• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
Bookstore

Trojan.Win32.Generic!BT detected by Ad-Aware, help needed!

13 posts in this topic

Hi, Ad-Aware detects two processes: [b]smss.exe [/b] and [b]svchost.exe[/b] as Trojan.Win32.Generic!BT . I've tried quarantining and deleting these files, but they still appear after reboot. Sound has disappeared on my computer and I get a login window to sign in as a user on my computer even when I never created any alternative users. So I think I really have a trojan virus. Any help in deleting it is appreciated!

Share this post


Link to post
Share on other sites
[quote name='Un1man' post='121043' date='Jul 13 2010, 12:10 AM']Hi, Ad-Aware detects two processes: [b]smss.exe [/b] and [b]svchost.exe[/b] as Trojan.Win32.Generic!BT . I've tried quarantining and deleting these files, but they still appear after reboot. Sound has disappeared on my computer and I get a login window to sign in as a user on my computer even when I never created any alternative users. So I think I really have a trojan virus. Any help in deleting it is appreciated![/quote]


Hi!

This is a forum dedicated to false positive issues. Please use this link for more help:

[url="http://www.lavasoftsupport.com/index.php?showforum=61"]http://www.lavasoftsupport.com/index.php?showforum=61[/url]

Thanks :unsure:

Albin

Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
[quote name='LS Albin' post='121058' date='Jul 13 2010, 03:27 AM']Hi!

This is a forum dedicated to false positive issues. Please use this link for more help:

[url="http://www.lavasoftsupport.com/index.php?showforum=61"]http://www.lavasoftsupport.com/index.php?showforum=61[/url]

Thanks :unsure:

Albin

Lavasoft Malware Labs[/quote]

Well, if it's a false positive I don't need to delete anything, right? What I mean is that this seems to be the right forum for my issue.

Share this post


Link to post
Share on other sites
Hi!

You can submit the detected files in this thread. It would be helpful so we could look further into this issue.

Here is instructions how to post a FP:

[url="http://www.lavasoftsupport.com/index.php?showtopic=18033"]http://www.lavasoftsupport.com/index.php?showtopic=18033[/url]

Thanks

Albin

Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
[quote name='Un1man' post='121200' date='Jul 16 2010, 12:49 AM']Hi,

Since I don't have access to the suspected files, I copied their paths from the quarantine. I hope that's helpful.[/quote]


Hi!

It would be nice if it was possible to get hold of the actual files.

I don't believe this is fp's, smss.exe and svchost.exe should not be located in: c:\system volume information\_restore{d5fffa500b1b}. I can't tell you for sure until we get hold of the files.

Thanks

Albin

Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
[quote name='Un1man' post='121200' date='Jul 15 2010, 03:49 PM']Since I don't have access to the suspected files, I copied their paths from the quarantine.[/quote]
Why not restore the files from quarantine? At least temporarily, so you can upload them. Then you can scan/quarantine them again until you find out if they're safe or not.

Share this post


Link to post
Share on other sites
Hi !

Smss.exe is a malicious file. I couldn't extract the archive for svchost.exe. I guess you typed some wrong letter in the password. The password should be infected. My assumption is that svhost.exe is a malicious file aswell.

Thanks for your report

Albin

Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
Hello,
Thanks for letting me know of that, but do you know how to get rid of these files? I've tried SuperAntiSpyware, MalwareBytes, and Ad-Aware, none of them can delete these files...

Share this post


Link to post
Share on other sites
Hello

Try posting your problem in this forum:
[url="http://www.lavasoftsupport.com/index.php?showforum=61"]http://www.lavasoftsupport.com/index.php?showforum=61[/url]

Regards
LS Anders

Share this post


Link to post
Share on other sites
Hi Anders,

I have posted it there already but the topic was locked by another Lavasoft staff. It's here: [url="http://www.lavasoftsupport.com/index.php?showtopic=29637"]http://www.lavasoftsupport.com/index.php?showtopic=29637[/url] .

Share this post


Link to post
Share on other sites
[quote name='Un1man' post='121364' date='Jul 19 2010, 11:24 AM']Hi Anders,

I have posted it there already but the topic was locked by another Lavasoft staff. It's here: [url="http://www.lavasoftsupport.com/index.php?showtopic=29637"]http://www.lavasoftsupport.com/index.php?showtopic=29637[/url] .[/quote]
That was before you uploaded the files to confirm they're malicious. Now that it's confirmed, you should follow the instructions in my signature for posting in the HijackThis forum. After following the steps, someone can help you diagnose and remove malware.

Edit: now that user has posted in HJT, I'll close this thread. Moved/merged the GMER log posted here to there:

[url="http://www.lavasoftsupport.com/index.php?showtopic=29686"]http://www.lavasoftsupport.com/index.php?showtopic=29686[/url] Edited by visitor

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0