Hi all and I will thank you for your help in advance as I hoping you can help, I seem to be infected with a few different Trojan Horse Generic2 viruses as I kinda a noob to combating viruses I thought I would ask for some help, I have the following trojans on my computer.
Trojan Horse Generic2.LSA
Trojan Horse Generic2.LNX
Trojan Horse Downloader.Generic2.ZFY
I actually have em all in AVG Free 7.5.432 virus vault which im quite happy with but AVG tells me that they are all incureable and I don't like having any sign of a virus on my computer
is there anyway of healing (which I would prefer to do) or deleting the virus out of my computer safely
▪ Download HijackThis from this location: www.merijn.org/files/hijackthis.zip ▪ Make a new folder to put downloaded archive into and unzip it there. Any place on your hard drive is fine other than your Desktop or the Temp folder. This is to ensure it makes the necessary backups for recovery if needed. ▪ Run HijackThis.exe, push Do a system scan and save a logfile and highlight the entire log by pressing Ctrl+A and copy it here by CTRL+V.
ok I have downloaded your program and here is the log file is this program just a diagnostic program or does it do some cleaning
Logfile of HijackThis v1.99.1 Scan saved at 9:34:23 PM, on 12/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011)
It is safe when viruses are in Virus Vault. Trojan horses are malicious programs themselves, they cannot be cured and they cannot infect other files. You can safely delete them from the Vault. Yes, HijackThis is mainly diagnostic tool that shows main places of your computer that are used by malicious programs.
► Now, I suggest you to uninstall one of installed antiviruses. It mainly causes slow down and hanging of your computer. If you have bought AVG, uninstall Avast.
Your HijackThis log looks clean of viruses, but some entries should be fixed.
► Run HijackThis, press Do a system scan only button and at following entries check the boxes on the left:
Close any other windows except HijackThis and click Fix checked, then exit HijackThis. Reboot your computer, rescan with HijackThis and make sure these entries aren't presented there.
► If you would like to make sure your computer isn't infected, there is one scanning tool called MWAV, based on very powerful antivirus Kaspersky. But its scanning takes a lot of time (a couple of hours) based on the size of the disc. It doesn't cure your system but it creates log that can tell about infected files.
Here is guide, if you would like to try it:
Please download MWAV scanner to a convenient location - www.mwti.net/download/tools/mwav.exe This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results. ▪ Run MWAV by double-clicking on mwav.exe ▪ Put a check next to the below items before scanning:
* Memory * Startup Folders * Drive - All Local Drives * Registry * System Folders * Services * Scan All Files
▪ Please make sure all of these are checked, then press the Scan button. This typically will take hours to complete. ▪ When it writes the scan is completed, on the bottom portion of the window, you will see the lower panel where MWAV is listing infected items - Virus Log Information, please highlight everything in that lower panel and copy it by pressing CTRL+C and then paste it here by CTRL+V.
Levlard thank you so much for your help so far, I am relieved that so far that I have a clean system except for the parts that you have highlighted which I am going to get onto soon, u said it was fine to delete the files from my Virus Vault but what about the actualy files on my computer?
c:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP166\A0022463.exe which has the Trojan Horse Generic2.LNX c:\System Volume Information\_restore{F3EB7393-0A0F-4698-86F8-B4414F46F334}\RP143\A0017035.dll which has the Trojan Horse Downloader.Generic2.ZFY
and c:\documents and settings\ecom\local settings\temp\jqxmrlky.exe which has the Trojan Horse Generic2.LSA
after that I rebooted and re ran the scan and the above entries were gone so that seems to have solved that problem, but if you don't mind me asking what is the problem with those entries, I would like to find out so I can prevent getting em again and if I do would like to be able to find the problem myself next time
I am about to run that mwav program so im hoping that will come up clean aswell
As for your suggestion about Avast and AVG running both on my system, I don't seem to have any hang ups or a sluggish system I would prefer to keep aVast as a back up for AVG but if you knwo of a conflict running both of em at the same time
► To delete files in System Volume Information folder do this:
▪ Right-click the My Computer icon on the Desktop and click on Properties. ▪ Click on the System Restore tab. ▪ Put a check mark next to Turn off System Restore. ▪ Click the OK button and restart your computer.
To delete file C:\Documents and Settings\ecom\local settings\temp\jqxmrlky.exe do this:
► Please download and run ATF Cleaner - www.atribune.org/ccount/click.php?id=1 ▪ Under Main choose: Select All and click the Empty Selected button. ▪ If you use Firefox browser, click Firefox at the top and choose: Select All and click the Empty Selected button (NOTE: If you would like to keep your saved passwords, please click No at the prompt). ▪ If you use Opera browser, click Opera at the top and choose: Select All, click the Empty Selected button (NOTE: If you would like to keep your saved passwords, please click No at the prompt). ▪ Click Exit on the Main menu to close the program.
