Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mcafee Classic reports a generic.dx virus I can not get rid of


  • This topic is locked This topic is locked
2 replies to this topic

#1 leroyarndt

leroyarndt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 07 January 2009 - 11:35 AM

As soon as a user logs in to their roaming profile Mcafee is reporting an infected file (Generic.dx) c:\windows\document and settings\user\Application Data\RBInternetEncodings600.dll. There are several files including the a fore mentioned one that repopulate after a user logs off then back on. These are roaming profiles and I did delete the suspect files on the server before logging the user back on. The following files are located in the Application Data directory of the user: RBInternetEncodings600.dll, rbap550.dll, RBRegEx550.dll, RBScript600.dll, RBShell555.dll, RBSSLSocket550.dll, RBXML550.dll. They are easily deleted but come back after logging back on.
I did turn the system restore off and have tried the following tools to try to fix the apparent problem: McAfee antivirus program and the online version, Trend Micro online scanner, Adaware free, Malwarebytes Anti-malware, Hijack this, and SuperAntiSpyware. The problem has now spread to a total of 3 computers on our network. Do I need to disconnect these machines while I try to find a remedy? I really need to get a handle on this as soon as possible. I am going to attach the log file from hijackthis but also have the logs from the DDS tool from this site. I appreciate any help you can provide. The other thing I am trying to figure out is what is putting and recreating the dll's, so far no luck. Is there any tools that show the dependencies for a given dll?
Thanks
LeRoy

Attached Files


Edited by leroyarndt, 07 January 2009 - 11:38 AM.


BC AdBot (Login to Remove)

 


#2 leroyarndt

leroyarndt
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 08 January 2009 - 12:50 PM

This has been resolved. The newest dat file for our version does not like the version of 4sight fax client software we run.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:12 AM

Posted 11 January 2009 - 08:53 PM

Thanks for informing us.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users