cancel
Showing results for 
Search instead for 
Did you mean: 
tskoo
Level 7
Report Inappropriate Content
Message 1 of 4

Help! Infected by Generic.dx, Generic!Artemis and Generic Rootkey.w

Hello! I am using Windows XP Pro.

My computer has been invaded by these three trojans: generic!Artemis, generic.dx and generic rootkit.w, or so McAfee Virus Scan tells me.

Most times when I start up - but not every time - the computer is really sluggish for several minutes and then a box pops up saying:

"Generic Host Process for Win32 Services has encountered a problem and needs to close"

(this generally coincides with a box from mcafee detecting the trojan in another file)

I click on "to see what data this error report contains, click here" and it says:

szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : ntdll.dll
szModVer : 5.1.2600.5512 offset : 0001b1fa

A couple of minutes later another box pops up saying, "System Shutdown", something about being intiated by NT AUTHORITY\SYSTEM and then, "Windows must now restart because the DCOM Server Process Launsher service terminated unexpectedly"

And a timer counts down from sixty seconds and then the computer restarts.

Here are some of the details from the McAfee detection log (I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)
File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)
File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

Please help me!
3 Replies
Grif
Level 10
Report Inappropriate Content
Message 2 of 4

RE: Help! Infected by Generic.dx, Generic!Artemis and Generic Rootkey.w

Please try this:

On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:

Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder.

Hope this helps.

Grif
tskoo
Level 7
Report Inappropriate Content
Message 3 of 4

RE: Help! Infected by Generic.dx, Generic!Artemis and Generic Rootkey.w

Hi Grif, thanks for your help.

Just wondering, why is it necessary to download Malwarebytes and Superantispyware from a seperate computer? Is it in case my computer infects them during download?
Grif
Level 10
Report Inappropriate Content
Message 4 of 4

RE: Help! Infected by Generic.dx, Generic!Artemis and Generic Rootkey.w

Exactly.. Although you can try and see if you're successful, this type of malware can frequently prevent the download, or install, or running of removal tools.. That's also the reason for renaming the installer files BEFORE attempting to install the removal programs on your computer.

Hope this helps.

Grif