Trojan

L

lolli_pop

New Member
Ok, I'm a complete dummy when it comes to the insides of computers and important System32. files. (It's essential you know this in case you decide to help!!)

AVG came up with a virus, Trojan horse BackDoor.Generic2. TLW when opening a file called System32\fuxx32.sys (Haven't a clue what this is... just know it's important)

I clicked on Heal and it said "Requested action is not available for this object. Access to the file has been denied." So i clicked on Move To Vault and the same message came up.

I don't have the knowledge of System32 files to mess on with them without somebody giving me "Steps-For-Dummies", and I really really don't want to re-install Windows, as I don't have the disk.

What can I do? And is this kind of virus serious?? Please Please HELP!!!
 
If that is the only file AVG found you can locate it with Windows Explorer easy enough and right click on it to choose delete or drag it right into the recycle bin. The HiJack This log will see what registry entries will have to be modified if not removed. AVG is great for finding these things for manual removal while not always able to remove them itself.
 
PC eye said:
If that is the only file AVG found you can locate it with Windows Explorer easy enough and right click on it to choose delete or drag it right into the recycle bin. The HiJack This log will see what registry entries will have to be modified if not removed. AVG is great for finding these things for manual removal while not always able to remove them itself.
Click to expand...
That's not the only file with this infection.:)
 
It probably cant remove it because it is a file thats in use, I would boot into safemode and do a scan and try to repair the infected file before you just go and delete it, it is a system32 folder so it might be pretty important.
 
If you boot into safe mode you first want to know all locations if any other files are known to be on the drive. You can't run AVG or other utilities usually while being in safe mode. But you do want to remove anything found in the system32 and other sub folders of Windows since it couldn't healed or quarateened with AVG. Plus the registry still will need cleaning as well.
 
Well I was on a few other forums, and the same thing was recommended... to reboot the computer in safe mode and try to sort it out from there. But, in one forum, somebody said that it most probably would not work as the files infected would see be in use in safemode, and so he gave me a program called HaxFix, especially designed for the virus that I have. Not sure it's worked though, so I will try to run AVG again. He also said it's not safe to delete them (I think)... Though, even if it was safe to delete them, I don't think I would attempt that as computers aren't my strong point

I'M CONFUSED!! :confused: :confused: :confused:
 
The alternative when you are unable to remove all registry values would be either be to perform an "install to repair" of Windows. But you are lacking the installation disk to perform that. The use of a system restore point could also prove useless if those were also infected. So you are now faced with cleaning the registry first to disable the virus from loading if you are unable to locate a remover. Once it is inactive the manual removal of any infected files would be the next step. Here's a few others free to try out besides AdAware SE Personal. http://www.pcsmart.ca/noadware.htm?...neric2. tlw&OVKEY=trojan horse&OVMTC=advanced http://www.removespywareforever.com...neric2. tlw&OVKEY=trojan horse&OVMTC=advanced http://www.stop-sign.com/se/se113.p...advanced&b=&qq_abcnews&pg=&se_spin&ver=online http://www.windowsonecare.com/?sc_cid=mscom_srch http://www.majorgeeks.com/downloads31.html http://www.lavasoft.com/
 
Last edited:
Do what buzz said. This is a little easier..

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
 
Last edited:
 
A few other utilities either antivirus(AVG Free) and spyware/adware removers(AdAware SE Personal-Spy Sweeper-Spybot Search+Destroy, etc.) should be run prior to using the HiJack This due to this being an advanced registry orientated tool. As you will see from the first link some forums are now putting limits on posting logs by advising saving them as attachments. That site also carries a large number of freeware and shareware utilities available for download. For spywares removers, http://www.majorgeeks.com/downloads31.html For system registry cleaners, http://www.majorgeeks.com/downloads15.html Try to remove as much as you can before getting into the system's registry. That is rather a delicate area.
 
PC eye, you're giving the guy far too much information. He doesn't need to know how to interpret hijackthis logs, because Buzz will be telling him exactly what to delete and what to leave.

Posting a thousand links is all well and good, but do you really expect anyone to want to have to read everything you've linked? Personally, I'd like to keep it simple. I may be wrong, but you seem more interested in showcasing your knowledge than providing simple advice for someone who has stated they are a novice.
 
magicman said:
PC eye, you're giving the guy far too much information. He doesn't need to know how to interpret hijackthis logs, because Buzz will be telling him exactly what to delete and what to leave.

Posting a thousand links is all well and good, but do you really expect anyone to want to have to read everything you've linked? Personally, I'd like to keep it simple. I may be wrong, but you seem more interested in showcasing your knowledge than providing simple advice for someone who has stated they are a novice.
Click to expand...
Ditto...hijackthis log will tell all just post it and your problem will soon be solved with out doing this
mixed-smiley-037.gif
 
Never be overly confident in any one utility.

"The SANS Internet Storm Center, which tracks Internet threats, on Thursday listed some applications that, according to reports it received, can be tricked by the longer registry keys. The list includes AdAware, Microsoft's Windows AntiSpyware, HijackThis, Norton SystemWorks 2003 Pro, Microsoft's Windows Registry Editor and WinDoctor.

"It is important for users to know if they may have a blind spot in their local system security," SANS associate Robert Danford wrote on the SANS ISC Web site. "The take-home here is that...it will be important to many to watch for product updates in the coming weeks." Danford also works for the security alert team at StillSecure.

Of most concern are the so-called "run" keys in the registry. These keys are used to start applications when a Windows PC boots. Microsoft's Registry Editor and several popular security programs won't detect the overly long entries in the Windows Registry, yet the applications will still start, according to StillSecure's Ashley.

"It would be very easy for a spyware programmer to hide a keystroke logger on your machine using this technique," he said." http://news.com.com/Flaw+may+hide+malicious+software/2100-1002_3-5843863.html
 
Fine, I agree that no one piece of software can remove everything, but lets just wait and see what it can remove before moving on to something else.
 
I have no objection. Sorry if I have a nasty habit of looking into things a little bit deeper then others. One instructor who started with IBM when they first opened said: "Develop your problem solving skills.". ut oh......
 
You must log in or register to reply here.
Back
Top