Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting (click here to read the full text RU/EN)   09/20/2017

      Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published. || По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.
Sign in to follow this  
scrapyard

Cannot Remove virus HEUR:trojan win32 generic

Recommended Posts

Run this script, instructions posted in thread linked in my previous post, PC will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\kmdpxkhs.dll','');
QuarantineFile('C:\WINDOWS\system32\rqRKCuTK.dll','');
QuarantineFile('digeste.dll','');
QuarantineFile('C:\WINDOWS\system32\vtUopQJy.dll','');
DelBHO('{B80B3E82-DC9C-43AE-8DC2-F381030FDF5B}');
QuarantineFile('C:\WINDOWS\system32\M8fJ0Px5.exe','');
QuarantineFile('C:\WINDOWS\system32\3Su64bkG.exe','');
QuarantineFile('C:\WINDOWS\system32\g824MtKR.exe','');
DeleteFile('C:\WINDOWS\system32\g824MtKR.exe');
DeleteFile('C:\WINDOWS\system32\3Su64bkG.exe');
DeleteFile('C:\WINDOWS\system32\M8fJ0Px5.exe');
DeleteFile('C:\WINDOWS\system32\vtUopQJy.dll');
DeleteFile('digeste.dll');
DeleteFile('C:\WINDOWS\system32\rqRKCuTK.dll');
DeleteFile('C:\WINDOWS\system32\kmdpxkhs.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

 

After run script, Post a Combofix log in this thread. Please review and follow these instructions carefully.

 

Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

 

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

 

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.

Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

 

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

 

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.

 

Share this post


Link to post

I've got exactly the same problem: I can not get rid of the HEUR: trojan win32.Generic virus

Here is my sysinfo.zip file - please help

sysinfo.zip

Edited by Wincent

Share this post


Link to post

Welcome. Uninstall WildTangent from Windows Control Panel, add/remove programs. Then run this script, instructions linked in pinned topics at tip of this forum page:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\iifcYrss.dll','');
QuarantineFile('C:\WINDOWS\system32\iifdcaxw.dll','');
DelBHO('{B3F78D6F-F843-49A3-AFD4-30BFBCE11613}');
DelBHO('{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}');
QuarantineFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll','');
DeleteFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll');
DeleteFile('C:\WINDOWS\system32\iifdcaxw.dll');
DeleteFile('C:\WINDOWS\system32\iifcYrss.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

 

After run script, post a Combofix log, please review and follow these instructions carefully.

 

Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

 

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

 

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.

Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

 

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

 

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.

Edited by richbuff

Share this post


Link to post
Welcome. Uninstall WildTangent from Windows Control Panel, add/remove programs. Then run this script, instructions linked in pinned topics at tip of this forum page:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\iifcYrss.dll','');
QuarantineFile('C:\WINDOWS\system32\iifdcaxw.dll','');
DelBHO('{B3F78D6F-F843-49A3-AFD4-30BFBCE11613}');
DelBHO('{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}');
QuarantineFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll','');
DeleteFile('C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll');
DeleteFile('C:\WINDOWS\system32\iifdcaxw.dll');
DeleteFile('C:\WINDOWS\system32\iifcYrss.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end

 

After run script, post a Combofix log, please review and follow these instructions carefully.

 

Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

 

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

 

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.

Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

 

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

 

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.

 

When I clicked Execute it said: "Wizard completed with error: Incorrect kernel handle"

I tried couple times more - the same result

Share this post


Link to post

I received your PM that you were able to run the script, and your Combofix log. Run this script, PC will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('c:\windows\system32\iifcYrss.bak','');
QuarantineFile('c:\windows\system32\iifdcaxw.dll','');
QuarantineFile('c:\windows\system32\pmnkhFwV.dll','');
DeleteFile('c:\windows\system32\pmnkhFwV.dll');
DeleteFile('c:\windows\system32\iifdcaxw.dll');
DeleteFile('c:\windows\system32\iifcYrss.bak');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Then, run this one:

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as

http://rapidshare.com/ Then, Private Message me the link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: pause

Kaspersky > Start > run > type combofix /u > ok. Or Start > run > type 543123 /u > ok. Restart Kaspersky.

Share this post


Link to post

Thank you for the links, I also received your new AVZ log. Run this script, instructions same, PC will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\mlJYqNEW.dll','');
QuarantineFile('C:\WINDOWS\system32\iifdcaxw.dll','');
DelBHO('{6F411BBB-2D52-4E02-A244-77562C425B1C}');
DelBHO('{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}');
DeleteFile('C:\WINDOWS\system32\iifdcaxw.dll');
DeleteFile('C:\WINDOWS\system32\mlJYqNEW.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

 

After run script, post a new Combofix log, instructions same as before.

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×