Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with trojan horse backdoor generic 17.err


  • Please log in to reply
37 replies to this topic

#1 smudge77

smudge77

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 20 May 2013 - 03:28 PM

hi,

Something very odd is happening to my PC in recent days. every time i try to download any file I get an error 'file contained a virus and was deleted’. AVG is seeing a trojan horse: 'trojan horse backdoor generic 17.err', but cannot correct or fix it. it's the same if i turn off AVG virus guard.

Microsoft sercurity client,  I was using is no longer available.

I’ve tried to download ComboFix 13.5.20.1, same error and also DDS same error. That’s in explorer 9. In firefox it appears to download, but then can’t open it.

So I downloaded on another laptop. Zipped it up, and emailed to myself onto the infected PC. But can’t extract it.

Then it gets spooky, al least to me. I set up an a/c on bleeping computer, and wait for the authentication email. Nothing arrives. I go to re-validate, no email… did it again, and still no email. Not in spam or junk mail. So I re-register using  my work email. And get the authentication email. This virus seems to know I’m after it.

Please help: what can do to fix this one? I’m not an expert on viruses but work in telecommunications and have had PCs for many years, and was an early adopter of the internet.

Smudge77

 

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:37 AM

Posted 20 May 2013 - 07:24 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 smudge77

smudge77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 21 May 2013 - 04:47 PM

great thanks. the odd bit is can't download software to fix it! but could i run combofix from dos prompt?



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:37 AM

Posted 21 May 2013 - 07:18 PM

Never run Combofix on your own.

Be patient.

Someone will get back to you.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:37 AM

Posted 23 May 2013 - 10:07 AM

Lets give it a try.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 AM

Posted 23 May 2013 - 10:15 AM

Hello, just letting you know your topic was move to here in the Virus, Trojan, Spyware, and Malware Removal Logs forum , where it will stay.              


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 smudge77

smudge77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 25 May 2013 - 04:04 AM

ok, so i downloaded on another laptop,zipped up  saved to a usb stick. on the infected PC tried to extract to desktop, it appeared to do so, but then not on the desktop. extracted to a new folder, appeared to work but then not in that folder.

weird or what?



#8 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 25 May 2013 - 03:30 PM

Disregard this post.

Edited by JSntgRvr, 25 May 2013 - 08:08 PM.


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:37 AM

Posted 25 May 2013 - 08:09 PM

Remove AVG and try again. What Operating System is in the ailing computer?

Edited by JSntgRvr, 25 May 2013 - 08:10 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 smudge77

smudge77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 26 May 2013 - 08:08 AM

ok will do. it's windows 7.



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:37 AM

Posted 26 May 2013 - 10:29 AM

Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 smudge77

smudge77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 May 2013 - 01:43 AM

unistalled AVG, n oother anti-virus active, went thru same process: downloads are immediately delted with a message 'contains a virus', can't install from the usb stick..



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:37 AM

Posted 28 May 2013 - 10:47 AM

Try to download FRST to a USB flash drive and run the application from there. No need to transfer the file to the computer. It should produce the report in the flash drive, FRST.txt.

 

Which Operating System is installed in the ailing computer?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 smudge77

smudge77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 May 2013 - 02:00 PM

it's on the usb stick, open that drive, see the file, double clickc on in ... does not launch. right click and choose open does not launch.



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:37 AM

Posted 28 May 2013 - 03:25 PM

Lets try the Recovery Console.

 

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

 


Edited by JSntgRvr, 28 May 2013 - 03:30 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users