• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Trojan.Gen.2

Norton keeps finding Trojan.Gen.2 in the recycle bin about every 4-5 minutes.

C:\$Recycle.Bin\S-1-5-21-1229272821-1532298954-725345543-3231\$ffcccbf80084f927c16f7e057b733c18\U\800000cb.@

Windows 7 64-bit SP1

any help to remove this would be appreciated.

-Matt

Replies

Kudos0

Re: Trojan.Gen.2

Norton keeps finding Trojan.Gen.2 in the recycle bin about every 4-5 minutes.

C:\$Recycle.Bin\S-1-5-21-1229272821-1532298954-725345543-3231\$ffcccbf80084f927c16f7e057b733c18\U\800000cb.@

Windows 7 64-bit SP1

any help to remove this would be appreciated.

-Matt

Kudos0

Re: Trojan.Gen.2

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient.   I am  trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update.  I use the boards in reverse to what is seen

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
  • If I ask a Question just answer it, don't run anything unless it states.
  • Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

Although zeroaccess is detected I have had to remove more than that on machines, like a Bootkit, BCD fix, partition removal, FakeAV and any other objects as a total clean up.

 

 

Download these 2 programs to you desktop ready just in case after the break you have no Internet  Don't run them yet

http://www.bleepingcomputer.com/download/farbar-service-scanner/

http://www.bleepingcomputer.com/download/combofix/

And yes for users reading I Infected my system with this variant and watched what happened during and after the break.

Quads

Kudos0

Re: Trojan.Gen.2

I have downloaded the two files to my desktop.

-Matt

Kudos0

Re: Trojan.Gen.2

Also it appears to only happen under a single user profile.  And that profile is setup only as a user not as power user or admin.  Logging in under the admin account does not pop the AV window every 4-5 minutes.

-Matt

Kudos0

Re: Trojan.Gen.2

Download the 2 attached .txt files, and remove the .txt extension so that you have the files end in .reg (ZAFix1.reg) etc.

Then click to run the files and then the system should ask if you want the data added to the registry, answer = yes.  A cofirmation message should them appear saying that the data has been added..

The other way is to right click the files and choose "Open With" from the menu, and you should see Registry Editor as an option to choose.

For me this repaired the 2 Windows registry keys in question.  So then I could after deal with the rest and also repair broken services.

Quads

File Attachment: 
Kudos0

Re: Trojan.Gen.2

I saved the files as .reg and imported them into the registry.

I then rebooted and now the Norton warnings are no longer popping up.

-Matt

Kudos0

Re: Trojan.Gen.2

Run FSS.exe, Tick all the boxes before running the scan and post back a log.

Quads

Kudos0

Re: Trojan.Gen.2

fss.txt attached

File Attachment: 
Kudos0

Re: Trojan.Gen.2

Download the attached .txt files, and remove the .txt extension so that you have the files end in .reg 

Then click to run the files and then the system should ask if you want the data added to the registry, answer = yes.  A cofirmation message should them appear saying that the data has been added..

The other way is to right click the files and choose "Open With" from the menu, and you should see Registry Editor as an option to choose.

Then restart the system and run FSS again with all options ticked and post the log back

The system restore fix, is not the system restore service if people reading are thinking that.

Quads

This thread is closed from further comment. Please visit the forum to start a new thread.