Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic_grayware


  • This topic is locked This topic is locked
14 replies to this topic

#1 Mildre

Mildre

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.S.A
  • Local time:01:40 AM

Posted 22 July 2007 - 02:03 PM

How or where do I locate Generic_Grayware. I have Trend Micro Antivirus and I recently downloaded Windows Defender, but Trend Micro was unable to remove it but that my risk was high, and Windows Defender said my system was running normal. Trend Micro only says to locate it using Windows Explorer....but I don't know how to do that. I always get this popup window from CiD, :thumbsup: but I can't do anything...Can someone help me??

Thanks,
Mildre

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:40 AM

Posted 22 July 2007 - 02:17 PM

CiD is associated with the LOP parasite and comes with numerous bundles of software.

Do you have Netpumper installed? If so, uninstall it via start > controlpanel > software > add/remove programs. This because Netpumper is bundled with the malware you are dealing with (swizzor aka lop).
Also look if next are present in software > add/remove programs and uninstall them:

CiD Help
Download Plugin for Internet Explorer
Zone Media

Then reboot. Important!

After reboot,

* Download Deljob.exe and save it on your desktop.
http://home.hetnet.nl/~stefsmeenk/deljob.exe
Doubleclick Deljob.exe.
In case infected, you'll get a message that "Suspicious files" are found.
When the suspicious files look similar like: B2D78CB491483981.job (random numbers and letters),
then select option 2 by typing 2 and hit enter.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile and a HijackThis log in the Hijack This forum. Not In This Forum.

Instructions for posting Hijack This log in link below
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Mildre

Mildre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.S.A
  • Local time:01:40 AM

Posted 25 July 2007 - 11:34 PM

No, I don't have anything installed under that name. I already checked under the options for "Add or Remove Programs", but nothing was there. I checked some folders...and on one of them was "wallpe" and under properties/version, it said "Portions Copyright 1990-2003 Wilson WindowWare, Inc." Is that an adware? Oh well, I deleted some dll that ended with ware :thumbsup: And is Zone Media the plugin I'm supposed to download? If so, where do I get it?

Thanks!

Mildre

Edited by Mildre, 25 July 2007 - 11:49 PM.


#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:10:40 PM

Posted 26 July 2007 - 12:18 AM

Wilson window ware was a company that used to write applications to run under WFW3.11, really old stuff, they were not an adware producer.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:40 AM

Posted 26 July 2007 - 06:13 AM

You were to look in Add/Remove for these three items and if there, uninstall them.
CiD Help
Download Plugin for Internet Explorer
Zone Media

Edited by buddy215, 26 July 2007 - 06:14 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Mildre

Mildre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.S.A
  • Local time:01:40 AM

Posted 28 July 2007 - 11:58 AM

Okay, I downloaded Deljob.exe and I don't see anything that says it found any suspicious files. At the beginning it says:

File(s) moved to C:\deljob

AEC05B6B91BFCC57.job

Is that the random numbers and letters you're talking about?

Thanks,
Mildre

Edited by Mildre, 28 July 2007 - 12:02 PM.


#7 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:40 AM

Posted 28 July 2007 - 12:30 PM

YES
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Mildre

Mildre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.S.A
  • Local time:01:40 AM

Posted 28 July 2007 - 12:37 PM

Okay, but I typed 2 and press enter and nothing happened.

#9 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:40 AM

Posted 28 July 2007 - 12:53 PM

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Mildre

Mildre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.S.A
  • Local time:01:40 AM

Posted 28 July 2007 - 08:59 PM

Alright, I got stuck at the beginning. I cannot open the page to download Ad-Aware, it says the page cannot be displayed. I did the troubleshoot options and it only said that it could not establish a connection over FTP. I'm guessing it's a temporary issue with the website, so I'll try again tomorrow.

:thumbsup: Thanks,
Mildre

#11 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:40 AM

Posted 28 July 2007 - 09:55 PM

Do what you can. If you get stuck, move on to the next step. The important thing is to post the log.

Edited by buddy215, 28 July 2007 - 09:56 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Mildre

Mildre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.S.A
  • Local time:01:40 AM

Posted 28 July 2007 - 10:17 PM

Alright, I'll try one more time and move on.

#13 Mildre

Mildre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.S.A
  • Local time:01:40 AM

Posted 13 August 2007 - 07:15 PM

When will I get a response for the problem I have and posted for help?

#14 Mildre

Mildre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.S.A
  • Local time:01:40 AM

Posted 13 August 2007 - 07:22 PM

nevermind! I found it....

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:40 AM

Posted 13 August 2007 - 09:09 PM

Your log is posted here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.

Edited by quietman7, 13 August 2007 - 09:11 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users