Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

how to completely remove trojan horse PSW generic9.BIVE? [Solved]


  • This topic is locked This topic is locked

#16
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
When your machine is in safe mode, the settings for hibernation and sleep are not the same as they are in normal mode. After the machine is left idle for 20 minutes (I think), by default, it will hibernate when in safe mode. I believe that is the issue with safe mode, and isn't really an issue; it's normal. Correct me though if you think it's something else. Pressing your space bar should wake it back up in this case.

Anyway, you should not use safe mode all the time. It's meant for repair, not for regular use. Go ahead and use your machine in normal mode, and we'll work with it that way.



False positives are those detections by antivirus that aren't really infections. They look like infections, but are not. Some antivirus programs have a much higher rate of false positives (improper detections) than others. In your case, I believe AVG was detecting those viruses incorrectly; I don't think they were viruses at all.

There is always a possibility that Avast didn't catch a virus, but I find it unlikely in this case. Avast has been a very trustworthy antivirus program in my experience, especially lately. We can double-check though if you would like to. It would require uploading the files that AVG detected to a site like Virustotal and having them check. They use a large number of antivirus programs to be sure a file isn't infected; of course keep in mind that if not many detect an infection, it is more likely that it is a false positive.



Because your machine has a different default language, I'm not positive what the folder names will be. I was under the impression that the bit I asked you to type in would work, but apparently I was wrong. :)

If you are confident that Avast did not find any infections during its boot-time scan, then I'm happy. If you are unsure, then I'll need to see that log. Let me know if you are confident. If not, I'll walk you through finding that log.



Are there any other issues your machine is having right now?
  • 0

Advertisements


#17
Jocy7

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
About safer mode:
I was using the computer when it turned off; the machine was not idle... Futhermore, it was warming up...

About the boot-time scan:
I am sure that Avast didn't find any infection, just some erros with compact files (zip files)
Also, if there was an infection Avast would ask me what to do (I saw it in the settings...)

I'll scan the files in the website virustotal. thanks! :)
  • 0

#18
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
That you were using the machine when it shut off is certainly reason for concern. Did you see a blue screen (BSOD) before it shut off, or did it simply go suddenly dark? Did fans stay on for a little bit, or did they suddenly turn off as well? I'm assuming you would have noticed a power outage, so won't worry about that possibility.

The only possibility I'm coming up with for this happening only in safe mode is that your machine requires drivers that aren't loaded in safe mode for it to run reliably. I used to have problems like this with old VIA chipset machines in the 1990s. It might be worth investigating further. I don't think that it's malware related, however. I would recommend posting in the hardware section to see if our specialists there can discover the issue, after we're finished here.

Please do the following; I'll help you clean up utilities and turn you loose if it comes back clean:

Download Malwarebytes' Anti-Malware

Be very careful that the program you've downloaded says "mbam-setup" in the name. Some download sites are a bit misleading about where they put download buttons for other products that you probably don't want. If the name of the downloaded file doesn't start with "mbam-setup", try again.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#19
Jocy7

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Yes, the screen was suddenly dark...

I'll follow your instructions and then I'll send you the log.

tks
  • 0

#20
Jocy7

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I checked the files and some infections were found...
I'll past here:


SHA256: a9842756fc845d27775df46bf2283032485a0e45a4222da0b211a53bae041050
File name: data.bin
Detection ratio: 2 / 37
Analysis date: 2012-02-22 18:22:49 UTC ( 2 horas, 38 minutos ago )

Antivirus Result
Antiy-AVL Virus/Win32.Xpaj.gen
TheHacker Trojan/Spy.Agent.bkwz


SHA256: 1765063b8993d762c906fa996cb03e2fd02d70a8ef2fb5d9663dd73a6652d97f
File name: AutoRun.exe
Detection ratio: 1 / 43
Analysis date: 2012-02-22 21:12:23 UTC ( 1 minuto ago )

Antivirus Result
ByteHero Trojan.Malware.Win32.xPack.l


I'm really worried now! :/
What should I do? It's not safe surf on the internet now, is it?

