011 10:02 AM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
diqqzvz,

Please create a new topic of your own and we'll be there to help you.
Just pm me if no one else has replied to your thread.
Thanks.


* You may pm\email me if you're still waiting for my follow-up post.
  

Back to Top
 

shenglu
New Member


Date Joined Sep 2011
Total Posts : 3
 
   Posted 9/21/2011 4:58 AM (GMT +3)    Quote: Trojan Horse Generic2 Alert an admin about: Trojan Horse Generic2
This is called behavior blocking, malicious activities, documents and procedures analysis, and ultimately prevent their access. I do not recommend this product to the average computer user

Post Edited (Tavi) : 22-09-2011 08:03:49 GMT

Back to Top
 
You cannot post new topics in this forum. Post reply to : Trojan Horse Generic2  Printable version of : Trojan Horse Generic2
 
Forum Information
Currently it is Thursday, July 31, 2014 12:15 AM (GMT +3)
There are a total of 60,529 posts in 13,304 threads.
In the last 3 days there were 0 new threads and 0 reply posts. View Active Threads
Who's Online
This forum has 36191 registered members. Please welcome our newest member, EddieMayo.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads