Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Eldorado/Win32 Cryto and trojans

  • Please log in to reply
1 reply to this topic

#1 rypie77


  • Members
  • 1 posts
  • Local time:08:10 PM

Posted 15 December 2008 - 09:43 AM

I have problems on my work laptop Windows XP2007 SP2. The default anti virus FPROT for Windows found an 'Eldorado' which I removed but I think it said it was undisinfectable, but this has now gone anyway.

I then used AVG which found and eliminated 5 threats on svchost.exe but now finds 3 tojans which are located by the resident shield and moved to virus vault every time I try to use explorer. (so i cannot use internet as explorer shuts down) Also when i use explorer I get a message saying 'insecure internet activity' which is of course part of the virus.

AVG full scan cannot find the virus, only resident shield.

Gives the following 3 listings:

Trojan horse Generic_c.ABUT
Trojan horse Generice_c.ABUS
Trojan Horse generic_c.ABUU

all located on C:\Documents and Settings\My Username\Application Data\Google\GMail\1t.gif and 3n.gif and 2y.gif respectively.

The process Name is always C:\Program Files\Internet Explorer\ixplore.exe

The Process ID changes number every time.

I have also tried Malwarebytes Anti Malware and that gives a clean scan.

Bearing in mind that the problem is on my laptop (i am sending this from desktop)and I cannot use explorer so cannot paste log reports!

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:10 PM

Posted 15 December 2008 - 07:26 PM


Please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • Please be patient as the scan may take up to 20 minutes to complete.
  • When the process is complete, the SDFix report log will open in Notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users