cancel
Showing results for 
Search instead for 
Did you mean: 

How to get rid of the Generic.dx!ssp

For a period of the last 3 days, each time I was rebooting my PC, I was receiving ALERTS that a trojan was detected and removed.

The trojans were named after a name like the following "Generic.dx!ssp" (with variations of the last 3 letters) and despite the fact that I had performed 3 times a full scan nothing more was detected...

Still each time I turned on my PC there was an alert of 3 to 7 new trojans...

aplac.jpg

The problem is that I couldn't do anything to fix this situation until I read about a free antivirus external program (also recomended by McAfee), so I gave it a try and this is how I got rid of this annoying worm.

This is the program Malwarebytes Anti-Malware

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=d...

mentioned here

http://community.mcafee.com/message/6645#6645

and this is what the log file gave me after the remove of all infected elements

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4132

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/23/2010 1:00:58 PM
mbam-log-2010-05-23 (13-00-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 313735
Time elapsed: 1 hour(s), 18 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-5162644410-0203606188-367361584-3723\yv8g67.exe,explorer.exe,C:\Users\USER\ctfmon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-5162644410-0203606188-367361584-3723\yv8g67.exe (Worm.Autorun.B) -> Delete on reboot.
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MITUM1GS\dwwmk[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Users\USER\AppData\Local\Temp\578.exe (Trojan.Ddox) -> Quarantined and deleted successfully.

McAfee Support Mobile App Available
With the new McAfee Support Mobile App you’ll be able to update, close, and view service requests on your mobile device. The app will also notify you when one of our technical support engineers update a service request. Download the Android version from Google Play and the iOS version from the Apple App Store today!