Cannot Remove virus HEUR:trojan win32 generic Options

[scrapyard]

Help how do i get rid of this ,opens ads for virus software and other ads.thanks

[richbuff]

Welcome. Please attach the zipped avz sysinfo.zip, instructions, see: http://forum.kaspersky.com/index.php?showtopic=69276

[scrapyard]

help please stop these popups thanks, sys file sent

Attached File(s)

 sysinfo.zip ( 123.1K ) Number of downloads: 128

 

[richbuff]

Run this script, instructions posted in thread linked in my previous post, PC will reboot:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\kmdpxkhs.dll','');
QuarantineFile('C:\WINDOWS\system32\rqRKCuTK.dll','');
QuarantineFile('digeste.dll','');
QuarantineFile('C:\WINDOWS\system32\vtUopQJy.dll','');
DelBHO('{B80B3E82-DC9C-43AE-8DC2-F381030FDF5B}');
QuarantineFile('C:\WINDOWS\system32\M8fJ0Px5.exe','');
QuarantineFile('C:\WINDOWS\system32\3Su64bkG.exe','');
QuarantineFile('C:\WINDOWS\system32\g824MtKR.exe','');
DeleteFile('C:\WINDOWS\system32\g824MtKR.exe');
DeleteFile('C:\WINDOWS\system32\3Su64bkG.exe');
DeleteFile('C:\WINDOWS\system32\M8fJ0Px5.exe');
DeleteFile('C:\WINDOWS\system32\vtUopQJy.dll');
DeleteFile('digeste.dll');
DeleteFile('C:\WINDOWS\system32\rqRKCuTK.dll');
DeleteFile('C:\WINDOWS\system32\kmdpxkhs.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, Post a Combofix log in this thread. Please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.

[Wincent]

I've got exactly the same problem: I can not get rid of the HEUR: trojan win32.Generic virus
Here is my sysinfo.zip file - please help

This post has been edited by Wincent: 14.12.2008 06:11

Attached File(s)

 sysinfo.zip ( 19.31K ) Number of downloads: 32

 

[richbuff]

Welcome. Uninstall WildTangent from Windows Control Panel, add/remove programs. Then run this script, instructions linked in pinned topics at tip of this forum page:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\iifcYrss.dll','');
QuarantineFile('C:\WINDOWS\system32\iifdcaxw.dll','');
DelBHO('{B3F78D6F-F843-49A3-AFD4-30BFBCE11613}');
DelBHO('{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}');
QuarantineFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll','');
DeleteFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll');
DeleteFile('C:\WINDOWS\system32\iifdcaxw.dll');
DeleteFile('C:\WINDOWS\system32\iifcYrss.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, post a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.

This post has been edited by richbuff: 14.12.2008 08:06

[Wincent]

Welcome. Uninstall WildTangent from Windows Control Panel, add/remove programs. Then run this script, instructions linked in pinned topics at tip of this forum page:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\iifcYrss.dll','');
QuarantineFile('C:\WINDOWS\system32\iifdcaxw.dll','');
DelBHO('{B3F78D6F-F843-49A3-AFD4-30BFBCE11613}');
DelBHO('{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}');
QuarantineFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll','');
DeleteFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll');
DeleteFile('C:\WINDOWS\system32\iifdcaxw.dll');
DeleteFile('C:\WINDOWS\system32\iifcYrss.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end

After run script, post a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.

When I clicked Execute it said: "Wizard completed with error: Incorrect kernel handle"
I tried couple times more - the same result

[Wincent]

Here is the latest sysinfo file
I took it after I uninstalled WildTangent and tried executthe script

Attached File(s)

 sysinfo.zip ( 21.63K ) Number of downloads: 14

 

[richbuff]

I received your PM that you were able to run the script, and your Combofix log. Run this script, PC will reboot:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('c:\windows\system32\iifcYrss.bak','');
QuarantineFile('c:\windows\system32\iifdcaxw.dll','');
QuarantineFile('c:\windows\system32\pmnkhFwV.dll','');
DeleteFile('c:\windows\system32\pmnkhFwV.dll');
DeleteFile('c:\windows\system32\iifdcaxw.dll');
DeleteFile('c:\windows\system32\iifcYrss.bak');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Then, run this one:

CODE

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as
http://rapidshare.com/ Then, Private Message me the link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: pause
Kaspersky > Start > run > type combofix /u > ok. Or Start > run > type 543123 /u > ok. Restart Kaspersky.

[richbuff]

Thank you for the links, I also received your new AVZ log. Run this script, instructions same, PC will reboot:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\mlJYqNEW.dll','');
QuarantineFile('C:\WINDOWS\system32\iifdcaxw.dll','');
DelBHO('{6F411BBB-2D52-4E02-A244-77562C425B1C}');
DelBHO('{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}');
DeleteFile('C:\WINDOWS\system32\iifdcaxw.dll');
DeleteFile('C:\WINDOWS\system32\mlJYqNEW.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, post a new Combofix log, instructions same as before.

[Lucian Bara]

two posts were split into new topics:
http://forum.kaspersky.com/index.php?showtopic=96507
http://forum.kaspersky.com/index.php?showtopic=96508

[Lucian Bara]

another split: http://forum.kaspersky.com/index.php?showtopic=96635
please start your own topic and don't post in someone else's

[Lucian Bara]

another split http://forum.kaspersky.com/index.php?showtopic=97410
and topic closed due to lack of actvity, if the original poster returns he can PM a moderator and the topic will be reopened

This post has been edited by Lucian Bara: 27.12.2008 16:10