2 Replies Latest reply on Dec 9, 2009 10:23 AM by x.h.08

    Generic.dx!hkz found, removed but still active

      McAfee reports that it's found and removed Generic.dx!hkz about every 5 minutes.  So I'm wondering if it's removed why does it keep finding it.  I continue to see random directories created in %system%/temp, which again tells me this thing continues to be active.


      any ideas?

        • 1. Re: Generic.dx!hkz found, removed but still active

          Well, I gave up waiting for McAfee or Malwarebytes to actually clean Generic.dx!hkz, so I reformated the harddrive - that did the trick!


          Just incase someone at McAfee would like to know, I tried cleaning out this thing manually:

          • Removed every line from the Registry where \Run\, \Runonce\, \BTCORun, \BTCORunOnce occurred
          • Removed every line from Startup from all user profiles within \Documents and Settings


          Virus behavior:

          • About every 5 minutes a new empty directory would be created in Windows\temp with a name of xxxx.xxx
          • An instance of iexplorer would launch, I'm assuming in the background because no browser would display, with the following in the command line:
            • C:[Bslash]Program Files[Bslash]Internet Explorer[Bslash]iexplorer.exe http:[slash][slash]top-name.cn[slash]in.cgi?5
          • I kept finding references and directories to "WebShots" when I'd search for "top-name".
            • I thought I cleaned all of them out, but I'd eventually find them again
          • If I left the network connection open I'd get a new window with a random start page, like DirectTV or a sports network
          • 2. Re: Generic.dx!hkz found, removed but still active

            Add one more cent: Webroot Spy Sweeper with Antivirus won't help this issue neither. Don't waste money on that.



            Message was edited by: x.h.08 on 12/9/09 10:23:54 AM CST