Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse dropper generic 5 [Solved]


  • This topic is locked This topic is locked

#1
Babbelingbrook

Babbelingbrook

    Member

  • Member
  • PipPip
  • 14 posts
Last Sunday I was surfing on a BBC stream page waiting for the last season ep of Sherlock to start. With 15 min left too wait Mozilla, firewall,avg and basically everything shut down. Then I saw the annoying xp anti virus pop up. Immediately I shut off my comp using the power button. Tried too restart, got blue screen of death,started in safe mode,scanned with malwarebytes anti-malware. Once I deleted innfected files it wanted me to re start comp. Now it froze at windows is shutting down. After doing this one time more (comp still refusing too turn off so gotta turn off using the button) I finally got into normal mode. Scanned comp, deleted innfected once again then tried use system restore. Didnt work. Tried multiple times still didnt work.scanned with avg and found two innfected files. It could only delete one. Now avg starts warning about the trojan and that the innfected space is windows system32 drivers. I tried too restart comp and now it can turn itself off again. Great. I start in safe mode once again and scan with avg,avast and malwarebytes. (all full scan) Neither of them found anything.. And now here we are. I just restarted my comp again. The internet is dead (on phone right now. Have tried different wires too the comp ,internet still dosnt work) and avg keeps saying the same infected file. Tho only once.

I know I should have gotten help right away but I think I'm way too good at computers than I really am. I suck.. Can anyone please help?

My comp is a stationary acer around 2 years old with Microsoft windows xp professional version 2002 service pack 3. I got no flash drive or recovery cd. Please help if you can!/ Isabell

Ps srry for bad spelling.
  • 0

Advertisements


#2
Babbelingbrook

Babbelingbrook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
(the xp "anti virus" virus)
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Isabell and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Before we start...
Do you have another, clean, PC and USB memory that you can use to download tools and transfer them to infected PC?
  • 0

#4
Babbelingbrook

Babbelingbrook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello there and thanks for your answer!
I have a clean computer (not mine so I can download on it but not install anything) sadly I got no USB.
Other than that I only have my Xperia play (the one I'm on right now)

Edited by Babbelingbrook, 19 January 2012 - 07:39 AM.

  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's start.

Step 1

We will need clean PC and USB memory to download and transfer tools to infected PC. First we need to disinfect your USB memory so you can transfer files and not get infected. Do this step only once on clean PC. After that it's safe to transfer data between PCs.

Do this on the clean computer:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.


All steps that follows need to be executed on infected system. When I sad "download and run this tool" it means:

  • Download tool on clean system
  • Copy it to USB memory and transfer it to infected system
  • Run tool on infected system


Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 4

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 5

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#6
Babbelingbrook

Babbelingbrook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am on step 1 atm and it worked perfectly! But just a quick question about step two. (warning uber noob question) what you mean extract file to its own folder?
  • 0

#7
Babbelingbrook

Babbelingbrook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Also avg keeps spamming me with trojan horse dropper.generic5.TKC again. Same place as before except now it has added (behind drivers\) ispec.sys
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
It means that you need to create new folder (Right click on desktop then select New then click on Folder) and extract TDSSKiller files to this new folder.
  • 0

#9
Babbelingbrook

Babbelingbrook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay I'm done! Here are the logs.


Attached File  OTL.Txt   146.68KB   79 downloads

Attached File  aswMBR.txt   1.8KB   72 downloads

Attached File  TDSSKiller.2.7.5.0_16.01.2012_10.08.06_log.txt   49KB   77 downloads

Attached File  Extras.Txt   51.01KB   83 downloads

Also I coudn't find something called MBR.dat

Extra notes: Everything went smooth and nice tho when it scanned the infected place (system32 drivers thing) it seemed like the trojan removed itself cuz when it was done scanning there AVG warned me again.
TDSSKilled did not detect any infection or a suspicion.

Edited by Babbelingbrook, 19 January 2012 - 08:15 AM.

  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Looks like you have very nasty infection there. We have work to do. Next time please post your logs here. Do not attach them.

Step 1

We need to remove AVG from your system. Please download AVG Remover and run it in order to remove AVG. After we finish cleaning of your system you can install AVG again.

Step 2

Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

Advertisements


#11
Babbelingbrook

Babbelingbrook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the reply again! Sadly I will not be able to do these step cuz I'm going away tomorrow and I wont be back untill late sunday or monday afternoon. Will the topic be open or will I have to create a new one?

Edited by Babbelingbrook, 19 January 2012 - 03:37 PM.

  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I won't close topic. Thank you for letting me know. Have a nice trip and don't forget to post logs when you come back :)
  • 0

#13
Babbelingbrook

Babbelingbrook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello again! I am trying to remove avg but my comp cant seem to find my c drive (dosnt exist under my computer) tho everything starts as before.
Comp just got blue screen and restarted when I tried to delete avg, trying to delete again.

I can't delete avg. Combo says its on o.o

Edited by Babbelingbrook, 23 January 2012 - 04:03 AM.

  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

I am trying to remove avg but my comp cant seem to find my c drive (dosnt exist under my computer) tho everything starts as before.


Very strange... Can you try to remove AVG from Safe mode?
  • 0

#15
Babbelingbrook

Babbelingbrook

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I am trying to remove avg but my comp cant seem to find my c drive (dosnt exist under my computer) tho everything starts as before.


Very strange... Can you try to remove AVG from Safe mode?


(in safe mode)
So it worked I think. Comp finds c drive in safe mode.

Edited by Babbelingbrook, 23 January 2012 - 04:09 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP