Not what you were looking for? Ask our experts!
Reply
Visitor
kd12345
Posts: 6
Registered: ‎06-03-2012

Trojan.Gen.2 80000000.@ Security Risk

I keep getting security alerts from Norton about Trojan.Gen.2:

 

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Users\MyUserName\AppData\Local\{50a6c3a4-694c-557b-b769-90cc6b56eea6}\U\80000000.@

Location: Quarantine
Computer: MyComputer
User: MyUserName
Action taken: Quarantine succeeded : Access denied
Date found: ....
I've tried lots of programs since these alerts started popping up about a week ago but none seem to have helped. Here's a list of scans performed on my PC so far:
1. Norton Antivirus full system scan
2. Malwarebytes Antiware smart and full scans
3. Trojan Hunter full scan
4. Spybot full scan
5. Repeated above scans in Safe Mode
None of these scans reported issues.
NPE (Norton Power Eraser) identified a problem with HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\version\Image File Execution Options\ehshell.exe\"Debugger" but was unable to delete it.
I'm running Windows 7 (64 bit). Any help would be greatly appreciated!
Thanks!
Bot Obliterator
Quads
Posts: 16,451
Registered: ‎07-21-2008

Re: Trojan.Gen.2 80000000.@ Security Risk

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

A 64 bit system so I am just thinking for a bit.

 

Quads

Bot Obliterator
Quads
Posts: 16,451
Registered: ‎07-21-2008

Re: Trojan.Gen.2 80000000.@ Security Risk

Download OTL   hxxp://oldtimer.geekstogo.com/OTL.exe   (change the hxxp to http) save it to your Desktop.

Double click on OTL.exe to run it.  Right click OTL.exe and select run as administator for Vista and Win 7.

 

Disable Norton for say 30 minutes

 

Start OTL,  

Click the Scan All Users checkbox.

Change file age to 60 days

under  Copy and paste what is below between the lines


 


msconfig
activex
drivers32
netsvcs
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
services.exe
tdx.sys
afd.sys
cdrom.sys
i8042prt.sys
netbt.sys
redbook.sys

mrxsmb.sys

/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs


 

Press the 

 

 

An OTL.txt will be created.

 

Quads

shannons
Posts: 11,759
Topics: 50
Kudos: 115
Solutions: 8
Registered: ‎01-07-2009

Re: Trojan.Gen.2 80000000.@ Security Risk

Visitor
kd12345
Posts: 6
Registered: ‎06-03-2012

Re: Trojan.Gen.2 80000000.@ Security Risk

[ Edited ]

Quads, Thank you for your help!

Bot Obliterator
Quads
Posts: 16,451
Registered: ‎07-21-2008

Re: Trojan.Gen.2 80000000.@ Security Risk

That just makes it harder

 

a) What did TDSSkiller find???

 

b) Uninstall Malwarebytes and Spybot S&D

 

Quads

Visitor
kd12345
Posts: 6
Registered: ‎06-03-2012

Re: Trojan.Gen.2 80000000.@ Security Risk

[ Edited ]

TDSSKiller found 0 threats

 

Malwarebytes and Spybot S&D have been uninstalled.

 

Would you have me run OTL again?

 

Thanks

Bot Obliterator
Quads
Posts: 16,451
Registered: ‎07-21-2008

Re: Trojan.Gen.2 80000000.@ Security Risk

Lets break the first line of infection first

 

a) Is your username really called  C:\Users\MyUserName\AppData\Local\{50a6c3a4-694c-557b-b769-90cc6b56eea6}

 

Quads

Visitor
kd12345
Posts: 6
Registered: ‎06-03-2012

Re: Trojan.Gen.2 80000000.@ Security Risk

kd12345

 

Symantec Alert:

 

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Users\kd12345.MYDOMAIN\AppData\Local\{50a6c3a4-694c-557b-b769-90cc6b56eea6}\U\80000000.@

Location: C:\Users\kd12345.MYDOMAIN\AppData\Local\{50a6c3a4-694c-557b-b769-90cc6b56eea6}\U
Computer: KDCOMPUTER
User: kd12345
Action taken: Pending Side Effects Analysis : Access denied
Bot Obliterator
Quads
Posts: 16,451
Registered: ‎07-21-2008

Re: Trojan.Gen.2 80000000.@ Security Risk

and .MYDOMAIN is actually part of the username for the path??

 

Quads