Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Can't Delete Trojan.generic.x, Persistent trojan
RicketyHat
post Sep 22 2009, 01:27 PM
Post #1


Newbie


Group: Members
Posts: 3
Joined: 8-September 09
From: S Africa
Member No.: 26,933



My BitDefender finds a Trojan in memeory every time I scan. When I mark it for deletion, it says it will delete it when I restart, but it is always there again after reboot. It calls it Trojan.generic.x, where x is a six or seven-digit number, and the number varies (209057, 2438994, 2283141). The infected file is \\?\globalroot\systemroot\system32\hjgruihowinyly.dll each time.

At the same time, which may be unrelated, I am having troubl with excessive traffic on my Internet connection and I have used a protocol anaylyser to examine the packets going from the PC to the network. It looks like a virus problem. I have seen:

1) Excesive pinging to a particular site (pokertrading.org) - 50 packets per second. This is undoubtedly a DDOS attack originating from my PC. I have put a firewall rule in to stop ICMP pacets beeing transmitted and this has stopped it.

2) DNS resquests to other sites e.g. judlife, minihyip, jidrka, seemingly trading sites similar to the above; once the site has been located, the PC downloads files from them. I have put the names of these sites in my "hosts" file (windows\system32\drivers\etc\hosts) - should I also put a deny rule in my firewall?

3) Even once I have done the above, there is still traffic from one of my PC processes to the network card. When I use bitdefender's firewall view log (increased verbosity), it shows the above firewall deny rule being activated for the process:
c:\windows\system32\svchost.exe, Cmd. Line: -k dcomlaunch

Questions:
a) is the svchost.exe for dcomlaunch causing the network accesses to the trading sites?
(IMG:style_emoticons/default/cool.gif) is this a virus/trojan?
c) if so, is it the trojan.generic I keep finding but am unable to delete?
d) how can I delete the trojan?

I hope the answer isn't to use the rescue CD as I only has a slow broadband link and 280MB is a lot to download in one go ( I download BitDefender 2010 after upgrading from 2008, and it took over 90 minutes - this will probably take nearly 4 hours, if it doesn't crash).

I can't find anyone on the forum with the same problem, maybe if there is they will tell me and we can commiserate with each other!
Go to the top of the page
 
+Quote Post
Alex Stanciu
post Sep 23 2009, 09:48 AM
Post #2


Technical Support
*****

Group: Regular Bitdefender Poster
Posts: 1,834
Joined: 17-June 09
From: Bucharest, Romania
Member No.: 24,948



Hello RicketyHat,

We need you to run 2 of our special malware diagnoses tools, in order to obtain some reports which will be analyzed by my colleagues from the Virus Analysis team . Please follow the next link: http://kb.bitdefender.com/KB490, download the Avis and the Gmer tools, run them and after you obtain the files that we need, go to http://www.sendspace.com/ , upload these reports then post here the download links. Also, it will help us if you can upload a copy of the scan report that you have run .

We are looking forward to your reply .

Thank you .
Go to the top of the page
 
+Quote Post
RicketyHat
post Sep 24 2009, 08:21 AM
Post #3


Newbie


Group: Members
Posts: 3
Joined: 8-September 09
From: S Africa
Member No.: 26,933



bd_sys_log.xml.ziP: http://www.sendspace.com/file/0jnasj
gmer.log: http://www.sendspace.com/file/wu57xy
deep scan log: http://www.sendspace.com/file/aux0zk

The details of the problem are in my previous post.

Kind regards,

RicketyHat

Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 21st August 2014 - 08:26 AM