Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Downloader. Generic. We


  • Please log in to reply
11 replies to this topic

#1 weybrew

weybrew

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 13 April 2006 - 06:56 PM

My AVG Free Antivirus keeps flagging this but can't seen to do anything with it. How do I get rid of it? Help, please.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 13 April 2006 - 08:43 PM

Hello weybrew

Try running AVG in Safe Mode. "How to Boot in "SAFE MODE" tutorial"

Also if your using Win XP or 2000, download and scan with Ewido Anti-Malware v3.5
Ewido Install and Scan Instructions
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 weybrew

weybrew
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 14 April 2006 - 05:21 PM

I routinely use and run SpywareBlaster, Spybot, Ad-Aware, and MS Defender. Even so, ewido found a Trojan (not the target one) and a bunch of Tracking Cookies on its first scan. The second scan was clean. Running AVG in Safe Mode was clean also.

ewido looks like a keeper to me! Thanks quietman7 for your help and the detailed instructions. It looks like I'm running OK again!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 14 April 2006 - 05:47 PM

I'm glad to hear your system is running better. However is the "target" trojan still present.

If so, another thing you can try is performing an online scan with a-squared Web Malware Scanner
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component]
1. Click "Scan Your PC".
2. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Insall ActiveX component.
3. A new window will appearing asking "Do you want to install this software?""
4. Select "Install" to download the ActiveX controls.
5. Click the blue "Scan" botton on the right to begin.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 weybrew

weybrew
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 15 April 2006 - 10:45 AM

My AVG shows that the ...Generic. WE trojan is Quarantined from a previous scan, yet the other day a new warning window opened saying that whlle opening a file (I didn't copy it down) this same trojan was found. That's what started all this. I didn't understand why AVG could warn me of a file it had in Quarantine. I haven't gotten that warning again, the ...Generic.WE trojan is still in Quarantine, and the last scans of AVG and ewido are clean. Should I still be concerned about this?

If you still suggest running a-squared scanner, will this repair anything it finds? Will it find and remove ...Generic.WE in its AVG Quarantine location? Should ewido have done that?

Also, I'm running Firefox and doesn't it shun Active-X controls as "bad?" I can run IE to do the test if you still think it's worthwhile.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 15 April 2006 - 10:53 AM

If your subsequent scans are coming up clean, then delete the file from quarantine so other scanning programs do not flag it from there.

The a-squared scan should remove what it finds and its safe to use IE to download the ActiveX component.

If you cannot or don't want to use IE to run your online scans, then install the IE Tab add-on extension for Firefox so you can perform the scan through Firefox.

Install the Add-on from here: https://addons.mozilla.org/extensions/morei...ication=firefox

After install, close & restart Firefox. Then you right click on the page (tab) you want to use in IE tab. This allows you to switch rendering engine.

If you go to View > Toolbars > make sure Bookmark Toolbar is checked. Then click "Customize" and look for the little IE logo. Click on that icon and drag it to your toolbar under the menu. This makes it much easier to use.

Edited by quietman7, 15 April 2006 - 10:56 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 weybrew

weybrew
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 16 April 2006 - 01:32 PM

I have deleted ...Gen.WE, the origianl target, but other Trojans and Tracking Cookies are also in quarantine. May I safely delete these, too? If they can be safely deleted, why doesn't AVG do so instead of quarantining them?

I downloaded and started the a-squared scan. It ran an uncovered the following before it locked up:

Trace.File.Absolute Keylogger 1
Trace.Registry.Pop-up Stopper 5
Trace.Registry.Tools.Nirsoft 1
Trace.TrackingCookies 192

How could so much be out there when both ewido scans found none of this? What now?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 16 April 2006 - 04:50 PM

Like other anti-virus programs, AVG uses quarantine to move infected files to prevent their execution. Not deleting them right away allows for further investigation of those files at a later time. You can safely delete the items listed in quarantine.

How could so much be out there when both ewido scans found none of this?

No single program on the market can claim 100% detection/removal so using more than one is recommended. Each vendor has its own definition of what constitutes spyware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another.

Most of what a-squared scan found are tracking cookies which you can delete manually or download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Nirsoft is a vendor that makes a number of legit freeware utilities: password recovery, system utilities, system tools, etc. I use several of their programs myself. The scan did not indicate what specific program it targeted but its probably one that can be ignored if you installed it on your system. A list of Nirsoft products can be found here. You can uninstall any of their products via Add/Remove Programs in Control Panel. However, the scan only indicates traces of a Nirsoft product were found in the registry. Its possible you had one of their programs installed at one time, removed it but not all the registry entries were removed in the process.

Absolute Key Logger is a program by LastBit Software that records all keyboard key strokes into a log file. It is useful to restore lost typed text, to find forgotten passwords and logins but can be misused to steal your information. This program can be removed via Add/Remove Programs.

Pop Up Stopper is probably a legit program. However, there are many different pop up stopping programs with similar names. Unless this is the exact name of the program it's difficult to say for sure. Did you install any Pop Up Stopping software? Again, the scan is only indicating traces of registry entries which may have been left behind during removal of the program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 weybrew

weybrew
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 17 April 2006 - 11:37 AM

Since both your suggested scans found lots of malware even though I regularly use Ad-Aware, Spybot, and MS Defender, are these programs useless? Should I do my regular scans with ewido and a-squared?

Should I be using an anti-virus other than AVG?

Is ZoneAlarm firewall sufficient? I am a sole user, single computer, dial-up connection. no online gameing, video, or music downloading. WIN XP, Firefox.

I really appreciate your time and help with these scans and I'd value your advice on software selection.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 17 April 2006 - 12:03 PM

Since both your suggested scans found lots of malware even though I regularly use Ad-Aware, Spybot, and MS Defender, are these programs useless?

No. As I previously said, each vendor has its own definition of what constitutes spyware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. I use them all as a combined effort to keep my system clean.

Should I do my regular scans with ewido and a-squared?

Ewido yes. I use it as part of my regular scheduled maintenance.

Should I be using an anti-virus other than AVG?

AVG is one of the best if you want to use a free program. There are paid for anti-virus programs that perform better but even they are open to debate as to which one is the best.

Is ZoneAlarm firewall sufficient?

Yes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 weybrew

weybrew
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 17 April 2006 - 03:26 PM

Again, many thanks for all your help and advice.

Thomas

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 17 April 2006 - 04:53 PM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users