I have Trojan horse Generic9.AATD in C:\WINDOWS\system32\dx7v.dll and in system32\dx7v.1
Its been a bugger to remove. Ive tried everything. AVG keeps giving a warning screen, Kaspersky couldn't get rid of it, Adaware doen't find it, SUPERAntispyware cant get rid of it either. Its not a file that can be deleted. Symantec does not have it in their library.
Anyone else dealt with this?
I have not the time to google this virus, but you can try housecall online virus scanner in the meantime. You can also try google for answers, as I am sure others have had this same problem.
-----------®N®----------
あなたをファック
Either boot into safe mode and try to delete it there, or, download HijackThis. Under Misc Tools, there's an option to Delete file on reboot. This will (hopefully) delete the DLL before it gets loaded into windows on your next reboot.
Hope this helps.
Join the Ron Paul Revolution
Ron Paul 2012
Also, be sure to turn OFF system restore before trying to remove the file.
If the suggestions made by the others do not work, especially remember to do this before proceeding-Originally Posted by mustang80
Please look at this forum post first, try what is suggested, and if it doesn't remove your trojan, proceed to the following-
(I authored this for another forum on July 10th of this year)-
For anyone that catches something and cannot get rid of it, try this.
The Sysclean Package by Trend Micro.
I used it a year ago and it removed the parasite.
I also became aware of how critical it is for the safety of my computer, to scan everything before opening,
as well as before seeding a torrent.
I have not been infected by anything since.
Please be mindful that it can take up to three hours or more to run while in *Safe Mode (very important to be in *S.M.),
but that if it can be cleaned by this powerful tool, it will be.
If it does not, it's a bad one and time for the shop...
Please go here-
http://www.trendmicro.com/download/dcs.asp
Read towards the bottom- Follow directions carefully.
Again, this virus clean up may take 3 or more hours...
(Download what I have typed in red)-
"If you are not a Trend Micro customer please download the following file.
Sysclean Package 3.2MB
MD5 checksum: 81a08891253807c6124a28e6acf887d6
NOTE:
For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. This file also contains the description and the different features of this package.
Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
DCT CONTROL RELEASE
Download Latest DCT Control Release
The Damage Cleanup Template (DCT) Control Release is a pre-release version of Damage Cleanup Template (DCT) and is updated by TrendLabs almost as often as new samples come in. Since it is designed to clean registries and system files from 'in-the-wild' malware infections, DCT Control release receives only preliminary testing. DCT Control Release also must be deployed manually to your product.
Click the link above for additional information and deployment instructions. Users are advised to read the succeeding disclaimer carefully before downloading the current DCT Control Release."
Good luck!
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
first off...lets do this
start..run..type in..%temp%..a new window wil open..delete all folders/files in the new window..right click..select all..delete
same thing re..start..run..type in..temp..same thing..delete all of them
ok,1 more time..start,run.type in..prefetch..remove all of them.
ok..now lets go to start..run..type in..msconfig...press enter..a new windows will open up
select the START UP TAB..(if it was me..i would DISABLE ALL.press apply..press ok)..do not reboot yet..close all windows
now go to start..control panel..folder options.(if u do not see folder options..on left hand side..click switch to classic view)..folder options..view..half way down u will see...SHOW ALL HIDDEN FILES AND FOLDERS)check that..press apply..press ok..
hmm, some ppl do not suggest that u turn off system restore becaue if something happens u will not be able to restore to a earlier time. .so we will skip that part( unless u want to turn it off..(all programs..system tools..system restore..u will see option to turn off restore..u will have to pressapply and ok)
now lets go here and run a free online scan
http://support.f-secure.com/enu/home/ols.shtml
remove anything and everything f-secure finds
(this could take a couple hrs depending on what u have on pc)
u said u have superantispyware.did it detect the threat also..try to scan with it now since we have exposed folders/files
remove anyhting superantispyware finds
now if u are still infected
u can try ..
hijackthis
smitfraud fix
combo fix
if u have no idea what these are or how to use them..u can email me if interested
or u can visit one of these forums and get professional help for free
http://www.geekstogo.com/
http://forums.whatthetech.com/forums.html
http://www.castlecops.com/
dont ask for what u cant take
I've already posted the mother of all antivirus efforts on the 8th.
use the SEARCH function.
After you install and update Spybot, be sure to Click on IMMUNIZE the system
Use the Advanced Mode --> Tools > Host file
Then be sure that the Spyware Blaster is updated and all protection enabled.
Then run Hijack This. Dont make changes with it yet.
http://www.bleepingcomputer.com/tutorials/tutorial42.html
there are plenty of FREE web based scans out there that always have the most updated virus definations. Run them, and say YES when asked to disinfect.
http://www.trendmicro.com/hc_intro/default.asp
http://www.pandasoftware.com/actives...an/ascan_2.asp
http://www.bitdefender.com/scan8/ie.html
http://security.symantec.com/sscv6/h...Y CZRWEJGSSKE
http://www.kaspersky.com /scanforvirus.html
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://support.f-secure.com/enu/home/ols.shtml
INDIVIDUAL FILE SCAN - http://virusscan.jotti.org/
.
Hightimes I did all that and still no go.
Then why don't you try what I suggested?
I may be a woman, but head the "Protect your Computer" section at our site...
I do know what I am talking about, but it's your computer....
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
You can lead a horse to water but . . . .
This has always been a problem here, you spell things out and do everything but go to their house and do it FOR them, but to no avail.
Your suggestions were good, hightimes was right on with deleting the temp folders etc, and there are dozens if not hundreds of examples here to follow, let alone GOOGLE the answers.
You see why I'm an intolerant bastard? You just have to keep realistic expectations, throw your bit out there, and let the dice roll from there.
.
No shite. Today has been frustrating, not here but elsewhere (I need another wireless adapter and am having to deal with hubby's laptop while waiting on it. I hate laptops).
All I know is that I love my machine. I must say you worded my thoughts nicely, cuz I ain't in that good a mood right now and may have said the same thing, in quite a different way...<snickers to self>
Cheers!
P.S. I am quite the intolerant bi*ch as well. What's your mother's name?
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
okay Helena, I am now doing it your way.
Ill let you know what happens. I did not mean to diss you, I guess the other post just came up first.
The woman is usually always right, its just a guy thing to go it his way first.
Don't be dissin' Krell either. IMHO, he is the resident computer expert here.
The problem is when people don't help themselves.
-----------®N®----------
あなたをファック
I completed the procedure as outlined by HelenaP. Its still there. This one has me stumped. It does not seem to be actually doing anything, yet. Looks like a format is comming, Im due anyway.
Thanks for your help folks. By the way your guides did find a few other bugs that were laying in the bushes.
Um... Krell is much more astute with these things...
but did the procedure finish? Or did it get "stuck?"
I ask, because if it got stuck, it's probably a worm and that's a totally different animal...
Hopefully, you say that it completed...
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
Posting Permissions
Reply With Quote
Bookmarks