Malwarebytes is scanning my computer now, I'll send you the logs as soon as possible.
  • 0

#21
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
Please do not single out a result from Virustotal and think that it indicates that you are infected. Instead, notice that you had two out of 37 consider one file a virus, and one out of 43 for the other. That tells me that most antivirus products do not consider them to be infections, which adds to the probability that they were false positives.

You should now be worrying less.

Let me know how Malwarebytes' Anti-Malware comes out, and we'll go from there. :)
  • 0

#22
Jocy7

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The scan is finished.
Here goes the log.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.22.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Jociele :: JO [administrator]

Protection: Enabled

22/02/2012 19:18:28
mbam-log-2012-02-22 (19-18-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178930
Time elapsed: 13 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I've read a message that Malwarebytes is protecting my computer now, but I still have Avast. Should I uninstal one of them?

Thanks!
  • 0

#23
Jocy7

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
All right, I'll try to worry less! :)
  • 0

#24
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
This bit here:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

means that you decided to accept the trial of the professional version of Malwarebytes' Anti-Malware. You can continue using that trial for a period of time, after which you'll need to pay for it or revert to the free version.

The professional version does protect against threats before they are able to infect your computer; the free version is only capable of cleaning up infection after you are already infected. Either one is good, however.

Malwarebytes' Anti-Malware is able to run with Avast. It is not an antivirus product, so doesn't conflict with Avast in the same way AVG or another antivirus product would.

Your scan came back clean, and I've noticed no examples of further infection on your computer. I believe you are clean.

Please remove aswMBR.exe from your machine. If it is needed in the future, we'll want you to download a fresh copy, as utilities like this are updated regularly.

Next, please run OTL one more time, and press the CleanUp button. It will remove OTL, and its backup folder. Again, we'd want you to download a fresh version in the future if you need our help again anyway.

Here's a few more last instructions you can follow, after which I would consider posting in the Windows 7 and Windows Vista section to learn more about why your machine is shutting down while in safe mode. You don't have to do this, but I would recommend it. Having a stable safe mode may become necessary in the future, if things ever go badly with your machine.

Pay special attention to the Windows Updates section, as you are not up to date. Your machine is running Vista with service pack 1, and Vista's service pack 2 has been out for a long time now. You definitely want to do that update.

While I'm calling your machine clean, you may still ask for help with any of the steps below, and I'll make sure you're taken care of before we close the thread. Do please let me know when you're finished, so I can close it. :)

Now that your computer appears to be clean, there are some steps you can take to help keep it clean.

