Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Generic.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Trojanator

Trojanator

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 08 November 2009 - 06:15 AM

I have a Trojan.Generic and can't remove it with Spyware Doctor as it automatically shuts down my computer. It has blocked all other spyware programmes i use including Anit-Malware, Spybot Search and Destroy and also Kaspersky.

GLOBALROOT\DEVICE\__MAX++>\05BA7A78.X86.DLL

This is the exact file it finds in the scan.
I have also done something on other forums it has said which is Win32kDiag.exe
I ran this and the results are below, I now do not know what to do? Thank you.

Starting up...
Running from: C:\Users\Valued Customer\Documents\Downloads\Programs\Win32kDiag.e
xe
Log file at : C:\Users\Valued Customer\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...

Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P2DF2.tmp\ZAP2DF2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P8140.tmp\ZAP8140.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P81A.tmp\ZAP81A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P97DB.tmp\ZAP97DB.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZA
PB615.tmp\ZAPB615.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZA
PE752.tmp\ZAPE752.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZA
PEEF0.tmp\ZAPEEF0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\Windows\bthservsdp.dat
[1] 2009-11-07 22:57:09 12 C:\Windows\bthservsdp.dat ()

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:57 PM

Posted 14 November 2009 - 06:20 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:57 PM

Posted 17 November 2009 - 04:13 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users