Virus - Help needed

  myhg 15:50 10 Jul 08
Locked

I discovered a virus/malware called Mal/Generic-A on my computer a few days ago but have had no success in clearing it. My system has become very sluggish. Sophos kindly tells me of the presence of Generic-A at least 1,000 times an hour. I have search for information, but there is very little and none of it seems to help.

Sophos continually tells me the file is in the system32 folder and is called xxyvstRh.dll and every time it attempts to delete it fails due to an unknown error 0x80070020.

The location details according to Sophos are: -

C:\Windows\system32\xxyvstRh.dll
HKCR\CLSID\{c6ea321d-ee5f-4ed5-b1ff-3a87f9d81abf}
HKLM\SOFTWARE\Microsoft\CurrentVersion\Explorer|Br owserHelpObjects\{c6 ea321d-ee5f-4ed5-b1ff-3a87f9d81abf}
C:\Windows\Temp\SMI1.tmp
C:\Windows\Temp\SMI6.tmp
C:\Windows\system32\xxyvstRh.dll: pid:000003c0:file
C:\Windows\system32\xxyvstRh.dll: pid:00000634:file
HKLM\SOFTWARE\Microsoft\CurrentVersion\Explorer\Sh ellExecuteHooks\{c6e a321d-ee5f-4ed5-b1ff-3a87f9d81abf}

I have installed AVG Anti-Spyware, I have updated it and it does not picked up Generic-A.

I have installed HijackThis and asked it to remove the entries but as yet nothing seems to want to shift it.

Is there someone that could offer some advice on removing this subborn virus/spyware.

Many thanks.

  kalignorgna 15:55 10 Jul 08

Spybot S&D, bitdefender click here and NOD32 full or trail click here

  mfletch 15:57 10 Jul 08

Hi,

Download this free program from Malwarebytes

click here

Then delete all temp Internet files

Then restart your computer into safe mode and do a full scan with Malwarebytes

SAFE MODE

Reboot into SAFE MODE

1/Click Start and then click Turn Off Computer.
2/In the Turn Off Windows dialog box, click Restart, and then click OK.
3/As your computer restarts but before Windows launches, press F8 repeatedly.
4/Use the arrow keys to highlight Safe Mode, and then press ENTER.
5/If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.
Note: If Windows launches before you can choose a safe mode, restart your computer and try again
PS/ Sometimes it maybe the F5 key

  skidzy 16:00 10 Jul 08

If the entries are locked in the system32 folder no software should be able to remove this as this holds windows files.
There are specialist programs that experts can guide you with.

This is your best route;
Run HJT and save the scan log and post at a Malware removal forum such as click here

You are best leaving HJT alone and let the experts guide you,HJT is a very powerful tool and used incorrectly can render your machine unbootable.

You have registry entries that could be mutiplying upon a reboot therefore no AV/antispyware will remove all the infections,these need manual removal with the help of a couple of specialist programs.

  johndrew 16:07 10 Jul 08

Your post doesn`t indicate clearly what AV and other anti-malware software you have installed.

The Sophos method for removal is click here.

I suggest you install AVG anti-virus, Spybot S&D, Ad-Aware and Spyware Terminator, if you don`t have them already, Start in Safe Mode and run them all from there.

If you still have problems download the Sysclean Package click here and the latest Virus Pattern Files (ipt***.zip) click here and run a scan with this.

If you need more help, post back.

  kalignorgna 16:16 10 Jul 08

"If the entries are locked in the system32 folder no software should be able to remove this as this holds windows files."

not true I'm affraid when windows 98 was still big new then maybe but not today this is because a lot of viruses, malware,spyware and of coure Hackers programs hide themselves in side:
1: windows folder
2: system folder
3:system 32 folder
presisley because these files and folders are harder to scan since these nastiys started doing this AV programs and defenistions have been upgraded to incrociate these "protected areas" to a certen degree also windows protection has increased and improved to help protect them better wille allowing advanced AV's to still scan these areas

forinsance if you run a spybot or avg 7.5 affter a fresh xp intsall u will find 3-7 files from sys32 that are marked ad low level threats

  skidzy 16:38 10 Jul 08

My apologies,maybe i should have said it differently.

I should have written ,If the entries are locked in the system32 folder you may find the software will not let you remove these as some are possibly windows files/dll's.

Though my post was not very clear,my point really is to not mess with HJT and let an expert help with this.

Emptying the temp files and renaming the infected DLL's (if the system allows this ) may help but my guess here is they will be back upon a reboot...hence my advice regarding MWR.

  kalignorgna 08:17 11 Jul 08

use a different pc with basic intall of os with updates (no over programs over then) and cross check deleting filles and folders that are not on the basic intall should get rid of the virus. u can also use windows search to find Mal/Generic-A once found delete.

but I'm gessin that its also hidden in your registry so unless you know how to work though this to fild the virus in there then u might as well not bother and just fresh install

  kalignorgna 08:18 11 Jul 08

forgot to say that if its in your registry unless you find it within and remove the once you reboot the virus will reapear.

This thread is now locked and can not be replied to.

The Legend of Zelda Breath of the Wild review: Five hours with Zelda on the Nintendo Switch

1995-2015: How technology has changed the world in 20 years

How the painting-like animated sequences in A Monster Calls were created by Glassworks Barcelona

The 22 best Safari extensions | Best Safari plugins: Improve Apple's Safari web browser with these…