Trojan.Gen.2

vqv4844 · ‎05-31-2012

A pop up keeps coming from Norton saying status: Block Activity 8000000.@(Trojan.Gen.2) detected by Auto-Protect but I can get rid of it.

ASWMBR quick scan:

2012-05-31 21:40:04 -----------------------------

21:40:04.666 OS Version: Windows x64 6.1.7601 Service Pack 1

21:40:04.666 Number of processors: 6 586 0xA00

21:40:04.666 ComputerName: VINH-PC UserName: Vinh

21:40:04.807 Initialize success 21:40:09.667 AVAST engine defs: 12053101

21:40:13.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:40:13.754 Disk 0 Vendor: INTEL_SSDSA2MH080G1GC 045C8820 Size: 76319MB BusType: 3

21:40:13.754 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2

21:40:13.754 Disk 1 Vendor: WDC_WD5000AAKS-22A7B0 01.03B01 Size: 476940MB BusType: 3

21:40:13.754 Disk 0 MBR read successfully

21:40:13.754 Disk 0 MBR scan

21:40:13.770 Disk 0 Windows 7 default MBR code

21:40:13.770 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

21:40:13.770 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848

21:40:13.770 Disk 0 scanning C:\Windows\system32\drivers

21:40:16.718 Service scanning

21:40:23.848 Modules scanning

21:40:23.848 Disk 0 trace - called modules:

21:40:23.848 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 21:40:23.848 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a95790]

21:40:23.863 3 CLASSPNP.SYS[fffff88001b7343f] -> nt!IofCallDriver -> [0xfffffa8003b10580]

21:40:23.863 5 ACPI.sys[fffff88000ed37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003b0f060] 21:40:23.972 AVAST engine scan C:\Windows

21:40:24.706 AVAST engine scan C:\Windows\system32

21:41:40.319 AVAST engine scan C:\Windows\system32\drivers

21:41:43.860 AVAST engine scan C:\Users\Vinh

21:42:00.864 File: C:\Users\Vinh\AppData\Local\{133fbae9-a55a-9e94-0d44-4323c259b0be}\n **INFECTED** Win64:Sirefef-F [Rtk]

21:42:05.466 AVAST engine scan C:\ProgramData

21:42:25.621 Scan finished successfully

21:45:33.758 Disk 0 MBR has been saved successfully to "C:\Users\Vinh\Desktop\MBR.dat"

21:45:33.758 The log file has been saved successfully to "C:\Users\Vinh\Desktop\aswMBR.txt"

Please show me how to get rid of this.

Thank you!

James_Carr · ‎04-26-2012

According to those logs, it looks like you are running Avast Antivirus, which is a completely different product than Norton Antivirus.

Do you have Avast AND Norton installed at the same time?

If you have Norton installed, you will need to remove Avast in order for the product to function correctly. When a virus is detected, Norton will attempt to quarantine the virus automatically. You shouldn't have to do anything.

If that does not work, start the computer in safe mode and run a full system scan. See if it will remove it then.

vqv4844 · ‎05-31-2012

No i just dled the scanner cause I read what other users did to post a log. I have norton 360 only.

Thanks.

vqv4844 · ‎05-31-2012

I ran a full scan on Norton and it did not detect anything. I also disabled Norton auto-protect and used malwarebytes and it did not detect anything.

James_Carr · ‎04-26-2012

[edit] Missed your latest post.

Did you run it in safe mode?

You can also run a more aggressive scanner called Power Eraser, which is also a Norton tool. http://security.symantec.com/nbrt/npe.aspx

If Norton still doesn't detect anything after running Power Eraser, you may not actually be infected. Are you getting any symptoms of the virus? Such as popups, browser redirects, etc...

As usual, you want to backup your important files just incase you have to do a clean install of Windows.

Quads · ‎07-21-2008

James Carr

The Avast Tool is a stand alone tool like TDSSkiller and does not interfer with Norton

Norton struggles or is not allowed to remove zeroaccess which is what is being detected, if it is another newest variant like the one I am working on then Norton is a NO.

FixZeroaccess also doesn't work and don't use NPE on zeroaccess, looks like you don't know what you are looking at.

It will get to this thread in time

Quads

Quads · ‎07-21-2008

Are you still there??

Quads

shannons · ‎01-07-2009

Moved:

Moved to own thread for better exposure.

Quads · ‎07-21-2008

Have you disappeared or is it fixed??

Quads

Norton 360

Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Products

Services

Support