Go Back   AnandTech Forums > Hardware and Technology > Computer Help

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 12-07-2012, 04:26 PM   #1
Svnla
Lifer
 
Svnla's Avatar
 
Join Date: Nov 2003
Location: Southerner 4ever!!!
Posts: 10,526
Default Trojan horse virus problem (generic29.ajge)

Hi all,

A family members got a Trojan horse virus generic 29.ajge problem on her Dell laptop with Win 7 Home Premium and ZoneAlarm firewall. AVG anti virus notified her but could not removed it. I tried to fix it but could not log on the net.

I did Google it and the solutions were about edit registries and other fancy stuffs and I am not sure I want to touch it. The computer is working fine, just could not log on the net to update anything so I know that the trojan virus is still on the computer.

Do any of you have any suggestions or ideas beside completely reformat the HD and install everything (after a full backup of course)? TIA.
__________________
Rules to live by: 1) Forgive is for suckers, payback w/ extreme prejudice plus interest. 2) Golden Rule = Treat others as others treat you, don't take craps from anyone.
3) Relentless pursuit of a more perfect perfection. 4) I ain't looking for trouble, but if trouble comes knocking, I will be ready, willing, and able for some rocking.
5) Life doesn’t owe you anything. Others don’t owe you anything. In life, there are no handouts.

Last edited by Svnla; 12-07-2012 at 04:33 PM.
Svnla is offline   Reply With Quote
Old 12-07-2012, 08:04 PM   #2
Smoove910
Golden Member
 
Join Date: Aug 2006
Location: Nampa, Idaho
Posts: 1,106
Default

personally, I would install Malwarebytes and Spybot, let them find it and remove. After fixed, give a stern lesson on how to surf porn without getting a virus.
__________________
Mobo: Biostar TA880GU3+ uATX
Proc: AMD Phenom II 960T unlocked/6 cores @ 3.5ghz
Ram: (4) 4gb GSkill 1600mhz (16gb total)
HDDs: (2) 640GB WD AAKS, (1) 750GB Seagate Ext
Vid: Sapphire 6870 1gb DDR5 1000mhz core, 1100 mhz mem
Camera: Pentax K5, I'm not a Canikon fanboy.
Smoove910 is offline   Reply With Quote
Old 12-07-2012, 08:08 PM   #3
denis280
Platinum Member
 
denis280's Avatar
 
Join Date: Jan 2011
Location: Shawinigan Québec Canada
Posts: 2,752
Default

Quote:
Originally Posted by Smoove910 View Post
personally, I would install Malwarebytes and Spybot, let them find it and remove
and also go into the temp file select all delete.to do so in search box type in %temp%
__________________
Motherboard+ram+cpu+hdd+psu.and it works
denis280 is offline   Reply With Quote
Old 12-07-2012, 11:46 PM   #4
power_hour
Senior Member
 
power_hour's Avatar
 
Join Date: Oct 2010
Location: nowhere important
Posts: 789
Default

One of the better guides: www.selectrealsecurity.com/malware-removal-guide/

Mind you without an effective backup strategy your just playing with fire on any Win OS. They all get screwed pretty easy.

If it were me, I would pull the drive and backup the data to another system and then reformat. There is shit out there that the guides don't know about. Is an hour or two of installing and finding some drivers really worth that risk?

Then tell your friend to 1. Login as a normal user 2. Backup weekly 3. Use a VM for browsing suspect sites.
power_hour is offline   Reply With Quote
Old 12-08-2012, 01:05 AM   #5
Smoove910
Golden Member
 
Join Date: Aug 2006
Location: Nampa, Idaho
Posts: 1,106
Default

Quote:
Originally Posted by power_hour View Post
One of the better guides: www.selectrealsecurity.com/malware-removal-guide/

Mind you without an effective backup strategy your just playing with fire on any Win OS. They all get screwed pretty easy.

If it were me, I would pull the drive and backup the data to another system and then reformat. There is shit out there that the guides don't know about. Is an hour or two of installing and finding some drivers really worth that risk?

Then tell your friend to 1. Login as a normal user 2. Backup weekly 3. Use a VM for browsing suspect sites.
Can't say I fully agree with the logic of reformatting for all viruses. If everyone took that advise... well, there would be a whole bunch of people reformatting. Also, your link is dead. VM would be ideal, but 95% of people do not have the resources or the know-how to do this.

