If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Generic.dx trojan
Hi,
I recevied messages from mcafee that the generic.dx trojan was deleted from my machine and i noticed some url shortcuts on my desktop (which keep coming back). i ran adaware and in the log it showed the following removed: removedObjects family id="9999" name="MRU Object" category="MRU Object" tai="0" item id="2" value="MRU Registry Key: S-1-5-21-391292469-388187654-2510000095-1006\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1"/ /family so i have so far turned off system restore (at which point the url shortcuts appeared on my desktop again) and am running adaware again, then i will turn on system restore again (hopefully this is the correct sequence)...is there anything else that anyone recommends? what do i do if those url's reappear after doing the above? i assume they are part of the one trojan... thx - gina |
Ads |
#2
|
|||
|
|||
Generic.dx trojan
Download, install, update and scan your computer with the 2 programs below,
in Safe Mode. also scan with your AV while in SM. http://www.spybot.info/en/index.html Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program. Download, install, update, and immunize your System with it. Then SCAN with it. Update it, and scan your System once a fortnight. http://www.malwarebytes.org/mbam.php Malwarebytes is as the name says, a Malware Remover! For the Free version scroll down their page to either download from Download.com, or Major Geeks.com Download, install, and update. Important Safe Mode If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode. To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER. RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode. If unable to install above Programs in Normal Mode: Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating Programs to remove them. If that happens, reboot into Safe Mode with Networking, and install, update and scan from there. -- Mad Mike "gina" wrote: Hi, I recevied messages from mcafee that the generic.dx trojan was deleted from my machine and i noticed some url shortcuts on my desktop (which keep coming back). i ran adaware and in the log it showed the following removed: removedObjects family id="9999" name="MRU Object" category="MRU Object" tai="0" item id="2" value="MRU Registry Key: S-1-5-21-391292469-388187654-2510000095-1006\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1"/ /family so i have so far turned off system restore (at which point the url shortcuts appeared on my desktop again) and am running adaware again, then i will turn on system restore again (hopefully this is the correct sequence)...is there anything else that anyone recommends? what do i do if those url's reappear after doing the above? i assume they are part of the one trojan... thx - gina |
#3
|
|||
|
|||
Generic.dx trojan
"gina" wrote: Hi, I recevied messages from mcafee that the generic.dx trojan was deleted from my machine and i noticed some url shortcuts on my desktop (which keep coming back). i ran adaware and in the log it showed the following removed: removedObjects family id="9999" name="MRU Object" category="MRU Object" tai="0" item id="2" value="MRU Registry Key: S-1-5-21-391292469-388187654-2510000095-1006\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1"/ /family so i have so far turned off system restore (at which point the url shortcuts appeared on my desktop again) and am running adaware again, then i will turn on system restore again (hopefully this is the correct sequence)...is there anything else that anyone recommends? what do i do if those url's reappear after doing the above? i assume they are part of the one trojan... thx - gina Hi Gina, This might not be a malware, but rather a privacy concern on your browser! # First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Tabs: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 # Scan for malware from he Download and Update both SuperAntispyware and Malwarebytes then run a complete scan - Free http://www.superantispyware.com/supe...freevspro.html http://www.malwarebytes.org/rr-update/rr-free-setup.exe # Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Comodo BOClean : Anti-Malware Version 4.27 http://www.comodo.com/boclean/boclean.html # If you wish to send me your Hijackthis log I will be happy to help you further or send to one of many forums on the internet for help! Download Hijackthis from here. (http://www.trendsecure.com/portal/en...hijackthis.php) my address is : to_you_ross(at remove this and repalce with the obvious)yahoo.co.uk ( _ is underscore) HTH, nass --- http://www.nasstec.co.uk |
#4
|
|||
|
|||
Generic.dx trojan
Thanks SO MUCH Mike and Nass, I ran the malware and spyware programs and
reconfigured my internet options. It looks like it has gone away (not sure if one can tell it is completely clean) but after running all those programs they found the trojan and a rogue as well as a bunch of spybot entries! Is it at this point that i should turn on system restore again? Thanks again! "gina" wrote: Hi, I recevied messages from mcafee that the generic.dx trojan was deleted from my machine and i noticed some url shortcuts on my desktop (which keep coming back). i ran adaware and in the log it showed the following removed: removedObjects family id="9999" name="MRU Object" category="MRU Object" tai="0" item id="2" value="MRU Registry Key: S-1-5-21-391292469-388187654-2510000095-1006\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1"/ /family so i have so far turned off system restore (at which point the url shortcuts appeared on my desktop again) and am running adaware again, then i will turn on system restore again (hopefully this is the correct sequence)...is there anything else that anyone recommends? what do i do if those url's reappear after doing the above? i assume they are part of the one trojan... thx - gina |
#5
|
|||
|
|||
Generic.dx trojan
Hi Gina, Yes, try to turn the System Restore ON but it would be helpful if you told me what the Trojans name is! Bear in mind if the system restore points infected it can reinfect your machine again if you restore from an Infected Restore Point. If you wish to send me your hijackthis log or send it to one of many forums to help you and make sure your machine is clean, to be safe please do so. HTH, nass --- http://www.nasstec.co.uk "gina" wrote: Thanks SO MUCH Mike and Nass, I ran the malware and spyware programs and reconfigured my internet options. It looks like it has gone away (not sure if one can tell it is completely clean) but after running all those programs they found the trojan and a rogue as well as a bunch of spybot entries! Is it at this point that i should turn on system restore again? Thanks again! "gina" wrote: Hi, I recevied messages from mcafee that the generic.dx trojan was deleted from my machine and i noticed some url shortcuts on my desktop (which keep coming back). i ran adaware and in the log it showed the following removed: removedObjects family id="9999" name="MRU Object" category="MRU Object" tai="0" item id="2" value="MRU Registry Key: S-1-5-21-391292469-388187654-2510000095-1006\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1"/ /family so i have so far turned off system restore (at which point the url shortcuts appeared on my desktop again) and am running adaware again, then i will turn on system restore again (hopefully this is the correct sequence)...is there anything else that anyone recommends? what do i do if those url's reappear after doing the above? i assume they are part of the one trojan... thx - gina |
#6
|
|||
|
|||
Generic.dx trojan
Gina
I would run Spybot again to see if it finds any more malware (not cookies) and repeat the process daily for several days. If you find any more you know you could have a hidden beastie holding a door open for his friends to return. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ gina wrote: Thanks SO MUCH Mike and Nass, I ran the malware and spyware programs and reconfigured my internet options. It looks like it has gone away (not sure if one can tell it is completely clean) but after running all those programs they found the trojan and a rogue as well as a bunch of spybot entries! Is it at this point that i should turn on system restore again? Thanks again! "gina" wrote: Hi, I recevied messages from mcafee that the generic.dx trojan was deleted from my machine and i noticed some url shortcuts on my desktop (which keep coming back). i ran adaware and in the log it showed the following removed: removedObjects family id="9999" name="MRU Object" category="MRU Object" tai="0" item id="2" value="MRU Registry Key: S-1-5-21-391292469-388187654-2510000095-1006\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1"/ /family so i have so far turned off system restore (at which point the url shortcuts appeared on my desktop again) and am running adaware again, then i will turn on system restore again (hopefully this is the correct sequence)...is there anything else that anyone recommends? what do i do if those url's reappear after doing the above? i assume they are part of the one trojan... thx - gina |
Thread Tools | |
Display Modes | |
|
|