Sign in to follow this  
xradb22t

removing infection trojan.win32.generic!bt

Recommended Posts

i will post the 1 log i did with the instructions

[attachment=9519:08252012_031838.log]

my home page is still conduit because i set home page to Google default and it does not want to make Google the default home page. the fix with otl did not work.

i will post the quick scan log bellow

[attachment=9520:OTL.Txt]

the rest i will post in the next reply don't have time gotta run have to do something else.

Share this post


Link to post
Share on other sites
this is the second half to my previous reply i did the scan with eset online scanner and this is what it found.


[attachment=9521:eset scan.txt]

what is the next step after detection, how am i going to move the infected files to lavasoft.

Share this post


Link to post
Share on other sites
Are you sure that you included the line:
:OTL
when you tried to fix with OTL?
Please, try again.

Share this post


Link to post
Share on other sites
i have redone the fix and i will post the log

[attachment=9522:08262012_001909.log]

i downloaded Avira-Antivir because different antiviruses find different things just to check if i dont have anything else that is infected. although i will not keep 2 anti viruses installed ran the scan with avira saved the log i made and i will post it bellow, have already uninstalled it.

[attachment=9523:AVSCAN-20120825-232137-BB8540BD.LOG]
it did find an infection, its almost at the bottom where it says, starting to scan executable file (registry).
it found a file, that contains virus patterns of Adware Adware/installcore.gen.
should i remove the program its associated with/ Foxtab video to mp3

Share this post


Link to post
Share on other sites
Good! OTL fix worked.

You shouldn't install more antivirus programs, it is possible that Windows will crash during startup due to conflicting drivers. You should use online scanners to get a second opinion.

It is possible that FoxTab Video To MP3 is responsible for installing one of the toolbars or settings in the browser you have removed. You can uninstall it. Eset also complained on the same file.

1.
Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingcomputer.com/forums/topic114351.html

Start the program OTL.
Copy all the lines in the box:
[code]
:Files
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\Users\owner\AppData\Local\Temp\is135653842\MyBabylonTB.exe
C:\Users\owner\AppData\Local\Temp\is135653842\setup.exe
C:\Users\owner\AppData\Local\Temp\is1438683437\zgInstaller.exe
C:\Users\owner\Downloads\4shared_Desktop_3.3.5.exe
C:\Users\owner\Downloads\FreeStudio.exe
:Commands
[REBOOT]
[/code]
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

2.
Run a Quick Scan and paste that log, too.

Share this post


Link to post
Share on other sites
why is [url="http://search.conduit.com/?ctid=CT3032526&SearchSource=48"]http://search.condui...SearchSource=48[/url] still my home page? its been like that even after the olt fix. I have tried to change the home page in chrome to Google, but even that doesn't change it. what if those infections that were detected by eset online scanner, 1 of the 8 or more are preventing the change to the home page?

here are the results for the olt fix

[attachment=9524:08272012_235819.log]

and the quick scan

[attachment=9525:OTL.Txt]

although the date may be one day ahead it was made on 8\27\12
the date does not stay the same, after the computer is rebooted the date goes back one or two days
any idea why it does that. i haven't done anything to make that problem appear.

Share this post


Link to post
Share on other sites
i found out how to set a new homepage in Google chrome, now that problem is resolved. dont mind what i said about those infections they weren't the cause, i didn't search for the how to, my bad.

Share this post


Link to post
Share on other sites
Nothing of what Eset's scanner found, was active in your computer. It was left-overs from installations and two installation programs in your download folder, but they have been moved to OTL's quarantine.

Great that you could change the home page in Chrome.

If you have uninstalled Anvi, please delete the folder C:\Program Files (x86)\Anvisoft.

Please, run DDS and paste DDS.txt. If that log also comes back clean, it is time to upload files to Lavasoft.

Share this post


Link to post
Share on other sites
here is the dds log

[attachment=9526:DDS.txt]

what will you do with the 2 desktop.ini hidden files?

Share this post


Link to post
Share on other sites
Hide desktop.ini by following http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html Option One step 1, 3 and 5.

Do you know how to pack (zip) a folder?
Please, zip the folder c:\_OTL and upload the zip file to http://www.lavasoft.com/support/securitycenter/file_upload.php
In the information field, please paste the link to this topic, that is www.lavasoftsupport.com/index.php?/topic/32737-removing-infection-trojanwin32genericbt/

When you have done that, I will give you instructions for how to uninstall OTL and DDS.

