Jump to content


  • Content Count

  • Joined

  • Last visited

About baldeguy56

  • Rank

Profile Information

  • Gender
  • Location
  • Interests
    Family, Friends, Computers, Martial Arts
  1. ESET detected 3 variants of the Win32 trojan, but only removed 2. I have temporarily disabled System Restore to delete all restore points, used Ccleaner to delete all Temperary Files and will reboot to give malware a chance to rewrite itself. Downloaded and installed ESET NOD32 Antivirus 4 trial. Ran a complete scan. Here is the log... C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe - probably a variant of Win32/Genetik trojan - cleaned by deleting - quarantined [1] C:\WINDOWS\Downloaded Program Files\unagiuninst.exe » NSIS - bad archive Number of scanned objects: 266472 Number of threats found: 1 Number of cleaned objects: 1 Time of completion: 11:29:57 AM Total scanning time: 7716 sec (02:08:36) Notes: [1] Object has been deleted as it only contained the virus body. [4] Object cannot be opened. It may be in use by another application or operating system. Ran a Custom scan excluding known clean locations to shorten the four hr. scan. Came back clean. I think I may of found the issue logged as [4] in Notes. Hidden was a program called FolderLockIt. I was able to un-installl this, though it was password protected, which uncovered the folders it was hiding. I deleted all. Further ESET scans come back negative as to infections.I'm fairly sure that this computer is fixed, but given the malware's persistence to remaining active,I have some reservations. Thank-you both for your help...Garry Edit: Still not completely convinced of disinfection I started poking around some and came across three processes in Task Manager named dl1.exe. Being something I've never seen before I put a search on it and found it to be the executionable to Win32 trojan and its' varibles. I couldn't find the correct syntax to use with CMD, so I stopped the processes in Task Manager then using the Search feature in XP searched for dl1.exe. Three files of the same name were found but in different locations and are as follows... #DL1.EXE locations; 1. C:\WINDOWS\Prefetch 2. C:\WINDOWS\Temp 3. C:\Documents and Settings\rose\Local Settings\Temp I deleted each one, rebooted and ran a complete scan using ESET. No infections detected and the Task Manager showed no unknown processes. I am mostly convinced that this computers issue is resolved, though I'll keep just a small doubt to myself due to the adaptability of this type of worm. Many thanks, as I couldn't of gotten this far and possibly no-where at all without the help...Garry
  2. Hello. I ran Malwarebytes with no malware detected. Rebooted and Microsoft Security Essentials detected TrojanDownloader:JS/Whirl.A but again failed to clean. Sometimes MSE cleans it(until next reboot), though only temporarily. Now running ESET from the link provided above...thanks. Okay, SAS and MBAM have always done a great job at disinfecting mine and others systems. Why are they having difficulty with this Win32 Trojan variant? While anti-virus applications are not doing their customers right by increasing costs each year, but not doing their part in fighting this social malware epidemic, SAS and MBAM are well becoming the standard in this fight. I belong to many tech help sites and this seems to be the ongoing conclusion. Very thankful for these programs. I will reply back as to my progress (ESET; scanning @40% complete with 4 nasties detected. I disabled MSE) Thanks...Garry
  3. I followed the first suggestion to run SAS in safemode after updating it. SAS detected Trojan.SystemDriver, which, had four entries located in the registry. After a reboot Microsoft Security Essentials detected TrojanDownloader:JS/Whirl.A and was able to disinfect it (MSE failed at disinfecting and came back with an error in the first few attempts. SAS succeeded at disinfecting). All seems well so far, but am not totally convinced, though I ran another deep scan and SAS reported no malware detected.Thank you for the continued help...Garry
  4. Thank you for your replies. I will try all your suggestions as this bugger really has me stumped. I'll return with any results. Again, thank-you...Garry Edit: Advanced Member, I have already tried MBAM to no avail.
  5. Removal of TrojanDownloader:JS/Whirl.A, VirusTool:Win32/VBInject.gen!DG, Virus:Win32/Alureon.H is continuing to fool SuperAntiSpyware and rewrites itself after every reboot. I'm not sure which .exe began the rewriting of other malware processes (possibly TrojanDropper), but I seem to not be able to kill the malware completely. The computer infected has been running infected for over seven months. Is it possible to run SuperAntiSpyware in Safemode to remove infection? Very frustrated with this mess! Any suggestions are welcome. thank-you...baldeguy56
  • Create New...