• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
hamneggs

Cannot remove Trojan:win32.generic!BT

9 posts in this topic

I have been trying without success to disinfect a Windows Vista computer for 4 days. The infection Trojan:win32.generic!BT is detected and cleaned by AdAware. However after restarting the computer it is detected again.

The latest version of AdAware was installed on 5 Aug, confirmed up to date today.

The output files from DDS run in Safe Mode are attached.

I could not run DDS normally without a blue screen occurring (DRIVER_IRQL_NOT_LESS_OR_EQUAL failing on mbr.sys)

Thanks for your help. Edited by hamneggs

Share this post


Link to post
Share on other sites
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

[url]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url]

[COLOR=Blue]Please ensure you read this guide carefully first.[/COLOR]

Please continue as follows:

[LIST=1]
[*][b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix[/b], [url=http://www.bleepingcomputer.com/forums/topic114351.html]link[/url]
Remember to re-enable them afterwards.


[*]Click [B]Yes[/B] to allow ComboFix to continue scanning for malware.
[/LIST]

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

[B]C:\ComboFix.txt
New dds log.[/B]

[COLOR=#ff0000][B]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.[/B][/COLOR]

Share this post


Link to post
Share on other sites
Thank you for your quick reply.

I ran ComboFix as instructed. It did not complete as described, as there was a blue screen crash after running for around an hour. The message was DRIVER_VERIFIER_DETECTED_VIOLATION and the filing module was PROCEXP113.SYS.

I have attached the file ComboFix.txt located in the root of C:\

DDS still will not run without crashing in Normal mode, I have attached the output files from running in Safe mode.

Share this post


Link to post
Share on other sites
Hi again,

[quote]DDS still will not run without crashing in Normal mode, I have attached the output files from running in Safe mode.[/quote]
Yes, on some machines DDS won't run without crashing. Good thing safe mode works.

Open notepad and copy/paste the text in the quotebox below into it:

[code]
Folder::
c:\programdata\Babylon
[/code]


Save this as
CFScript

[COLOR=#ff0000][B]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.[/B][/COLOR]

[img]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img]

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


[B]Uninstall old Adobe Reader versions[/B] and get the latest one (Adobe Reader 10.1 and separate 10.1.1, 10.1.2 & 10.1.3 updates for it) [url=http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows]here[/url] or get Foxit Reader [url=http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm]here[/url]. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced [url=http://pdfreaders.org/]here[/url].


Uninstall your current [b]Adobe shockwave player [/b]and get the fresh one [url=http://get.adobe.com/shockwave/]here[/url] if needed.


* Go [url=http://www.eset.eu/online-scanner][color=red][b][u]here[/u][/b][/color][/url] to run an online scanner from ESET.[list]
[*][color=red][b]Note:[/b][/color] You will need to use [color=blue][b]Internet explorer[/b][/color] for this scan
[*]Tick the box next to [b]YES, I accept the Terms of Use.[/b]
[*]Click [b]Start[/b]
[*]When asked, allow the activex control to install
[*]Click [b]Start[/b]
[*]Make sure that the option [b]Remove found threats[/b] is UNchecked and the option [b]Scan unwanted applications[/b] is checkmarked.
[*]Click [b]Scan[/b]
[*]Wait for the scan to finish.
[/list]

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Is the problem still present?

Share this post


Link to post
Share on other sites
Hi,

Were you able to take other steps listed?

Share this post


Link to post
Share on other sites
While doing the ESET scan a BSOD crash occurred and on restarting, windows found substantial file corruption. I immediately restored the OS and lost all of the results, and am still running scans as something seems unhappy with AntiVirus checks.

Share this post


Link to post
Share on other sites
Ok. If you still need help post fresh DDS logs and let me know about remaining problems.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0