Share this post


Link to post
Share on other sites
i tried to upload to http://www.lavasoft....file_upload.php/

the olt.zip file i created but it does not send. i copied the link and opened a new tab posted the link in the address bar and this shows up


Server not found

chrome can't find the server at www.lavasoft....file_upload.php.

Check the address for typing errors such as
ww.example.com instead of
www.example.com
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that chrome is permitted to access the Web.

Share this post


Link to post
Share on other sites
on that page i choose to upload the olt.zip and in the information box i post what you instructed and click submit file.

it does not upload but instead it brings up this


[color=#282828][font=helvetica, arial, sans-serif]Server not found[/font][/color]

[color=#282828][font=helvetica, arial, sans-serif]chrome can't find the server at www.lavasoft....file_upload.php. [/font][/color]

[color=#282828][font=helvetica, arial, sans-serif]something is up with the server i am not able to submit it. [/font][/color][color=#282828][font=helvetica, arial, sans-serif]if you let me, i will post the zip file into my next reply and you can get it that way.[/font][/color] Edited by xradb22t

Share this post


Link to post
Share on other sites
Please, don't upload to this forum. What you can do is to create a new topic in http://www.lavasoftsupport.com/index.php?/forum/151-malware-uploads/ and upload the zip file there. The reason is that in this forum everyone can download files, but not in the malware upload forum and Lavasoft doesn't want everyone to be able to download malware.

I'll inform my contact person at Lavasoft about your problems with the upload page.

Share this post


Link to post
Share on other sites
i have ran into another problem, when uploading its saying upload skipped (file to big to upload) Edited by xradb22t

Share this post


Link to post
Share on other sites
How big is it?
Do you have a Dropbox account or similar where you can upload a file?

Share this post


Link to post
Share on other sites
the olt.zip is 74.0 mb.

if its possible to use a dropbox do you know of a good place where to open one

Share this post


Link to post
Share on other sites
i have downloaded dropbox from www.dropbox.com and made myself an account. how can i forward it to you

Share this post


Link to post
Share on other sites
Hi xradb22t,

Can you send me a PM with your Dropbox account name, or the email address associated with it? I can give you access to my Dropbox sample folder.

Andy
Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
I have set your post to hidden, xradb22t. It is still possible for Andy and me to see it, but I don't want all members being able to download malicious files.
  • Like 1

Share this post


Link to post
Share on other sites
to remove otl and dds i will need these

OTC.exe to remove dds

otl, i can run the tool click on purge tool button and that should uninstall.

i have downloaded otc.exe
i have olt.exe just need to run it, this site explains its removal instructions [url="http://en.kioskea.net/faq/7829-remove-disinfection-tools#otl-from-old-timer"]http://en.kioskea.net/faq/7829-remove-disinfection-tools#otl-from-old-timer[/url]

Share this post


Link to post
Share on other sites
You don't need OTC when you have OTL.

[b]1. Removal of tools[/b]
Close all programs.
Start OTL.
Click the [b]CleanUp[/b]! button.
Select [b]Yes[/b] when asked "Begin cleanup process".
If you are asked to reboot, select [b]Yes[/b].
If any logs remain on the computer you can remove them.
Any tools left?

[b]2. Improve the security in the computer[/b]
It is very important to keep Windows and all programs updated. An old version of, for example, Flash makes it very easy to infect the computer from a web page. To help you with keeping everything updated you can use the program [url="http://secunia.com/vulnerability_scanning/personal/"]Secunia Personal Software Inspector (PSI)[/url]. http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ describes how to install and use the program.

Share this post


Link to post
Share on other sites
i have followed your instructions and it seems olt.exe has been removed.

olt was in C: olt file, it has been removed
don't know about dds it should have also been removed by olt.exe

i want to know if you already got the zip file, so that i can remove dropbox of my computer

Secunia Personal Software Inspector is a great program to update all your programs, most of the programs that were outdated were updated thanks to this free program. others should also consider getting it if they dont update their software reguraly Edited by xradb22t

Share this post


Link to post
Share on other sites
I don't know if Andy has downloaded it yet. I'll ask him tomorrow.

Yes, Secunia PSI is great for those that have difficulties with keeping their programs updated. :)

Share this post


Link to post
Share on other sites
Andy has downloaded the file, so you can delete it now.
  • Like 1

Share this post


Link to post
Share on other sites
ok thanks.

while i still have the chance could i post a reply in this topic about a computer problem that is not malware related? it just that, if im getting help from this forum why cant i post any other computer problems. if its ok with you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this