Jump to content

trojan horse backdoor generic11.awsz


Recommended Posts

I recently worked on an XP system where AVG kept detecting:

trojan horse backdoor generic11.awsz

The file name and location:

c:\documents and settings\all users\start menu\programs\startup\uninstall.exe

Although MBAM was able to remove a number of infections this file remained. I also scanned with Hitman Pro, Remove Fake Antivirus 1.62, ClamAV/Immunet and Panda Cloud AV. These programs either couldn't remove the infection or couldn't even detect it. Any thoughts about how to deal with this? Thanks!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Are you still working on this computer??

If so, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After you do that, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Are you still working on this computer??

If so, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After you do that, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

.

Unfortunately I don't have immediate access to the machine. I will check with the customer and if possible will pursue it. Thanks for the reply though, and the instructions which no doubt will be necessary again at some point.

Link to post
Share on other sites

  • Staff

Glad we could help. :P

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.