Jump to content

Change Mode

Tr/spy.gen And Gen2 Found By Avira


Recommended Posts

Here is what is being found so fare, WebPage.Gen2 HTML Script virus, TR/Spy.Gen Trojan. I have Malwarebytes Anti-Malware 1.50.1.1100 (updated), ZoneAlarm, Avira Antivir Personal Free, Spybot SD Free, CCleaner, SpywareBlaster, SpywareGuard. All have been updated and ran with no detections and say they are clean. I know that this is not true as my pop ups keep showing these are still on my computer. How did I get these? Are then any scans I need to do and post here for every one to look at? How do I get rid of these? Is there better programs that are free to use then the ones I am all ready using? Lastly have I been High Jacked?

 

Thanks to every one in advance for there time, tips and help!

Link to post
Share on other sites

Thanks Jacee for that info now how do I get rid of it on my personal computer that is not a server or have personal web pages I use?

P.S. I found this link how ever WILL NOT do anything tell I am instructed to, thanks!

 

http://www.techspot.com/vb/topic143789.html

Edited by CowboyMike
Link to post
Share on other sites

Download ATF Cleaner http://www.atribune.org/

Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Finally go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

 

Next,

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u24 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.

Make sure Avira is updated and run a complete scan in 'normal' mode. Tell me what it finds.

Link to post
Share on other sites

Download ATF Cleaner http://www.atribune.org/

Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Finally go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

 

Next,

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u24 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.

Make sure Avira is updated and run a complete scan in 'normal' mode. Tell me what it finds.

 

Ok I have done all the above and just scanned with 3 items found :>(

 

1) witchernhpromo-ch.zip Detection TR/Buzus.eohi

2) SetupPlaySushi(1).exe Detection TR/Buzy.1446280

3) facebook-pic00095930306556.exe Detection TR/Crypt.XPACk.Gen

Here is a copy of the log if it helps I did quarantine the items as well....

 

Beginning disinfection:

C:\Users\Mike\Downloads\witcherenhpromo-ch.zip

[DETECTION] Is the TR/Buzus.eohi Trojan

[NOTE] The file was moved to the quarantine directory under the name '4b89ed0b.qua'.

C:\Users\Mike\Downloads\SetupPlaySushi (1).exe

[DETECTION] Is the TR/Buzy.1446280 Trojan

[NOTE] The file was moved to the quarantine directory under the name '531ec290.qua'.

C:\Users\Mike\Downloads\facebook-pic00095930306556.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0172987c.qua'.

Edited by CowboyMike
Link to post
Share on other sites

Delete these files ...

C:\Users\Mike\Downloads\witcherenhpromo-ch.zip

C:\Users\Mike\Downloads\SetupPlaySushi (1).exe

C:\Users\Mike\Downloads\facebook-pic00095930306556.exe

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Link to post
Share on other sites

Delete these files ...

C:\Users\Mike\Downloads\witcherenhpromo-ch.zip

C:\Users\Mike\Downloads\SetupPlaySushi (1).exe

C:\Users\Mike\Downloads\facebook-pic00095930306556.exe

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
ok I did all that here is what it found and cleaned....

 

 

C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined

C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Users\Mike\Downloads\MyFunCardsSetup2.3.76.6.ZUman000 (1).exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

C:\Users\Mike\Downloads\MyFunCardsSetup2.3.76.6.ZUman000.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

C:\Users\Mike\Downloads\RetrogamerSetup2.3.76.6.RGman000.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

C:\Users\Mike\Downloads\sacred-2-gold-deutsch-torrent.exe a variant of Win32/Adware.GoodMedia.A application cleaned by deleting - quarantined

C:\Users\Mike\Downloads\sacred-2-gold-edition-multi-torrent.exe a variant of Win32/Adware.GoodMedia.A application cleaned by deleting - quarantined

C:\Users\Mike\Downloads\Sacred-2-Gold-Edition-torrent.exe a variant of Win32/Adware.GoodMedia.A application cleaned by deleting - quarantined

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...