Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Detected Generic.f McAfee detected infected file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hi

Unread postby aphdes » September 26th, 2007, 8:09 pm

For some reason I was not able to run the Kaspersky scan.
nothing would happen when I clicked the "accept" button. maybe I have something disabled on my browser that wouldn't allow it?
I was going to try to just do a McAfee scan, unless you can suggest another option.
Thanks...
aphdes
Active Member
 
Posts: 10
Joined: September 11th, 2007, 9:29 am
Location: massachusetts
Advertisement
Register to Remove

Unread postby km2357 » September 27th, 2007, 3:45 pm

Let's try another scan.

Step # 1: Run Panda Online Scan
Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- Save the log file to your desktop


Post the Panda Log in your next reply/post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Unread postby km2357 » October 2nd, 2007, 11:30 pm

Aphdes?

Do you still need help?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Unread postby aphdes » October 3rd, 2007, 3:28 pm

When I went to the Panda site and downloaded I received a message "Lowe Disk Space" and now I have the "potentially unwanted program detected" McAfee warning again. :(
Here is the active scan log:

Incident Status Location

Virus:Trj/Downloader.MDW Not disinfected C:\1E4.tmp[BndDrive.dll]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Amy\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Amy\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Amy\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Amy\Desktop\SmitfraudFix\restart.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Amy\Desktop\SmitfraudFix.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Amy\Local Settings\Application Data\Mozilla\Firefox\Profiles\x59pcnhc.default\Cache\63329BDCd01
Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\Amy\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat[simple_killw.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.atwola.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[ads.pointroll.com/PortalServe/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.overture.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.com.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\8qpvgbr7.default\cookies.txt[statse.webtrendslive.com/]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Naomi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-64b2bbdc-24159a3b.zip[SuperMSClassLoader.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@bravenet[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@bs.serving-sys[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@serving-sys[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@systemdoctor[1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@targetsaver[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@www.burstbeacon[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Naomi\Cookies\naomi@zedo[1].txt
Virus:Generic Malware Disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\HijackThis\backups\backup-20070915-192707-487.inf
Adware:Adware/Winpopup Not disinfected C:\Program Files\Words\UnInstall.exe
Adware:Adware/Winpopup Not disinfected C:\Program Files\Words\Words.exe
Virus:Trj/Downloader.MDW Not disinfected C:\qoobox\Quarantine\C\6.tmp.vir[BndDrive.dll]
Virus:Trj/Downloader.QLX Disinfected C:\qoobox\Quarantine\C\Program Files\ISM\ISMModule4.exe.vir
Virus:Trj/Downloader.QLX Not disinfected C:\qoobox\Quarantine\C\Program Files\ISM\syncupd.exe.vir[ISMModule4.exe]
Virus:Trj/Agent.GNI Disinfected C:\qoobox\Quarantine\C\WINDOWS\deskcfg.tmp.vir
Spyware:Spyware/Virtumonde Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\jpnnhxhe.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\nlxgolev.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\pftfdjlf.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\uoldbqaw.dll.vir
Adware:Adware/SecurityError Not disinfected C:\RECYCLER\S-1-5-21-4176856247-3032328838-2985300085-1006\Dc70.exe[²ÜÇ\zen.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-4176856247-3032328838-2985300085-1007\Dc1\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\RECYCLER\S-1-5-21-4176856247-3032328838-2985300085-1007\Dc1\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\RECYCLER\S-1-5-21-4176856247-3032328838-2985300085-1007\Dc1\restart.exe
Virus:Trj/Rebooter.J Disinfected C:\RECYCLER\S-1-5-21-4176856247-3032328838-2985300085-1007\Dc2.exe
aphdes
Active Member
 
Posts: 10
Joined: September 11th, 2007, 9:29 am
Location: massachusetts

Unread postby km2357 » October 3rd, 2007, 7:45 pm

Print out these instructions or save them into a notepad on your desktop, because you will not have internet access while in Safe Mode.

Step # 1: Download and Install SDFix
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)


Step # 2: Boot into Safe Mode

You can go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.


Step # 3: Run SDFix

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Step # 4 Post Logs

In your next post/reply, I'd like to see the following:

    1. SDFix Report (C:\SDFix\Report.txt)
    2. A fresh HijackThis log


If you can't fit all the logs into one post/reply, then use multiple posts/replies to get all the logs in.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Unread postby 'KotaGuy » October 13th, 2007, 6:23 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware