Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Generic29.AJGE virus problem


  • Please log in to reply
43 replies to this topic

#1 aj0225

aj0225

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 04 June 2013 - 11:14 PM

i recently started my computer and my avg said i had a trojan horse virus in my computer, i restarted it in safe mode and ran avg and restarted it and still got the warning, does anyone know how to remove it? I saved a pic of what the details from the virus are and attached it

Attached Files


Edited by hamluis, 05 June 2013 - 06:54 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 gerncranium

gerncranium

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 05 June 2013 - 12:17 PM

I have almost the exact same thing, except the extension is .AHHS.  And the description is exactly the same.  Tried AVG to remove it, says access is denied.  Any luck yet?



#3 aj0225

aj0225
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 05 June 2013 - 03:12 PM

no nothing yet, if you find a way, let me know and ill do the same



#4 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 05 June 2013 - 03:22 PM

Scan with Malwarebytes Anti Malware and Eset Online Scanner and check if the problem gets solved. 

 

If the trojan still persists, reply back. 

 

Note: A quick scan with MBAM is enough. 


Edited by im abcd, 05 June 2013 - 03:23 PM.

3dsig_zpsd150d538.png

 


#5 aj0225

aj0225
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 05 June 2013 - 07:15 PM

MBAM Found:

 

 

Registry Keys Detected: 12
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE (Trojan.Agent) -> No action taken.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 10
C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> No action taken.
C:\Program Files (x86)\NetNucleous (Adware.Mirar) -> No action taken.
C:\Program Files (x86)\NetNucleous\GorillaPrice (Adware.Mirar) -> No action taken.
C:\Users\AJ\AppData\LocalLow\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\AJ\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\AJ\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> No action taken.
C:\Users\AJ\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> No action taken.

Files Detected: 30
C:\Users\AJ\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\rlph.dll (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\rlxf.dll (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Users\AJ\Downloads\Programs\RollerCoasterTycoon-dm.exe (Adware.TryMedia) -> No action taken.
C:\Windows\System32\config\systemprofile\opera.exe (Rootkit.0Access) -> No action taken.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
C:\msconfig.exe (Trojan.Agent) -> No action taken.
C:\winlogon.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\config\systemprofile\iexplore.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\config\systemprofile\winlogon.exe (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\asmcf.dat (PUP.Spyware.MarketScore) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> No action taken.
C:\Program Files (x86)\NetNucleous\GorillaPrice\config.dat (Adware.Mirar) -> No action taken.
C:\Users\AJ\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> No action taken.
C:\Users\AJ\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> No action taken.

(end)

 

 

ESET Online Scanner Found:

 

C:\Program Files (x86)\RelevantKnowledge\rlls.dll a variant of Win32/Adware.RK.AM application
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe a variant of Win32/Adware.RK application
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe a variant of Win32/Adware.RK.AE application
C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll a variant of Win32/Adware.RK.AM application
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\AJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\cf0d31-628b8014 Java/Exploit.Agent.AG trojan
C:\Users\AJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\10342b48-208e16d1 Java/Exploit.Agent.AG trojan
C:\Users\AJ\Desktop\RedSn0w_Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\AJ\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows\System32\config\systemprofile\opera.exe a variant of Win32/Kryptik.BCTW trojan



i removed all the files and it still popped up when i restarted my computer



#6 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 06 June 2013 - 05:58 AM

You have quite some amount of adware on your PC. Firstly lets run through Adw Cleaner. Then follow this guide for the removal of that Trojan. To finish off with, I would run Junkware Removal Tool and Temp file cleaner.


3dsig_zpsd150d538.png

 


#7 aj0225

aj0225
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 06 June 2013 - 10:42 AM

its telling me to stop process on your system that related to Trojan horse Generic29.AJGE, how di i find out which ones they are to stop them



#8 aj0225

aj0225
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 06 June 2013 - 11:14 AM

alot of theses instructions are kind of confusing, is there any way you can help me understand these instructions, i ran the adw cleaner and deleted whatever was located



#9 gerncranium

gerncranium

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 06 June 2013 - 02:56 PM

I ran Malware Bytes and ADW Cleaner, did nothing. 



#10 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 06 June 2013 - 03:30 PM

alot of theses instructions are kind of confusing, is there any way you can help me understand these instructions, i ran the adw cleaner and deleted whatever was located

Probably my fault for giving you a confusing tutorials. Try doing the following: 

Go to C: drive, then click on the Organize tab which can be found on the upper left corner of the screen. Next go to the Folder and search option, click on the view tab, and uncheck 'hide hidden files and folders' and also uncheck 'hide protected system files'. A couple of new folders should have become visible in the C: drive. Open the $Recycle.bin folder. Right click it and scan it with malwarebytes. See if it picks up and delete anything. There should be nothing else than Recycle bin itself in that folder. If Malwarebytes finds any infections, clear them. If not, start up your pc in Safe mode with networking and open up that $Recycle.bin folder and delete the path that Avast detects. Important: Don't delete the whole $Recycle.bin folder!

Restart pc, if the virus alert is gone. 

 

Next, give me a screenshot of all your processes. (In normal boot mode)

 

If the trojan has been successfully deleted please go to the folder options and check 'hide protected system files' option.

 

I ran Malware Bytes and ADW Cleaner, did nothing. 

 

Did MalwareBytes and AdwCleaner found absolutely nothing? Or were any infections detected? Anyways, follow the instructions I gave to the OP. 


Edited by im abcd, 06 June 2013 - 03:36 PM.

3dsig_zpsd150d538.png

 


#11 aj0225

aj0225
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 06 June 2013 - 04:01 PM

i cant find out how to put a picture on here, its asking me for a url



#12 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 06 June 2013 - 04:27 PM



i cant find out how to put a picture on here, its asking me for a url

To post a screenshot, you first need to upload it using a snipping tool of some kind. I would recommend Lightshot for this purpose. Use it to take the pic, upload it and post the url. 

 

Also what were the results of the $Recycle.bin? Anything deleted/detected? 


Edited by im abcd, 06 June 2013 - 04:27 PM.

3dsig_zpsd150d538.png

 


#13 aj0225

aj0225
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 06 June 2013 - 04:44 PM

it detected 7 and i had them removed and restarted it in normal boot, and so far nothing has popped up



i save the pic to my paint but dont know how to upload to post a url



#14 aj0225

aj0225
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 06 June 2013 - 05:44 PM

i tried to send the image url and it said " You are not allowed to use the image extension in this community"



#15 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 07 June 2013 - 02:05 AM

it detected 7 and i had them removed and restarted it in normal boot, and so far nothing has popped up



i save the pic to my paint but dont know how to upload to post a url

 

Nice, that should probably have fixed it then. :)

i tried to send the image url and it said " You are not allowed to use the image extension in this community"

 

You can't even simply paste the link here? 


3dsig_zpsd150d538.png

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users