Trojan Generic_r.JXT Removal and Recovery Help

[trooper2013]

Hi there, my problem is that this trojan took many of my files and then replaced them with shortcuts of the original files. It appears the original files were changed to hidden files and then renamed by the virus. I have run Malwarebytes and removed a number of threats, as well as run FRST, mbam_check, and JRT. Attached are the files created by the last three.

My question is how can I safely restore the files so that the shortcuts are removed and the hidden files are returned to their original state? At the very least, is there a way to automate the removal of the shortcuts or are they irrelevant once the virus is removed, and the data needs to be manually renamed and moved to its original location?

Additionally is there any evidence that further steps are required to clean this machine?

Regards,

Steven

JRT.txt

FRST.txt

CheckResults.zip

Addition.txt

[exile360]

Greetings,

Someone from our Support Team will be in touch with you shortly to assist with cleaning your system of malware.

[Maurice Naggar]

Hello trooper.
I will be guiding you as we go forward.  I see that you have used & run JRT.  It found some minimal temporary browser cache files & cleaned those out.
Please do not run any tools on your own, as we proceed, without checking with me first.
Do tell me, please, what security tool had reported "Trojan Generic_r.JXT" ?

Where are the "shortcuts" you mentioned ?   Are they in some one or two specific folders ?  or maybe are they in the Docments folder ?  where ?

One of the first things we need to get squared away, is the fact that this PC has multiple installed antivirus programs:
AVG AntiVirus Business Edition
+
Microsoft Security Essentials
+
Symantec ( Norton) -  Symantec Endpoint Protection Small Business Edition

There should only be one & only one installed antivirus.  In situations such as this, the fact of having more than one leads to deadly embrace gridlock / deadlocks.

Decide on one of them to keep.   That would be the one where you have a current & paid-for current license.   ( granted the Microsoft one is free).

Uninstall the other two.  And let me know after that has been taken care of.  We will proceed with other tasks after that.

Edited June 23, 2016 by Maurice Naggar

[trooper2013]

AVG is the program that detected it as that.

I just checked the machine and it appears that the files that got replaced by shortcuts were inside of mapped drives, and not on this machine itself. The affected files within these locations were specifically the folders that were replaced by identical shortcuts, then hidden and renamed. No individual files had this happen to them.

AVG is the one I have a current license with. Overall, is this a recommended antivirus program, or are there better alternatives?

AVG is the only antivirus software on this machine now.

[Maurice Naggar]

Some pointers:
If this is all about the contents of mapped drives, your best tool to check on infections is your antivirus software.
In your case, AVG.
Do thorough scans with AVG if possible.

Frankly, there is not much that we can do about corrupted shortcuts to mapped drives.

As to AVG, it is a ok antivirus.  But frankly not one that I would use.  AVG was in its prime many many years ago.

To recheck your computer, as far as any infection "it" may have I would do this.

Keep in mind again, this will not involve the mapped drives.

Please do a Threat & Rootkit Scan:
Start the Anti-Malware program.
Please look at the Dashboard screen. Would you please press the blue line marked *Update*  and let it update itself.
Click the *Settings* icon ( on the top bar) > then click **Detection and Protection** subtab, Detection Options, tick the box 'Scan for rootkits'.
Click on the Scan icon ( up on the top row ), then click on Start Scan button >> .

A Threat Scan will begin.

With _some infections_, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart.    ( as needed )

Continue with the rest of these instructions.

When the scan is complete, be sure to press Review results and look at all of the listed items ( if any ).
It there are found items, be sure to have each line item check-box marked with a check-mark  in order to remove them.
click REMOVE Selected button.

Wait for the prompt to restart the computer to appear ( if any ), then click on Yes.
After the scan has completed, Click on the **History tab** > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click the EXPORT button at the bottom left.
Click *TEXT file*
Be very aware as to what folder and what NAME you give this report.  You have to make a note so you can send it.

Then attach that file with your next reply.

 

[Maurice Naggar]

Hello,  How are things ?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!