cancel
Showing results for 
Search instead for 
Did you mean: 
wileyken
Level 7

Generic.dx!hkz found, removed but still active

McAfee reports that it's found and removed Generic.dx!hkz about every 5 minutes.  So I'm wondering if it's removed why does it keep finding it.  I continue to see random directories created in %system%/temp, which again tells me this thing continues to be active.

any ideas?

Labels (1)
0 Kudos
2 Replies
wileyken
Level 7

Re: Generic.dx!hkz found, removed but still active

Well, I gave up waiting for McAfee or Malwarebytes to actually clean Generic.dx!hkz, so I reformated the harddrive - that did the trick!

Just incase someone at McAfee would like to know, I tried cleaning out this thing manually:

  • Removed every line from the Registry where \Run\, \Runonce\, \BTCORun, \BTCORunOnce occurred
  • Removed every line from Startup from all user profiles within \Documents and Settings

Virus behavior:

  • About every 5 minutes a new empty directory would be created in Windows\temp with a name of xxxx.xxx
  • An instance of iexplorer would launch, I'm assuming in the background because no browser would display, with the following in the command line:
    • C:[Bslash]Program Files[Bslash]Internet Explorer[Bslash]iexplorer.exe http:[slash][slash]top-name.cn[slash]in.cgi?5
  • I kept finding references and directories to "WebShots" when I'd search for "top-name".
    • I thought I cleaned all of them out, but I'd eventually find them again
  • If I left the network connection open I'd get a new window with a random start page, like DirectTV or a sports network
0 Kudos
x.h.08
Level 7

Re: Generic.dx!hkz found, removed but still active

Add one more cent: Webroot Spy Sweeper with Antivirus won't help this issue neither. Don't waste money on that.

Message was edited by: x.h.08 on 12/9/09 10:23:54 AM CST
0 Kudos