Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92335 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Generic.downloader.k problem


  • Please log in to reply
5 replies to this topic

#1 indi

indi

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 16 February 2007 - 11:23 AM

Hi. Everytime i start my computer Mcafee virusscan tells me that a trojan has been detected called "Generic.download.k", the infected file is "D:\Setup.exe". I have no idea what is this file, Mcafee Virusscan deletes the file everytime but it keeps coming up again and i get this message every several minutes. here is my hijackthis log: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Ad Blocker\blocker.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\NetCaptor\NetCaptor.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe D:\Apps\hijackthis\HijackThis.exe O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\ADBLOC~1\NAMESP~1.DLL O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Ad Blocker] C:\Program Files\Ad Blocker\blocker.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe Hope you can help me. Thanks.

Edited by indi, 16 February 2007 - 11:25 AM.

    Advertisements

Register to Remove


#2 mschroe919

mschroe919

    basic

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,825 posts

Posted 16 February 2007 - 12:07 PM

Welcome to the TomCoyote Forums
My name is mschroe919 and I am going to read your log.
I would like to help you So if you would....
Please be patient and I will be back as soon as possible.
two questions first is the program
AVG Anti-Spyware 7.5\guard.exe
the free trial or paid version.
I would like to start on checking your pc for maleware, so
while I am off to read your log perhaps you can do a few thing.
Let’s check for Malware/Spyware on your computer which is best dealt with by spyware-removal programs used one after the other.

Spybot: Search and Destroy:

1.Download 'Spybot: Search And Destroy'. Get it here:
http://www.bleepingc...tutorial43.html


1 Next, 'Search for Updates' as the definitions are not likely to be up-to-date.
2 Close ALL windows except Spybot SD
3 Click the "Check for Problems" button
4 Click 'Fix Selected Problems' and fix only the RED items.
5 REBOOT to finish removing what Spybot SD found and clear memory


Ad-Aware SE by Lavasoft:

1. Download 'Ad-Aware SE'. Get it here:
http://www.download....0...&tag=button
2. Install according to the instructions in "How To Setup Spybot SD and Ad-Aware SE" Get it here:
http://www.tomcoyote.org/aawsb.php
3. Next, 'Check for Updates' by clicking on the 'world globe' second from the right at the top of your Ad-Aware SE window.
4. Install the updates.
5. Close ALL windows except Ad-Aware SE
6. Click on 'Start' and choose 'full scan' for a full scan.
7. [b]Quarantine
anything that it finds and [b]SAVE
the log file.
8.[b]REBOOT
to finish removing what Ad-Aware SE found and clear memory.

[b]Please let me know if anything can not be cleaned by these utilities.

after rebooting please do this:
A great on line scan, FREE:
Please go here
http://support.f-sec.../home/ols.shtml
and do a online scan
When you get to the site the start scan is at the bottom of page
make sure you follow instruction, like downloading.
Let me know what is found. and if all was cleaned up?

After scan, reboot and post a new HijackThis log
Good luck and
Thanks mschroe919
"The most important thing about goals is having one."

"It is never too soon to be kind, for we never know how soon it will be too late. "

No Man Ever Stands So Tall As When He Stoops To Help A Child

If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You

#3 indi

indi

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 16 February 2007 - 01:46 PM

Thanks a lot. I did the Spybot and AA scan, but i wont be able to continue with the process till tomorrow, so ill post my new hijackthis log tomorrow.

Edited by indi, 16 February 2007 - 01:48 PM.


#4 mschroe919

mschroe919

    basic

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,825 posts

Posted 16 February 2007 - 09:06 PM

okay dokay see you tomorrow. along with th new log just tell me what if anything was found and fixed i both spybot and AA. Also when Mcafee finds this does it quarintine it? mschroe919

Edited by mschroe919, 16 February 2007 - 09:36 PM.

"The most important thing about goals is having one."

"It is never too soon to be kind, for we never know how soon it will be too late. "

No Man Ever Stands So Tall As When He Stoops To Help A Child

If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You

#5 indi

indi

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 17 February 2007 - 09:04 AM

Im back..
According to Mcafee the file has been deleted..but i keep getting this message.
Here are the logs:

Spybot S&D log:

Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)


Zedo: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)


AA log:

ADWARE.IEHLPR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[24]=Regkey : clsid\{3d898c55-74cc-4b7c-b5f1-45913f368388}
obj[25]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{3d898c55-74cc-4b7c-b5f1-45913f368388}

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[26]=IECache Entry : Cookie:administrator@revsci.net/
obj[27]=IECache Entry : Cookie:administrator@tribalfusion.com/


F-Secure log:

Result: 3 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 19100
System: 3817
Not scanned: 4
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 2
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{9DFF09B6-9C6C-4D7D-88CA-F80A8F1D4257}.BIN
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
G:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE


New hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:57:53, on 17/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Ad Blocker\blocker.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Apps\hijackthis\HijackThis.exe

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Ad Blocker] C:\Program Files\Ad Blocker\blocker.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

Edited by indi, 17 February 2007 - 09:07 AM.


#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 24 March 2007 - 05:22 PM

Due to a lack of a responce this topic is now closed.

If you wish it reopened, please send us an email (Click for address) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

To help keep your PC clean follow the recommendations here by shelf life.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users