W32/Suspicious_U.gen

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi, can someone help on th abv-captioned. Sequence of events asf:

1. Norman anti-virus detect it in file C:\norman\temp\nip\33263856.tmp;
repeated scans/removals but it repeatedly restore itself.
2. Norman suggested using their Norman Ad-Adware Plus.
3. Ad-Adware was installed and definition file upgraded, system restore
disabled and windows restarted in safe mode.
4. Did full system scan and ADS (Alternate Data Stream) scan with Ad-Adware;
2-3 negligible objects were found each scan.
5. Repeated scans/removals but it keeps 'moving' and restoring itself.
6. Windows Defender, Ewido and Spybot did not detect anything.
7. Tried th VX2 add-on of Ad-Adware and also use ccleaner after every scan;
it keeps coming back
8. When wondows is shut down, a program by th name of "sample" has to be
ended manually and that's unusual.

Hope someone can help. Thanks!

Rgds
Poh
 
Try with Rootkit Revealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html

Some Antivirus scanners cannot remove infections because you are online and
they are running on the system when you perform the scan, If you have
problems with the infection returning you would be best downloading these
scanners and running them in safe mºde

Microsoft Malicious software removal tººl :
http://go.microsoft.com/fwlink/?LinkId=40587

Trend Micro's Damage clean up tººl :
http://www.trendmicro.com/ftp/products/tsc/tsc.zip

Mcafee's Stinger Virus Remºver
http://vil.nai.com/vil/stinger/

Download the three removal tools and boot into safe mode (Reboot and keep
tapping F8 then choose safe mode from the list) Once in safe mode run all the
scanners and let remove anything fºund.

For the benefit of the community reading this post, please rate the pºst.

I hope this post is helpful.

Let us know how it works ºut.

Еиçеl
 
Hi Engel

Thanks for your help. Downloaded th 4 scanners and boot up in safe mode. Ran
th scanners but NONE of them found anything. When I ran norman anti-virus and
ad-adware , it is still there! What shld i do nxt? Tks.
 
Hi CW,
Try Ewido,
http://www.ewido.net/en

And/Or

This is a AndyManchesta (e-mail address removed)
or Ron Kinner (e-mail address removed) case beacuse I cannot find any good advice
within any forum without using HijackThis and to be carefully guided.
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
http://computercops.biz/HijackThis.html

Save it to C:\hjt (new folder) then Open it and select Scan and Save Log.
Note where you saved the log then send it to them as an attachment. Put
Hijack in the subject so they'll know it's not spªm.

Alternatively you can post it on the Dell Forum ªt:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Put Ron in the subject so he will see it. You do not need to have a Dell to
post but you will need to register.

Ron Kinner at (e-mail address removed)
Microsoft MVP 2004 & 2005

(e-mail address removed)
AndyManchesta at (e-mail address removed)

Feel free to mention that I sent you.
Еиçеl
 
Hi Engel

Tks fr ur reply. Ewido, Spybot and Windows Defender did not find anything. I
hav emailed Andy and Ron fr help. Wil keep u posted. Tks.

P.S> Btw, are u a staff of Microsoft?
 
Hi Engel

Hope your well :) , I did reply to CW yesterday after receiving a log
through email but there is no signs of infection in the HJT log, Ive asked
them to run Kaspersky's Webscanner and send me a sample of the file thats
being detected (using the Suspicious file packer from Safer Networking) so
will wait for a reply and see if I can help more.

Cheers

Andy
 
Hello Andy.

Good to hear from you, I hope evrething is OK with you.

Thank you for all your help.

Take care, and keep in touch ;-)
 
Hi Engel

You do know a lot :) Was busy for th past week as I was on bsns trip to
china. Andy has already responded to me and I hav given him th files. Hope it
could be resolved as I can't even shut down my notebook without removing th
battery manually!
 
Back
Top