Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Generic29ajge - help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 smudger78

smudger78

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 22 May 2013 - 07:01 AM

Hi,

Just been reading thread below as believe I have been infected with this virus. Please could someone help me out? I've run the farbar tool referred to in this thread and the log is copied below. The virus has responded to neither AVG which keeps popping up but cannot remove it or Malwarebytes which appeared to but then on restarting the computer it was still there.

 

 

Thanks

 

 

Smudger

 


Thread
http://www.bleepingcomputer.com/forums/t/493201/infected-with-trojan-horse-generic29ajge/

Farbar Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2013 02
Ran by Nick at 2013-05-22 07:59:26 Run:
Running from C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L05XBUF5
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (Version: 15.4.5722.2)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Reader X (10.1.0) MUI (Version: 10.1.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Bluetooth Filter Driver Package (Version: 1.00.0004)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.1.42)
Atheros Driver Installation Program (Version: 9.2)
AVG 2013 (Version: 13.0.3162)
AVG 2013 (Version: 13.0.3343)
AVG 2013 (Version: 2013.0.3343)
AVG Security Toolbar (Version: 15.2.0.5)
BBC iPlayer Desktop (Version: 3.0.7)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.97)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.04(T))
Bonjour (Version: 3.0.0.10)
Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
Conexant HD Audio (Version: 8.51.1.0)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
FATE (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
Google Chrome (Version: 27.0.1453.93)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
High-Definition Video Playback (Version: 7.3.10900.8.0)
HiJackThis (Version: 1.0.0)
iLivid (Version: 4.0.0.2466)
Insaniquarium Deluxe (Version: 2.2.0.97)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2281)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.1.1001)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 15.4.3502.0922)
KNOWHOW™ APP CENTRE (Version: 22447)
LibreOffice 3.5 (Version: 3.5.6.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero BackItUp 10 (Version: 5.8.10900.8.100)
Nero BackItUp 10 Help (CHM) (Version: 10.6.10700)
Nero BurnRights 10 (Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (Version: 10.6.10700)
Nero Control Center 10 (Version: 10.6.12700.0.7)
Nero ControlCenter 10 Help (CHM) (Version: 10.6.10800)
Nero Core Components 10 (Version: 2.0.20000.9.12)
Nero Express 10 (Version: 10.6.10700.5.100)
Nero Express 10 Help (CHM) (Version: 10.6.10700)
Nero InfoTool 10 (Version: 7.4.10300.1.100)
Nero InfoTool 10 Help (CHM) (Version: 10.6.10700)
Nero Kwik Media (Version: 1.6.15100.59.100)
Nero Multimedia Suite 10 Essentials (Version: 10.6.10300)
Nero RescueAgent 10 (Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.6.10800)
Nero StartSmart 10 (Version: 10.6.10500.3.100)
Nero StartSmart 10 Help (CHM) (Version: 10.6.10700)
Nero Update (Version: 1.0.10900.31.0)
NeroKwikMedia Help (CHM) (Version: 10.6.10900)
Nike+ Connect (Version: 5.2.14)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.97)
Realtek USB 2.0 Reader Driver (Version: 1.0.0.12)
Skype™ 5.10 (Version: 5.10.116)
Slingo Deluxe (Version: 2.2.0.95)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
Torch (Version: 2.0.0.2062)
TOSHIBA Assist (Version: 4.02.02)
TOSHIBA Bulletin Board (Version: 2.1.10.64)
TOSHIBA ConfigFree (Version: 8.0.37)
TOSHIBA Disc Creator (Version: 2.1.0.6 for x64)
TOSHIBA eco Utility (Version: 1.2.24.64)
TOSHIBA Face Recognition (Version: 3.1.8.64)
TOSHIBA Hardware Setup (Version: 4.07.02.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7)
Toshiba Manuals (Version: 10.02)
TOSHIBA Media Controller (Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)
TOSHIBA Online Product Information (Version: 4.01.0000)
TOSHIBA PC Health Monitor (Version: 1.7.4.64)
TOSHIBA Places Icon Utility (Version: 1.1.0.12)
TOSHIBA Recovery Media Creator (Version: 2.1.3.10010)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Service Station (Version: 2.1.52)
TOSHIBA Sleep Utility (Version: 1.4.2.7)
TOSHIBA Supervisor Password (Version: 4.07.02.00)
TOSHIBA TEMPRO (Version: 3.35)
TOSHIBA Value Added Package (Version: 1.5.3.64)
TOSHIBA Web Camera Application (Version: 2.0.0.13)
TOSHIBA Wireless LAN Indicator (Version: 1.0.2)
TRORMCLauncher (Version: )
TRORMCLauncher (Version: 1.0.0.10)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.5 (Version: 2.0.5)
Wedding Dash 2 - Rings Around the World (Version: 2.2.0.95)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
Zuma Deluxe (Version: 2.2.0.95)

==================== Restore Points =========================

27-02-2013 23:35:15 Windows Update
11-03-2013 07:30:32 Scheduled Checkpoint
13-03-2013 23:26:54 Windows Update
21-03-2013 23:23:50 Windows Update
24-03-2013 18:02:20 Installed iTunes
28-03-2013 14:13:51 Installed AVG 2013
28-03-2013 14:14:46 Installed AVG 2013
11-04-2013 19:03:30 Windows Update
25-04-2013 08:07:53 Windows Update
08-05-2013 18:54:52 Windows Update
17-05-2013 20:23:21 Windows Update
22-05-2013 06:53:12 Installed HiJackThis

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2013 07:34:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2013 07:16:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 11:31:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 09:33:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1217

Error: (05/21/2013 09:33:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1217

Error: (05/21/2013 09:33:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/21/2013 09:23:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1279

Error: (05/21/2013 09:23:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1279

Error: (05/21/2013 09:23:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/21/2013 06:29:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/22/2013 07:33:05 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/22/2013 07:33:02 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/22/2013 07:32:58 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.

Error: (05/22/2013 07:32:01 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/22/2013 07:14:56 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.

Error: (05/22/2013 00:02:20 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/21/2013 11:30:27 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.

Error: (05/21/2013 11:29:12 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/21/2013 06:27:52 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.

Error: (05/20/2013 11:33:46 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (05/22/2013 07:34:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2013 07:16:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 11:31:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 09:33:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1217

Error: (05/21/2013 09:33:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1217

Error: (05/21/2013 09:33:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/21/2013 09:23:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1279

Error: (05/21/2013 09:23:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1279

Error: (05/21/2013 09:23:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/21/2013 06:29:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 7989.86 MB
Available physical RAM: 5530.03 MB
Total Pagefile: 15977.9 MB
Available Pagefile: 13164 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:340.82 GB) (Free:260.58 GB) NTFS (Disk=0 Partition=2)
Drive d: (Data) (Fixed) (Total:357.42 GB) (Free:343.09 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 7578C83B)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=341 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=357 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:07:22 AM

Posted 22 May 2013 - 10:34 AM

Hi and :welcome: to BC

 

 

As FRST is not allowed in this part of the forum please follow the instructions below and link this topic in your future topic.

 

Please follow the instructions in ==>This Guide<== starting at Step 6.  If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==  Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
 



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 AM

Posted 22 May 2013 - 08:55 PM

Thank you.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.


Edited by boopme, 22 May 2013 - 08:55 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users