Jump to content


Photo

Cannot remove Trojan:win32.generic!BT


  • This topic is locked This topic is locked
8 replies to this topic

#1 hamneggs

hamneggs

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 10 August 2012 - 01:25 AM

I have been trying without success to disinfect a Windows Vista computer for 4 days. The infection Trojan:win32.generic!BT is detected and cleaned by AdAware. However after restarting the computer it is detected again.

The latest version of AdAware was installed on 5 Aug, confirmed up to date today.

The output files from DDS run in Safe Mode are attached.

I could not run DDS normally without a blue screen occurring (DRIVER_IRQL_NOT_LESS_OR_EQUAL failing on mbr.sys)

Thanks for your help.

Attached Files


Edited by hamneggs, 10 August 2012 - 02:43 AM.


#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 10 August 2012 - 05:26 AM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 hamneggs

hamneggs

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 10 August 2012 - 11:22 AM

Thank you for your quick reply.

I ran ComboFix as instructed. It did not complete as described, as there was a blue screen crash after running for around an hour. The message was DRIVER_VERIFIER_DETECTED_VIOLATION and the filing module was PROCEXP113.SYS.

I have attached the file ComboFix.txt located in the root of C:\

DDS still will not run without crashing in Normal mode, I have attached the output files from running in Safe mode.

Attached Files



#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 10 August 2012 - 02:49 PM

Hi again,

DDS still will not run without crashing in Normal mode, I have attached the output files from running in Safe mode.

Yes, on some machines DDS won't run without crashing. Good thing safe mode works.

Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\programdata\Babylon


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1, 10.1.2 & 10.1.3 updates for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player and get the fresh one here if needed.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Is the problem still present?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 hamneggs

hamneggs

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 10 August 2012 - 04:09 PM

CFScript dragged onto CombiFix.exe. Log attached.

Attached Files



#6 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 13 August 2012 - 07:37 AM

Hi,

Were you able to take other steps listed?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#7 hamneggs

hamneggs

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 13 August 2012 - 05:15 PM

While doing the ESET scan a BSOD crash occurred and on restarting, windows found substantial file corruption. I immediately restored the OS and lost all of the results, and am still running scans as something seems unhappy with AntiVirus checks.

#8 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 14 August 2012 - 05:57 AM

Ok. If you still need help post fresh DDS logs and let me know about remaining problems.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#9 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 14 September 2012 - 09:37 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users