Generic.dx trojan

  • Thread starter Thread starter gina
  • Start date Start date
G

gina

Hi,
I recevied messages from mcafee that the generic.dx trojan was deleted from
my machine and i noticed some url shortcuts on my desktop (which keep coming
back). i ran adaware and in the log it showed the following removed:

<removedObjects>
<family id="9999" name="MRU Object" category="MRU Object" tai="0">
<item id="2" value="MRU Registry Key:
S-1-5-21-391292469-388187654-2510000095-1006\Software\Microsoft\Search
Assistant\ACMru\5603 Count: 1"/>
</family>

so i have so far turned off system restore (at which point the url shortcuts
appeared on my desktop again) and am running adaware again, then i will turn
on system restore again (hopefully this is the correct sequence)...is there
anything else that anyone recommends? what do i do if those url's reappear
after doing the above? i assume they are part of the one trojan...

thx - gina
 
Download, install, update and scan your computer with the 2 programs below,
in Safe Mode.
also scan with your AV while in SM.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking, and install, update
and scan from there.
 
gina said:
Hi,
I recevied messages from mcafee that the generic.dx trojan was deleted from
my machine and i noticed some url shortcuts on my desktop (which keep coming
back). i ran adaware and in the log it showed the following removed:

<removedObjects>
<family id="9999" name="MRU Object" category="MRU Object" tai="0">
<item id="2" value="MRU Registry Key:
S-1-5-21-391292469-388187654-2510000095-1006\Software\Microsoft\Search
Assistant\ACMru\5603 Count: 1"/>
</family>

so i have so far turned off system restore (at which point the url shortcuts
appeared on my desktop again) and am running adaware again, then i will turn
on system restore again (hopefully this is the correct sequence)...is there
anything else that anyone recommends? what do i do if those url's reappear
after doing the above? i assume they are part of the one trojan...

thx - gina

Hi Gina,
This might not be a malware, but rather a privacy concern on your browser!

# First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
# Scan for malware from here:
Download and Update both SuperAntispyware and Malwarebytes then run a
complete scan - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe

# Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html

# If you wish to send me your Hijackthis log I will be happy to help you
further or send to one of many forums on the internet for help!
Download Hijackthis from here.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk ( _ is underscore)
HTH,
nass
 
Thanks SO MUCH Mike and Nass, I ran the malware and spyware programs and
reconfigured my internet options. It looks like it has gone away (not sure
if one can tell it is completely clean) but after running all those programs
they found the trojan and a rogue as well as a bunch of spybot entries!

Is it at this point that i should turn on system restore again?

Thanks again!
 
Hi Gina,
Yes, try to turn the System Restore ON but it would be helpful if you told
me what the Trojans name is!
Bear in mind if the system restore points infected it can reinfect your
machine again if you restore from an Infected Restore Point.

If you wish to send me your hijackthis log or send it to one of many forums
to help you and make sure your machine is clean, to be safe please do so.
HTH,
nass
 
Gina

I would run Spybot again to see if it finds any more malware (not
cookies) and repeat the process daily for several days. If you find any
more you know you could have a hidden beastie holding a door open for
his friends to return.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Back
Top