Don't know how to get rid of Trojan.Gen.2

On the Machine we are working on 

 

Please read carefully

 

1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.

 

2.  Please scan with ESET next


I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and DON'T (NO) check Remove found threats 
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply


If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it. 

 

Quads

 

Hi there!

 

OK, here is MBR log, but the ESET is still scanning (more than 10 hrs now!)

 

Thanks,

 

Roman

Hi,

 

Here is ESET log file.

 

Thanks.

I have to create a script for what both logs state.

 

Quads

Thanks for getting back to me!

Roman

Firstly,   Keygens and cracks are ILLEGAL!!!!!!!! and not only that they a lot of the time contain malware, which looks like you found out the hard way.

 

Read all of this message first

 

Download Combofix http://www.bleepingcomputer.com/download/anti-virus/combofix


  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix,
  • Close any open browsers and any other programs you might have running

Doiwnload the attached CFscript.txt, Now  drag the CFScript.txt into the ComboFix.exe  

 


  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Quads

Thanks!

All the keygens I inherited from an old HP computer which belonged to my colleague...

 

Here is ComboFix file.

Some of the keygens are from your download folder,  Roman user account not the HP folder I also noticed.

 

You will or could find problems with the Browsers due to left over settings for now, and I see one file is also left to get, as well as the clean up.

 

Make sure your recycle bin is empty. then

 

Download OTL   hxxp://oldtimer.geekstogo.com/OTL.exe   (change the hxxp to http) save it to your Desktop.

Double click on OTL.exe to run it.  Right click OTL.exe and select run as administator for Vista and Win 7.

Click the Scan All Users checkbox.

Change file age to 60 days


Press the 

 

Quads

Here is the OTL log.

Thanks,

Roman

This script will take a bit of time,   I suggest completely uninstalling Firefox and Google Chrome,  that includes deleteing all the data when it asks in the mean time.

 

They can be installed fresh latter.

 

Quads

 

OK.

Start OTL,   under   Copy and paste the custom script attached which you open in for instance Notepad,(include the : at the start of :OTL and all the way to the end / bottom)  and run the script. (Red Run Fix Button)

 

The output log, should be placed in the _OTL folder after.

 

Quads

Here is the OTL log.

 

Thanks,

 

Roman

Did OTL reboot the system??

 

Quads

Yes, it did.

Do you get any browser redirects now, and is your system running nicely??

 

Quads

It looks, like everything is running just fine. I can't see any redirects, boot is normal.

Seems like you did a great job, Quads, thanks alot!

 

Roman

Turn Off System Restore for say 1 hour, then turn it back on and create a nice and new restore point.   

 

Then Start OTL  and click the Black Cleanup Button.

 

You can then fresh install Firefox and Googlr Chrome if you want, make sure you download from the creators sites only.

 

I see you have Malwarebytes, with Norton running as realtime, you only need Malwarebytes Free. 

 

Quads

Thanks, Quads, I will do as you say.

 

Hope it brings this issue to a closure!

 

Best,

 

Roman

Hopefully after that everything is good, so that would mean the infection is gone, the boot problem is fixed and the system cleaned meaning that it has all been solved.

 

Quads