OP, this is what I would do step by step:

- Boot into safemode
- type msconfig and see if there's any weird/obvious things in your 'startup' sequence. If so, uncheck to ensure it doesn't start up in a subsequent reboot.
- reboot into normal mode
- install Malwarbytes and spybot, let them run. Once they detect the baddies, let software uninstall
- you'll probably be prompted for another reboot... do so now
- once back into normal mode desktop, download/install cccleaner. Run this program
- Enjoy!
__________________
Mobo: Biostar TA880GU3+ uATX
Proc: AMD Phenom II 960T unlocked/6 cores @ 3.5ghz
Ram: (4) 4gb GSkill 1600mhz (16gb total)
HDDs: (2) 640GB WD AAKS, (1) 750GB Seagate Ext
Vid: Sapphire 6870 1gb DDR5 1000mhz core, 1100 mhz mem
Camera: Pentax K5, I'm not a Canikon fanboy.
Smoove910 is offline   Reply With Quote
Old 12-08-2012, 05:58 AM   #6
Steltek
Golden Member
 
Join Date: Mar 2001
Posts: 1,501
Default

The last time I removed a variant of this particular trojan for somebody, it took running Kapersky's TDSSKiller, followed immediately by running Combofix (which had to be renamed to get it to run). After a system reboot, the final step was to run a full scan with Malwarebytes which resulted in a clean system.

Now, YMMV depending upon what other stuff may be on there as well that you don't know about (AVG is a pretty weak antivirus solution these days).
Steltek is offline   Reply With Quote
Old 12-08-2012, 09:17 PM   #7
power_hour
Senior Member
 
power_hour's Avatar
 
Join Date: Oct 2010
Location: nowhere important
Posts: 789
Default

Quote:
Originally Posted by Smoove910 View Post
Can't say I fully agree with the logic of reformatting for all viruses. If everyone took that advise... well, there would be a whole bunch of people reformatting. Also, your link is dead. VM would be ideal, but 95% of people do not have the resources or the know-how to do this.

OP, this is what I would do step by step:

- Boot into safemode
- type msconfig and see if there's any weird/obvious things in your 'startup' sequence. If so, uncheck to ensure it doesn't start up in a subsequent reboot.
- reboot into normal mode
- install Malwarbytes and spybot, let them run. Once they detect the baddies, let software uninstall
- you'll probably be prompted for another reboot... do so now
- once back into normal mode desktop, download/install cccleaner. Run this program
- Enjoy!
Lets face it people are lazy. OP doesn't have backups and you mock me for suggesting to reformat.

Nothing is a guarantee and pretending the standard methods are 100% fail safe is poor advice.

I don't get what the big deal about a reinstall is anyway. The only downside is loss of time. If he attempts to clean and fails and gets hacked that is a massive downside.

Its all about weighing the risks. If you need your PC for more than surfing for shit then be smart.
power_hour is offline   Reply With Quote
Old 12-08-2012, 10:03 PM   #8
Smoove910
Golden Member
 
Join Date: Aug 2006
Location: Nampa, Idaho
Posts: 1,106
Default

Quote:
Originally Posted by power_hour View Post

Its all about weighing the risks. If you need your PC for more than surfing for shit then be smart.
And being 'smart' is learning how to get a functional PC without reformatting everytime you get a bug. I didn't chastise you, I simply don't agree with your method, and I'm willing to bet 95% of people on these forums would not reformat either. It's alright man, the OP is his own person and can choose to reformat, or use one of the other ways that was suggested.
__________________
Mobo: Biostar TA880GU3+ uATX
Proc: AMD Phenom II 960T unlocked/6 cores @ 3.5ghz
Ram: (4) 4gb GSkill 1600mhz (16gb total)
HDDs: (2) 640GB WD AAKS, (1) 750GB Seagate Ext
Vid: Sapphire 6870 1gb DDR5 1000mhz core, 1100 mhz mem
Camera: Pentax K5, I'm not a Canikon fanboy.
Smoove910 is offline   Reply With Quote
Old 12-09-2012, 12:38 PM   #9
Svnla
Lifer
 
Svnla's Avatar
 
Join Date: Nov 2003
Location: Southerner 4ever!!!
Posts: 10,526
Default

Thanks for all replies.

1) First of all, the computer will NOT get on the internet to get update or download anything new so most of you guys' suggestions won't work. I could download new software onto a flash drive then install on that computer but won't able to download and update to the latest version anyway.

2) Secondly, I did loan out the WD external drive and did a full back up on that computer.

3) AVG is weak? Which one is strong? Keep in mind the user of this computer is on a fixed income so she likes free AV.

4) VM = virtual machine? How do you set it up on a Dell laptop?

