Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Dropper.Generic2.CFAL


  • Please log in to reply
1 reply to this topic

#1 benniuk

benniuk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 13 December 2010 - 05:05 PM

Hi guys,

I'd really appreciate any help at all with this. AVG resident shield keeps picking up something called Trojan Horse Dropper.Generic2.CFAL it doesnt seem to have hindered the computer's performance at all (which makes me think I should be more worried) but keeps flashing up regularly on the resident shield most often listing the Process Name as C:\Program Files\Mozilla Firefox\firefox.exe and Process ID as 3472, however it does display others on occasion. AVG tells me that the file is stored within C:\Windows\System32\autochk.exe and is whitelisted and so cant be removed. SpyBot spotted it and told me the same thing, Malwarebytes didnt spot it. After failing to remove it I attempted a system restore however windows told me that it was unable to do this as the filesystem was corrupt.

Being a good little boy I followed the preparation guide as per the forum post however I encountered major problems. DDS doesnt work at all, it brings up a text file of symbols, the only recognisable English is "This program cannot be run in DOS mode". I do have AutoCAD installed on this computer and it seems the .scr filetype is associated to this program - could this be the reason. After 3 attempts I moved onto GMER. 1st GMER attempt brought up Windows popup saying "GMER.exe has stopped working" and had a check for solutions option, after 30 seconds. 2nd GMER attempt - ran for around 5 mins then bluescreened and forced a shut down restart. 3rd GMER attempt was the same as the first.

What can I do now? I do have the bluescreen info as displayed by windows upon restart if thats any help? As I said any assistance would be gratefully received as this is a work PC in my families business and I'm worried about this horse mining company information.

Kind Regards

Ben

(Benniuk)

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:37 PM

Posted 22 December 2010 - 08:47 PM

Hello benniuk

Welcome to BleepingComputer.
=====================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users