Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horses


  • Please log in to reply
11 replies to this topic

#1 meg1

meg1

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 24 May 2007 - 11:05 AM

Hi All,
My AVG keeps coming up with these two threats detected.I keep clicking on heal and it says they are healed then a few minutes later they come up again.They are Trojan Horse Downloader.Agent.JUO underneath this it says C:\WINDOWS\system32\(317A3E74-2D58-4BBD-80F0-62BDEB039FCB).exe backup copy
infected

The second one is Trojan Horse Generic3.LXF which is in C:\WINDOWS\system32\(327F2719-C613-4A39-B460-2FD091D76C71).EXE
backup copy
infected.

I am running windows xp and would be very glad of any help to get rid of these things.
Thanks in advance for reading this.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 24 May 2007 - 01:20 PM

Hello meg1

What OS (Win XP/2000, etc) are you using? Have you tried doing your scans in "SAFE MODE"?

Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan.

Then perform this online Virus scan: BitDefender Online Scanner. <- Add a check by "Autoclean".
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]

Post back if your still having problems afterwards.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 meg1

meg1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 29 May 2007 - 08:50 PM

Hi again quietman,
Thanks for your reply.I followed all your instructions and thought that I had got rid of these things but tonight they have come back.Should I repeat what you told me to do before or is there some other way of getting rid of them?I really do appreciate your help and thank you for taking the time to try and help me.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 30 May 2007 - 06:45 AM

Download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware.)
Be sure to print out and follow the AVG Anti-Spyware Install-Scan Instructions and read the User Manual.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 PM

Posted 30 May 2007 - 09:26 AM

http://forum.grisoft.cz/freeforum/index.php?0

Try the above link to the AVG forum. I am sure I saw something there about the Generic.LXF one being a false positive.

Hope this helps,
Bluesjunior.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 30 May 2007 - 09:42 AM

I had tried a search at the forum for Generic3.LXF but came back with negative results. There are posts on other Generic3's (KIZ, ABKK, etc) so it was probably one of them that you recall.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 meg1

meg1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 31 May 2007 - 11:47 AM

Hi Folks,
Thanks very much for your replies.I ran avg in safe mode and it found and deleted these things.However I have just had the avg pop up the warning for this generic3.lxf thing again.I clicked on heal and it says that it has been healed so I will wait and see.By the way re.bluesjuniors post what is a false positive? again thanks for all your halp on this.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 31 May 2007 - 11:54 AM

False positive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 meg1

meg1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 31 May 2007 - 12:06 PM

Thanks quietman I read about false positives and think that this must be what it is.Would you say that this could be an innocent,harmless file then.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 31 May 2007 - 12:13 PM

Get a second opinion by submitting the file to jotti's virusscan or virustotal.com.
In the "File to upload & scan" box, browse to the location of the suspicious file and submit [upload] it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 meg1

meg1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 31 May 2007 - 12:16 PM

Ok Quietman7 I will do that.Thanks again for all your help.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 31 May 2007 - 12:25 PM

Your welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users