Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Self Replicating Tojans


  • Please log in to reply
4 replies to this topic

#1 kevin77

kevin77

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 21 September 2006 - 11:13 AM

I'm not sure if I used to correct term but thats what seems to be happening. My computer got infected with the Smitfraud/Spysherrif virus/malware a while ago. I used a MULTITUDE of programs to try to remove it/them. I used The Cleaner by moosoft, SpyBot Search and Destroy, Ad Aware, ewido anti-spyware, Microsoft anti spyware and Avast virus protection and AVG virus protection. As well as using panda online scan I also used (after reading some instructions on how to use it) SmitfraudFix. Well after finnally removing the spysherrif/smitfraud. Now EVERYTIME I start my pc I get some weird "generic" trojan found by AVG scanner. I tried to google the files but google never finds it. Some of the names I get are Generic2.avs (I assumed that was the way AVG labeled the trojan I dont know) xnyrgiyk.exe, uvlycch.exe, lyrkcfbv.exe.

I used windows XP as well btw. Another thing AVG always finds the tojans in my documents and settings folder. I dont know if that helps. And lately as I am surfing the internet SOMETHING has been turning off my ewido anti-spyware protection. I hope I provided enough info on this issue. If you need more I can post more. This thing has been a nightmare

BC AdBot (Login to Remove)

 


m

#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:21 PM

Posted 21 September 2006 - 11:25 AM

Try running your scans in safe mode. If you still have infections you might try downloading and scanning with Asquared, it did a good job removing trojans for me. The link below will take you there.

http://www.voodoofiles.com/18365

A side note...you shouldn't run more than one antivirus at a time, they have a tendency to produce conflicts when they are run together.

Edited by dc3, 21 September 2006 - 11:27 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 HitSquad

HitSquad

    You're Bleepin' or you're Weepin'


  • Members
  • 1,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Momma
  • Local time:10:21 PM

Posted 21 September 2006 - 12:32 PM

Hi kevin77, welcome to BC.
If by chance asquared doesn't do it for you, use trojan hunter. (free 30 day trial).
After you install it, update the defs first before scanning.
AVG picked up a trojan (generic2.bay) on one of my coleegs system last week that it couldn't get rid of.
Trojan hunter took care of it, identifying it as agent 100.
Anything AVG detects but can't identify gets the "Generic" ID.
Don't forget to kill system restore until your system is clean.

Edited by HitSquad, 21 September 2006 - 12:41 PM.


#4 ThorXP

ThorXP

  • Banned
  • 880 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 21 September 2006 - 08:57 PM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link below.
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

NOTE:

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

#5 osmadness

osmadness

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 10 October 2006 - 01:47 PM

I've had the Spysheriff bug for about 1 week. Norton's 2006 Internet Security, Spybot and Adware where unsuccessful in removing SpySherriff. I dug out my old registration of XoftSpy and reloaded it - it detected is as a worm and removed it successfully. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users