Create a new restore point.
  • Why: We want to be able to restore to a known-good clean spot in the computer's history, and that would be right now, so let's take a snapshot.
  • How: Follow the instructions below depending on the version of Windows that you have.
  • Windows Vista and Windows 7: Right-click your "My Computer" or "Computer" link on your start menu. Choose properties from the menu that appears. On the left-hand side of the window that comes up, click "System Protection", then click the "Create" button, and give your new restore point a name, as above.
Keep temporary files cleaned out.
  • Why: This can not only help your machine run a bit faster with less clutter, but potentially clean out infected files before you even know they're there.
  • How: The easiest method for just about everyone to use is Windows' Disk Cleanup. This can be found by clicking Start and simply typing into the search box and entering "cleanmgr" (without the quotes). It really is quite easy to use. The defaults should be fine.
Keep software up to date.
  • Why: Exploitable issues in software are found all the time, especially in network-aware software such as Windows itself, or your web browser and its addons.
  • How: For a normal user, there are a few programs I pay special attention to confirming that they're up to date: Adobe Reader, Adobe Flash, and Java, and of course Windows itself. To this list, add your antivirus and antispyware products, and your firewall product. For your antivirus, antispyware and firewall products, see the manufacturer documentation for the software in question. Typically you'll find an update feature under the help or tools pulldowns, or on a button somewhere on the software's interface. If you just can't figure out how to update one or more products, just ask - I'd be happy to help; let me know specifically what software it is and what version you have, and I'll try to provide clear instructions.
  • Adobe Reader: Start up Adobe Reader, click the Help pull-down, and choose "Check for Updates". Follow on-screen instructions to install any updates if applicable. Repeat this after each update until it tells you there are no updates available.
  • Adobe Flash: Follow the instructions here. Once you are finished, go here to download and install the newest version.
  • Java: Open your control panel (on the start menu) and find the Java icon. Depending on your control panel configuration and Windows version, this might be obvious, or it might be hidden a bit. You can click the "Programs" link on Vista and 7 to find it, or "Switch to Classic View" in the upper left corner in Windows XP (granted you're not already using classic view). If you can't find Java in any of those places, it's entirely possible you don't have it installed. That fine; if it is installed, it needs to be up to date. If it's not installed, ignore this step. There is a caveat here: If you run certain programs that require Java, you might find that they won't work with the newest version. If you do run into this situation, contact the software manufacturer and ask them what the newest version of Java is that their software supports, and where to obtain it.
  • Windows: On your start menu, under All Programs or Programs depending on your version, you'll find either Windows Update or Microsoft Update at the top of the menu. Click here and follow the instructions to install the high priority updates that are available. Optional updates are just that; you can install them, but you don't have to in most situations. Repeat this process until no further high priority updates are available.
Clear possibly infected restore pointsWhy: Having the ability to restore your system is a great thing, as long as you're not restoring an infection!
How: The most simple way to do this is to utilize Disk Cleanup, detailed above in the "Keep temporary files cleaned out" step. Simply click on the "More Options" tab, and use the system restore clean up button. This works with all versions of Windows that had system restore; namely, Windows ME and later. This will remove all but the most recent restore point on the system (that we created earlier), which is what we're after.Defragment
  • Why: Defragmenting your files helps your hard drive access them faster, and in as few sweeps of the read head as possible, reducing drive wear and tear.
  • How: Using the built-in Windows Disk Defragmenter is one safe option, found in Start -> All Programs -> Accessories -> System Tools. I would do this once a month unless the system is heavily used, then perhaps weekly.

There's also a good article here that goes into a few other details.

Happy computing!
  • 0

#25
Jocy7

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Havredave,
Thank you so much for your attention! I’ve learned so many things about how to keep my machine safe and clean. Your instructions were very clear and I finished the procedures…. I created a restore point, and updated some softwares…
About updates: Windows update is asking me for some updates, but any of them is about windows Vista. You said: Your machine is running Vista with service pack 1, and Vista's service pack 2 has been out for a long time now. You definitely want to do that update. How can I do it? I tried to restore hidden updates, but there was none. I saw my updates history and I saw that Windows Vista was updated on last December. I'll past the details here:

Security Update for Windows Vista (KB2507618)

Installation date: ‎16/‎12/‎2011 09:37

Installation status: Successful

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft..../?LinkId=212224

Help and Support:
http://support.microsoft.com


I don't know how to update to Windows Vista pack 2...

I'll follow your advice and I'll write about my problem with safer mode in the Windows 7 and Windows Vista section. I am sure I'll learn a lot.

Thanks! :)
  • 0

Advertisements


#26
Jocy7

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
'same post'

Edited by Jocy7, 24 February 2012 - 12:04 PM.

  • 0

#27
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
Windows often requires updates before it can do other updates; these are prerequisites. It's quite possible that the updates you're seeing are prerequisites. I would recommend doing all of the critical (high priority) updates that Windows Update shows you. If it says no updates are available, be sure to click the "Check for updates" link in the upper-left to have it re-scan.

Keep doing this, rebooting as necessary, until no updates are available.

During this process, Vista SHOULD find and update itself to service pack 2. If for some reason it doesn't, you can read here for more information on updating to Vista SP2.

It really is quite important that you're running the latest service pack. :)

Let me know how it goes!
  • 0

#28
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP