Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Trash.Gen Trojan [Solved]


  • This topic is locked This topic is locked

#16
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi kiketto. We will now try the fix again but this time disable Malwarebytes' Anti-Malware and see if it works then. Simply right click on the MBAM icon in the system tray near the clock and deselect enable protection then follow the prior instructions.
  • 0

Advertisements


#17
kiketto

kiketto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Josh

I tried yesterday, it took more than 8 hours and then it looked like the computer had frozen. I could only see the wallpaper. I waited 2 hours and shut the computer down. Again, no log was produced. How long do you think this should be taking? Thanks
  • 0

#18
kiketto

kiketto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Josh. Otl has been on for 27 hours now. I know it for sure because the computer clock stopped the moment after I pressed run fix. Shall I let it run? Thanks a lot
  • 0

#19
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Don't bother.. it should only take 10 - 15 minutes or so. I am awaiting a response from a colleague right now that's why I haven't gotten back to you earlier. He ought to respond this afternoon at the latest.
  • 0

#20
kiketto

kiketto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ok! Thanks!
  • 0

#21
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi kiketto. Let's try this in safe mode. The scan should only take 15 - 30 minutes at the most. Please do the following:

  • Restart your computer
  • Repeatedly tap F8 while it is starting
  • You will encounter a Windows Advanced Options Menu
  • Select the Safe Mode with Networking option
  • Select your OS from the list (it should be the only option or say something like Microsoft Windows XP)
  • You will see a bunch of lines of system files
  • If you are prompted with a choice of user accounts select an administrator account
  • You will be prompted to enter yes to work in safe mode
  • Select the Yes button

We will now clear your temporary files and see what problems remain. Please do the following in safe mode then use your computer for a couple hours in normal Windows mode and see if any symptoms remain.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)

Things to see in your next post:
OTL fix log
Computer status

  • 0

#22
kiketto

kiketto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks Josh. It went much better. I have copied the log. I have been using the laptop for the past 2 hours and it seems fine.

All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Annarita
->Temp folder emptied: 118755 bytes
->Temporary Internet Files folder emptied: 10399057 bytes
->Java cache emptied: 1102973 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 99016340 bytes
->Opera cache emptied: 12065493 bytes
->Flash cache emptied: 1326875 bytes

User: Christian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 4798 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 425488 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

OTL by OldTimer - Version 3.2.39.2 log created on 04052012_093032

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#23
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Now that we're done scanning for and disinfecting malware it's time to clean up. Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions. One final step to take in disinfecting your computer is to purge all system restore points. This ensures that you will not get reinfected by files hiding in the system restore points. To do this follow these instructions:

  • Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [ClearAllRestorePoints]
  • Then click the Run Fix button at the top
  • OTL may ask to reboot the machine. Please do so if asked.
  • Post the log it produces in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. Make sure to grab the contents of this file before following the cleanup procedure described next.
You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus or the paid programs Bit Defender Anti-Virus and Kaspersky Anti-Virus. Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall as free solutions or Outpost Firewall Pro as a paid solution.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly and do Windows Updates as well. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated. Instructions for automating Windows Updates follow:

1. Right click My Computer and select properties
2. Select the automatic updates tab
3. Select the automatic option and configure appropriately

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#24
kiketto

kiketto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Josh

OtL log is below. the computer seems to run OK so far. I have also installed SpywareBlaster. Thanks for your tips. What am I supposed to do with all softwares I installed during the cleaning process, for example Combofix? Thanks

========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 04072012_152637
  • 0

#25
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
To get rid of ComboFix do the following:

Press the Windows key and the R key at the same time
Copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall

The rest should be taken care of by running cleanup from within OTL. If the programs still remain you can just delete them. Let me know if you have any questions.
  • 0

Advertisements


#26
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Also the OTL cleanup function might get rid of ComboFix as well so don't worry if the run prompt throws an error.
  • 0

#27
kiketto

kiketto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Josh

Computer seems to work fine now. I am just running a full scan and we'll let you know later if I have any problems. But hopefully we can close this topics! :thumbsup:
  • 0

#28
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Is everything good to go? Can we close the topic now? Are you satisfied?
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP