Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj Generic.adv And Tons Of Problems!


  • Please log in to reply
24 replies to this topic

#1 Silverboy280

Silverboy280

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 08:24 AM

Ok heres the situation, I went to sleep, and when i woke up, trend micro anti-virus had a message up saying:

"To remove a trojan horse program we need to restart the computer.
Trojan name: TROJ Generic.ADV

Restart now | Restart Later"

I had no idea how it could find a virus while i wasn't doing anything, but i clicked restart now. When it was back up, it said "Libeay32.dll was not found, please try re-installing the program." at the top of that was the name "sprtcmd.exe"

Now everytime i try to run spy sweeper it does a physical memory dump.

Trend-Micro Anti-Virus found TROJ Generic.ADV in 4 files:

wextract.exe
Swsupport.dll
Microsoft office Activation
and libeay32.dll


PLEASE HELP!!!!

BC AdBot (Login to Remove)

 


#2 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 08:31 AM

Also the 4 files i mentioned are under quarantine, no idea what itdeleted

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:16 AM

Posted 05 September 2008 - 09:29 AM

trend may have updated it's definitions and then done an automatic scan and found something, good or bad?

Filezilla installed, still working? From a trusted source?

Let's doublecheck trend and see if there's anything else

Run MBAM please

http://www.bleepingcomputer.com/forums/ind...st&p=935291
Chewy

No. Try not. Do... or do not. There is no try.

#4 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 09:32 AM

Actually, when i start up, Trend-Micro states theres a problem while installing an update, but at the main menu, it says its up to date...

#5 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 09:57 AM

and btw, what is "Filezilla"

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:16 AM

Posted 05 September 2008 - 10:04 AM

http://www.google.com/search?hl=en&q=l...mp;aq=f&oq=


http://www.auditmypc.com/process/libeay32.asp


Is anyone else installing programs ion that computer?

and the MBAM log?

Edited by DaChew, 05 September 2008 - 10:04 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#7 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 10:08 AM

Um, my bro might be?? and my mom gets on and checks emails.[I've seen her open random attachments]

And i haven't got MBAM yet, i am getting it now, I had something i had to do.

#8 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 10:18 AM

Once thsi is done, will i be able to un-quarantine the stuff?? or will i have to re-install spy sweeper

#9 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 10:19 AM

During the scan, trend-micro quarantined PAK Generic.001....

#10 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 10:21 AM

Malwarebytes' Anti-Malware 1.26
Database version: 1116
Windows 6.0.6000

9/5/2008 11:21:12 AM
mbam-log-2008-09-05 (11-21-12).txt

Scan type: Quick Scan
Objects scanned: 43796
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\ijjistarter2.exe (Trojan.Agent) -> Quarantined and deleted successfully.


and do i restart now to finish removing all?

#11 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 10:28 AM

Ok, i restarted.

I still can't run spysweeper though :thumbsup:

EDIT: I think the libeay32.dll has something to do with why i can't runspysweeper?

Or is it the fact it quarantined the Swsupport.dll?

Edited by Silverboy280, 05 September 2008 - 10:31 AM.


#12 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 10:41 AM

Ok i have 2 new quarantined files in trend after i installed/ran MBAM:

Sintf32.dll
SintfNT.dll

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:16 AM

Posted 05 September 2008 - 10:46 AM

Until we get this straightened out, would you just follow my directions, no extra scans

Let's disable trend and leave spysweeper alone for a while

yes trend went after some legitimate files, not sure why?

http://www.bleepingcomputer.com/forums/ind...st&p=930510

let's run ATF cleaner and SAS from safe mode and make sure MBAM got it all then we can start fixing any damage
Chewy

No. Try not. Do... or do not. There is no try.

#14 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 10:48 AM

Trend likes to do that lol.

And how would i dis-able it. And is it safe to dis-able it, if there is still things on my computer?

They could screw me over if i turn off my anti-virus? o.0

#15 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 September 2008 - 10:50 AM

i have to go for about 10 mins, i will read any messages left by you when i get back.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users