Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic.Bot.h


  • Please log in to reply
7 replies to this topic

#1 JaRvEy

JaRvEy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 10 May 2010 - 04:15 PM

Hey guys. I'm new here and appreciate your patience in advance! I had a virus last week and i reformatted my harddrive. Spybot comes back clean. However, Malwarebytes comes back with Generic.Bot.h and it won't go away! Can I get some help with this? Would you need to see the log from the Malwarebytes "removal"? Or possibly a HiJackThis log? Please let me know~

Edited by Budapest, 10 May 2010 - 04:55 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 10 May 2010 - 10:41 PM

Hello and wlcome..

We need to disable Spybot S&D's "TeaTimer" if it's running.
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.





Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JaRvEy

JaRvEy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 11 May 2010 - 05:44 AM

Thanks for the quick reply, boopme.

I followed the instructions and stopped at the SUPERAntiSpyware scan because i couldn't get it to run. I received the following message:

"system admin has set policies to prevent this installation."

My brother is the one in charge of my computer and i'll have to speak with him to get this thing going. I might have to wait til the weekend to go further on this though. But i'll definitely post back when he gets here.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 11 May 2010 - 10:14 PM

If this is Vista you may need to temporarily Disable UAC on Windows Vista
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JaRvEy

JaRvEy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 12 May 2010 - 05:15 AM

nope. using XP.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 12 May 2010 - 11:10 AM

The system administrator has set policies to prevent this installation

Fix the local security policy.

Open Control Panel and go to Administrative Tools.
In Administrative tools open Local Security Policy.
Then in Local Security Policy right click Software Restriction Policies and click “New Software Rectriction Policy”.
Now Left click on software restriction policies and in the right-hand window you should see enforcement.
Double-click on enforcement and set the policy to apply to “ALL USERS EXCEPT LOCAL ADMINISTRATORS”
Now approve the changes and see if you are now able to install software.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JaRvEy

JaRvEy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 12 May 2010 - 05:24 PM

Hey Boop. I also posted my problem on geekstogo and RKinner suggested some programs that installed ok. We managed to remove the above mentioned virus and these LeechLLC files that were showing up in Avast. The only downside is that now my Dell printer won't work even after i tried reinstalling the drivers. Anyways, thanks for checking this thread and assisting me as you did. You're probably a busy guy with better things to do than to help lil ol me. Here's the thread if you're curious:

http://www.geekstogo.com/forum/Generic-Bot-H-t276601.html

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 12 May 2010 - 08:10 PM

Hu, you're welcome! Glad it's clean. I think you would be better served asking this in the External hardware forum. It may be Dell specific.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users