cancel
Showing results for 
Search instead for 
Did you mean: 
PyrosLambert
Level 7

How to get rid of the Generic.dx!ssp

For a period of the last 3 days, each time I was rebooting my PC, I was receiving ALERTS that a trojan was detected and removed.

The trojans were named after a name like the following "Generic.dx!ssp" (with variations of the last 3 letters) and despite the fact that I had performed 3 times a full scan nothing more was detected...

Still each time I turned on my PC there was an alert of 3 to 7 new trojans...

aplac.jpg

The problem is that I couldn't do anything to fix this situation until I read about a free antivirus external program (also recomended by McAfee), so I gave it a try and this is how I got rid of this annoying worm.

This is the program Malwarebytes Anti-Malware

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=d...

mentioned here

http://community.mcafee.com/message/6645#6645

and this is what the log file gave me after the remove of all infected elements

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4132

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/23/2010 1:00:58 PM
mbam-log-2010-05-23 (13-00-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 313735
Time elapsed: 1 hour(s), 18 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-5162644410-0203606188-367361584-3723\yv8g67.exe,explorer.exe,C:\Users\USER\ctfmon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-5162644410-0203606188-367361584-3723\yv8g67.exe (Worm.Autorun.B) -> Delete on reboot.
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MITUM1GS\dwwmk[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Users\USER\AppData\Local\Temp\578.exe (Trojan.Ddox) -> Quarantined and deleted successfully.

0 Kudos