I guess I have no choice but to reformat and reinstall windows and drivers. Unless you guys can show me a way to overcome #1. Thanks again ya'll.
__________________
Rules to live by: 1) Forgive is for suckers, payback w/ extreme prejudice plus interest. 2) Golden Rule = Treat others as others treat you, don't take craps from anyone.
3) Relentless pursuit of a more perfect perfection. 4) I ain't looking for trouble, but if trouble comes knocking, I will be ready, willing, and able for some rocking.
5) Life doesn’t owe you anything. Others don’t owe you anything. In life, there are no handouts.

Last edited by Svnla; 12-09-2012 at 12:57 PM.
Svnla is offline   Reply With Quote
Old 12-09-2012, 01:23 PM   #10
Steltek
Golden Member
 
Join Date: Mar 2001
Posts: 1,501
Default

Ok, give this a try.

Download Kapersky's Rescue Disk 10 ISO from the following link:
http://rescuedisk.kaspersky-labs.com..._rescue_10.iso

Either burn the ISO to a CD, or create a bootable flash drive using the ISO with Unetbootin (or the utility of your choice). Boot the computer using the CD or flash drive. Once Kapersky is booted up, the first thing you should do is update the database (the ISO itself is built on a Linux distribution, so it can independently access the wireless card or ethernet port of the laptop to connect to the internet to update its detection database). Once the database is updated, run a full scan on the computer.

Once the scan is complete and everything is removed that can be removed, I'd remove the CD/flash drive and reboot to Windows. Once you get back to Windows, see if you can again connect to the Internet. If not, have TDSSKiller and Malwarebytes on a flash drive so you can run TDSSKiller, then install and run Malwarebytes. If it can collect to the internet, download and run TDSSKiller, followed by ComboFix and Malwarebytes.

It isn't that AVG is a bad antivirus, but it is just weak. Especially if a person doesn't follow safe browsing practices. I'd recommend the next time you see it on sale that she pick up a paid copy of Malwarebytes to get the real time protection module. It complements antivirus protection and often catches bad IP addresses when you try to go to one or get an ad being distributed from a bad site. Personally, I use the combination of Avast free, Malwarebytes paid, and Comodo Firewall free, but YMMV depending upon browsing habits.

Last edited by Steltek; 12-09-2012 at 01:46 PM.
Steltek is offline   Reply With Quote
Old 12-09-2012, 01:35 PM   #11
Svnla
Lifer
 
Svnla's Avatar
 
Join Date: Nov 2003
Location: Southerner 4ever!!!
Posts: 10,526
Default

Quote:
Originally Posted by Steltek View Post
Either burn the ISO to a CD, or create a bootable flash drive using the ISO with Unetbootin (or the utility of your choice)......
Don't laugh but can you give more information about how to burn the ISO and the bolded/underlined section above?

I did download the file from your link onto my flashdrive without problem.
__________________
Rules to live by: 1) Forgive is for suckers, payback w/ extreme prejudice plus interest. 2) Golden Rule = Treat others as others treat you, don't take craps from anyone.
3) Relentless pursuit of a more perfect perfection. 4) I ain't looking for trouble, but if trouble comes knocking, I will be ready, willing, and able for some rocking.
5) Life doesn’t owe you anything. Others don’t owe you anything. In life, there are no handouts.
Svnla is offline   Reply With Quote
Old 12-09-2012, 01:45 PM   #12
Steltek
Golden Member
 
Join Date: Mar 2001
Posts: 1,501
Default

Quote:
Originally Posted by Svnla View Post
Don't laugh but can you give more information about how to burn the ISO and the bolded/underlined section above?

I did download the file from your link onto my flashdrive without problem.
The easiest way to create a CD from an ISO is to download and install Imgburn:

http://download.imgburn.com/SetupImgBurn_2.5.7.0.exe

Install Imgburn and run it. Select the "Write Image File to Disc" option. Select the ISO file as the source file and your CD/DVD burner as the destination. Burn the CD.

I'd also suggest downloading TDSSKiller, Combofix, and Malwarebytes to your flash drive so you'll have them for later in case you need them. I'd always run them in that order as well (you may have to rename the installers for TDSSKiller and Combofix to some random name in order to get them to run, depending upon what rootkits might be on the infected machines -- some of them try to protect themselves by preventing known antivirus and antimalware software from running, which is why you have to rename the executable files.).

Last edited by Steltek; 12-09-2012 at 01:48 PM.
Steltek is offline   Reply With Quote
Old 12-12-2012, 07:00 PM   #13
AdvancedSetup
Junior Member
 
Join Date: Dec 2012
Location: USA
Posts: 9
Default

Here is a video that demonstrates how to create the Kaspersky Rescue Disk ISO image.

http://kixhelp.com/wr/video-mb/Creat..._ISO_Image.mp4
AdvancedSetup is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 02:17 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.