Jump to content


Photo

Trojan.Win32.Generic!BT


  • This topic is locked This topic is locked
14 replies to this topic

#1 jerlgrain

jerlgrain

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 November 2011 - 03:43 AM

Hello,

Had family over for the holiday weekend and someone opened a link/file that caused a trojan to infect my PC. Before finding this site I tried to run my AVG. It cleaned some. But apparently not all. I also tried going back about a week to a system restore point. Still nothing. I downloaded and ran the latest version of Ad-Aware. Then did the OTL steps. Here are the files it created.

Ad-Aware said I should restart my system but I did not do that yet. If I should do that first then run the OTL again I would be happy to do so. Just trying to go in the order of the post "Read This Before You Post!" first.


Thanks for any help,
J

Attached Files

  • Attached File  OTL.Txt   129.91KB   182 downloads
  • Attached File  Extras.Txt   48.84KB   440 downloads


#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 30 November 2011 - 09:42 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 jerlgrain

jerlgrain

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 November 2011 - 01:47 PM

Thank you so much for your help.
I disabled AVG and disabled Ad-Aware, then ran the DDS. Here are the two files.

Thank you again,
J

Attached Files



#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 30 November 2011 - 04:16 PM

Hi,

uTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 jerlgrain

jerlgrain

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 01 December 2011 - 04:22 AM

Ok, a few notes on somethings that happened prior to ComboFix ran in case it helps.

I tried to find an uninstall option for uTorrent. But I could not find it anywhere. I tried the control panel where I normally look first and it does not show uTorrent installed there. I have sometimes had more success going to CCleaner uninstall option and nothing there either. I am guessing since the version I have is probably much older than a current version maybe it got messed up long ago. So, uTorrent is still on at the moment.

Also, AVG would only let me disable it for 15 min. So, I thought I would just uninstall it. And it gave me some errors and would not uninstall. Go figure. So I left AVG on and disabled it for the 15 min, but as I started ComboFix and let it run it only had a minute or so left on AVG before it would be "active" again so I clicked on extend time in AVG to give it more time to not be active. I am sure that may skew something but just wanted to let you know.

And finally, I actually started ComboFix once, then I got the blue screen of death from microsoft. Had to reboot the pc, then ran ComboFix again (with the AVG extend time mentioned above.)

So, finally, here is the file the ComboFix made after the 2nd attempt that did complete. Along with new dds and attach files.

Thank you for your help!
J

Attached Files



#6 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 01 December 2011 - 06:47 AM

Hi again,

uTorrent may be version that hasn't entry in uninstall list. In that case deleting its folder is enough.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 1.
  • Click the

    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:

    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.
Post back its report & a fresh dds.txt log. Any issues left?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#7 jerlgrain

jerlgrain

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 02 December 2011 - 01:43 PM

Deleted uTorrent folder
Removed old flash from your link
Added new flash from your link
Removed all old JAVA
Installed the newest JRE

Ran ESET. It did find 2 things, file attached.

Reran dds, files attached.

Thank you,
J

Attached Files



#8 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 02 December 2011 - 04:06 PM

Hi,

You may ignore those two findings. How's the system running now?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#9 jerlgrain

jerlgrain

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 03 December 2011 - 03:43 AM

My PC seems to be running great now.

Prior to all of this, I was using the AVG software and SpywareBlaster. And apparently we see what happened. Currently those are still on as well as Ad-Aware. Do you think I should go ahead and leave all three or remove AVG? Or is there any other protection that I should use instead? You have helped so much Blade81 and truly appreciate and trust your advice.

Thank you!!!
J

#10 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 03 December 2011 - 10:39 AM

You're welcome :)

Prior to all of this, I was using the AVG software and SpywareBlaster. And apparently we see what happened. Currently those are still on as well as Ad-Aware. Do you think I should go ahead and leave all three or remove AVG? Or is there any other protection that I should use instead?

Malware probably got in by exploiting vulnerabilities in those outdated Flash and Java. Among good protection software it's impotant system and its 3rd party software is up-to-date.

If no issues left, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#11 jerlgrain

jerlgrain

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 06 December 2011 - 03:47 AM

Things seem to be going really smooth on the system. Only problem I have really had is not virus related. Just a probably with other software. Primarily two: AVG and iTunes.

Early in our posts I had mentioned trying to uninstall AVG but something must have messed up and it will not let me uninstall. And I cannot re install it either hoping it would correct any problem. I can live with it for now, just kinda annoying.

And also, for at least a year or more when I update iTunes, occasionally I am not able to update to the latest version. I am on 10.3.1.55, latest version is 10.5.1 according to Secunia PSI. All seems to be working ok, but I know there are those little fixes in the background that I usually want it to update/correct just for safety.

Other than that, PC is running great.

Thanks,
J

#12 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 06 December 2011 - 09:50 AM

Hi,

What happens when you try to uninstall AVG? Please see if AVG remover works. Also, if iTunes is having issues better try to reinstall it.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#13 jerlgrain

jerlgrain

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 15 December 2011 - 04:27 AM

Well, I have been crazy busy and have not had much time to work on the PC. But, I have not got AVG off it yet. I just found this text file it made after attempting to remove AVG a couple times last week and again this morning.

I am starting to think if I get time in a couple weeks (after Christmas), it may be time for me to make sure all my data is totally backed up and I may consider re-installing everything from scratch on the PC.

I truly appreciate all your very valuable help Blade81. You have helped me (and my wife) out so much since she is probably on this more during the day than I am in the mornings and evenings.

Jeremy

Attached Files



#14 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 15 December 2011 - 07:03 AM

Hi,


Revo Uninstaller may be able to help here.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#15 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 16 January 2012 - 05:37 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users