It isn't normal to have infected file running in Temp folder (I mean usually it is created by some other process), so the MWAV scan is good idea.
Those HijackThis entries weren't real threat.
Certainly don't let both antiviruses run at same time (resident shields), they could prevent each other from accessing files so the main purpose may be opposite.
Hi Levlard, just while im running the mwav scan I was wondering if you have heard of a program called Novatix Cyberhawk v1.2.0 it says it's a Zero Day virus scanner? after all my problems with getting so many trojans and such within a few days time I thought I would search download.com for some extra virus scanner
Novatix Cyberhawk is not a virus scanner. It is so called behaviour blocker, it analyzes files and processes for malicious activity and eventually prevents from their accessing. I don't recommend this product to common computer user, there are some other security programs and security tips you can try:
► To delete files in System Volume Information folder do this:
▪ Right-click the My Computer icon on the Desktop and click on Properties. ▪ Click on the System Restore tab. ▪ Put a check mark next to Turn off System Restore. ▪ Click the OK button and restart your computer.
Then you can turn System Restore back on.
► Try to find and uninstall Morpheus Toolbar throught Add/Remove Programs in Control Panel. Plus certainly delete this folder: C:\Program Files\Morpheus\
ok I've disabled System Restore and I tried to delete the System Volume Information folder but to no success, I think that might be normal tho
I also used that AFT cleaner problem on the main and the firefox window and freed up some bytes so what im thinking of doing next is deleting the information I have in the AVG virus vault but I don't want to of done t\all this for nothing so Im hoping that your gonna say that is fine to do
As for Morpheus, I had stop using that program ages ago and uninstalled it so there was nothing in the Add/Remove panal but I did get rid of the folder in Program Files
As for NovaTix Cyberhawk, I do alot of downloading from P2P and bit torrents and I was thinking that that would be a good defence for possible new virus coming out
It's all right you cannot delete System Restore folder itself. But by disabling it, you can delete files presented in that folder (include these infeceted).
Yes, it is fine to do.
Well, how I said i certainly don't recommend Behaviour Blocker to someone unexperienced. You are right it can defend against new viruses, but it can also produce false positives. Nowadays antivirus programs have so called heuristic analysis and generic detection that can detect new malware (by running it in virtual environment / recognize malware by its structure).
ahh good stuff, now as for the my AVG virus vault I hoping to find out that it is safe to delete the entries in there?
When I was running the MWAV scan my AVG came up with 3 more Trojans found in my System Volume Information folder, the fact that I have cleared it out now is not my concearn, but the fact that only when I was running a full MWAV scan brang em up when I have ran constant scan onmy computer with AVG and I have no seen any sign of em b4, would you class AVG a competant program or would u suggest another free Anti Virus progam? As with my MWAV result log, what can you tell me about that? stuff like "smitfraud Browser Hijacker" really gets me worried
My computer is infected with Trojan horse Generic2.BXVH. I have AVG antivirus. Please tell me is any think to heal my computer
Michael2615 said... Hi all and I will thank you for your help in advance as I hoping you can help, I seem to be infected with a few different Trojan Horse Generic2 viruses as I kinda a noob to combating viruses I thought I would ask for some help, I have the following trojans on my computer.
Trojan Horse Generic2.LSA
Trojan Horse Generic2.LNX
Trojan Horse Downloader.Generic2.ZFY
I actually have em all in AVG Free 7.5.432 virus vault which im quite happy with but AVG tells me that they are all incureable and I don't like having any sign of a virus on my computer
is there anyway of healing (which I would prefer to do) or deleting the virus out of my computer safely
I think that free antivirus can't remove trojan type viruses, free antivirus can only remove small viruses. so i think you have to buy a full version of antivirus so it will protect your computer.
Hi, I recently had this happen to me as well. My antivirus was able to remove it I believe, however I lost everything on my desktop and favorites in my IE. I tried a system restore and this did not help. Any recommendations on how to get this stuff back?
Please create a new topic of your own and we'll be there to help you. Just pm me if no one else has replied to your thread. Thanks.* You may pm\email me if you're still waiting for my follow-up post.
This is called behavior blocking, malicious activities, documents and procedures analysis, and ultimately prevent their access. I do not recommend this product to the average computer user
Currently it is Tuesday, May 21, 2013 11:03 PM (GMT +3) There are a total of 59,520 posts in 13,139 threads. In the last 3 days there were 1 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 34613 registered members. Please welcome our newest member, aadi95. 22 Guest(s), 0 Registered Member(s) are currently online. Details
|
Forum Help Manual
