Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sorry, I have a virus but don't know what it is Win32 trojan gen?


  • This topic is locked This topic is locked

#16
elodie fr

elodie fr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,
sorry about the delay...
Computer seems to be running better, though all I've done with it for the moment is run scans :)

I think you may have got it, whatever it was. What was it?

I'm attaching the kaspersky log :

Attached Files


  • 0

Advertisements


#17
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Your logs look clean to me :)

Now please download OTCleanIt.
  • Save it to your desktop.
  • Double Click on OTCleanIt.exe, a window will appear.
  • Please press the CleanUp! Button.
This will remove the tools we used during the process of cleaning your computer.

AVZ will need to be deleted manually.
MBAM will need to be uninstalled through add or remove programs.

Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates.

First, click the System Restore tab.
  • Check the box beside "Turn off System Restore"
  • Click "Apply"
  • At the prompt, click "Yes"
Wait while your system deletes existing Restore Points, this may take a few moments.
  • Uncheck the box beside "Turn off System Restore"
  • Click "Apply"
  • At the prompt, click "Yes"
Your system will now create a new Restore Point.

Now that your are clean, you'll want to stay that way.

Some important things that you should keep in mind in order to protect yourself:
  • Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
    Things you can do to avoid downloading bad programs:
    • Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
    • Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
    • Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
    • Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
  • Keep your programs updated! Software developers update their programs to patch possible security risks. Do a scan once in a while for outdated programs using Secunia's Software Inspector
  • Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
  • Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.
I have listed two programs to boost your security while using no resources.
  • SpywareBlaster Take a look at the tutorial here.
  • ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Also consider using an alternative web browser. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera.

Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.

Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.
  • 0

#18
elodie fr

elodie fr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

I'm a little worried. Got 2 "serious error" messages from windows when I booted just now and then was directed to the webpage http://wer.microsoft...83-0e495e3a196c which basically says windows couldn't read your hard drive?

I'm about to run clean it.
  • 0

#19
elodie fr

elodie fr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OK, ran clean it. Avast just popped up another trojan virus infection....

What do I have thats so hard to clean?

Oh, and the system restore didn't ask me any questions, it just switched status on the hard drive to "surveillance".
How do I check that it worked?

Edited by elodie fr, 07 August 2008 - 01:30 PM.

  • 0

#20
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Nothing we did should have caused this, this happened after doing the cleanup and system restore?

Have you gone through the 'Résolution des problèmes' - reboot your computer, does the error re-occur?
  • 0

#21
elodie fr

elodie fr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Wow, you always answer so fast!
It happened before. When I came home and turned on the computer to see had you answered.
After it happened avast invited me to download a newer version so the computer restarted. WHen I ran the cleanup there were no messages or anything, it just asked to reboot and then did.
The error didn't come up again.

Hey, I just thought, is wer.microsoft a legit site?

Edited by elodie fr, 07 August 2008 - 01:37 PM.

  • 0

#22
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there - we cross posted :) So make sure you refresh before you want to post! (same goes for me :))

What was the file that Avast! was flagging? Does it still happen after you flushed your system restore?
  • 0

#23
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
And another extremely important thing that I overlooked - you are still on Service Pack 1! You need to update to Service Pack 2, you can do that through windows updates or windowsupdate.microsoft.com
  • 0

#24
elodie fr

elodie fr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I told it to delete the file so it shouldn't happen again.
Heres the log entry :
07/08/2008 21:25:23 Administrateur 1632 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\RECYCLER\S-1-5-21-1343024091-602609370-725345543-500\Dc4.exe" file.

I found how to create the restore point by going into help.
I'll do the sp thing now.
  • 0

#25
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
That was already in the trash can :) Tell me how the update goes, it may take a while though.
  • 0

Advertisements


#26
elodie fr

elodie fr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Running into update problems, this might take a while... Anything else I should do, or do you think I'm ok?
  • 0

#27
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Other than the update you are fine :)
  • 0

#28
elodie fr

elodie fr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Do you know what I had? Does it have a name? Not that it matters, I'm just curious.

And Thank You again for all your help!!!!
  • 0

#29
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
The main infection was Vundo (Virtumundo or Trojan.monder)

Glad to hear everything went smoothly, take care and have a great day still!

Mike
  • 0

#30
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP