6 Replies Latest reply on Feb 5, 2010 4:41 AM by x-tabrahams

    Trojan: Generic.dx!llk  What do I do?

      Hi I am running Virus Scan version 13.15 and am updated to the latest dat (5877).  I am runnning windows XP sp3.  I just did a full system scan and McAfee detected the Generic.dx!llk trojan in 2 different places and they were automatically quarantined.

       

      Here is where they are located:

       

      1: C:\PROGRAM FILES\HPSELECT\QFL2001\AUTORUN.EXE

       

       

      2: C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A487-4C6D-850C-C76CC3327FD0}\RP215\A0021603.EXE

       

      I do not know what to do, should I leave them in quarantine for awhile, try to delete them (if possible)...???  I would rather delete them if it is possible (if it won't harm my system). If somebody can help me I would greatly appreciate it.   Also, should I change my passwords..  I am not sure what steps to take...

       

      Thanks in advance,

       

      Shelley

        • 1. Re: Trojan: Generic.dx!llk  What do I do?

          Hi There,

           

          The cleaning for this detection, as you have seen, is fairly basic.

           

          As the files are now in quarantine they no longer have the ability to execute & pose no further threat to your system, so as long as you keep your product up to date you should be OK.

           

          However, if you have any further suspicious files please submit them to us for analysis using the folloiwng guidelines -

           

          Please include a description of the symptoms your system is experiencing, and any pertinent information about what AV Products you are using including company, version number (engine/dat numbers for McAfee Products) and results of the scan.

          Note -

          Due to the prevalence of network gateway AV products it is important that all submissions be zipped and the zip file password protected (password - infected). Some products will reject an email that contains a virus that is not sent in this way. In addition, often we receive a file that appears not to have been infected, to find later that the file was infected when it left the sender, and was cleaned somewhere along the line.

          For additional information, our Virus Information Library page can be found at <http://vil.mcafeesecurity.com/vil/default.aspx>

          Please use the following links to reach our technical support group for McAfee products.

          Corporate Customers:
          <https://support.mcafee.com>

          Single User/Retail Customers:
          <http://service.mcafee.com/default.aspx>

          Regards,

          T. Abrahams
          Virus Research Analyst
          McAfee Labs
          A division of McAfee, Inc.
          --------------------------
          McAfee® Avert® Labs Blog <http://www.avertlabs.com/research/blog/>
          AudioParasitics - The Official PodCast of McAfee®  Avert® Labs <http://podcasts.mcafee.com/audioparasitics>
          --------------------------
          Safe online? Avoid dangerous web sites using McAfee SiteAdvisor™ -  a FREE download from http://www.siteadvisor.com?cid=27092. Don't search or surf without it!

          • 2. Re: Trojan: Generic.dx!llk  What do I do?

            Hi Tab,

            Firstly, thank you very much for taking the time to reply to my post.  I am happy to read that that I should be OK and that these files no longer pose a threat to my system.  I am just confused about a couple of things.  Where you stated that "as I have seen the cleaning is fairly basic" what exactly did you mean?  They are in quarantine, but is that it?  I am not sure what else I should do.  Can I now delete these files?  I am now concerned about the damage, if any, that these trojans may have caused before they were quarantined.... should I change my passwords, etc.

             

            I always try to keep McAfee updated...

             

            Thanks again,

             

            Shelley

            • 3. Re: Trojan: Generic.dx!llk  What do I do?

              Hi Shelley,

               

              Let me clarify, our cleaning for this detection is to delete detected files. Depending on which product you have installed & particular product settings, would depend on some of the actions taken on such files. As the files are now in quarantine it sounds like you are using our retail product. As this is the case you can use the Restore facility to delete the files.But leaving them in this location automatically renders them benign.

               

              It is unlikely that any other malicious behaviour associated with these files has taken place on your PC, but it's good practice to change you passwords regularly.

               

              In the meantime if you experience any other suspicious behaviour please submit samples to us for analysis.

               

              Rgds

               

              Tony

              • 4. Re: Trojan: Generic.dx!llk  What do I do?

                Hi Tony!

                 

                I am using the online version of McAfee and went ahead, as you said, and removed (not restored) the infected files from quarantine.  I will now do a full system scan and get back to you if I encounter any further problems.  I am so happy that you think that it is unlikely that any other malicious behaviour has taken place. Thanks once again and I will get back to you with results.

                 

                Sincerely,

                 

                Shelley

                • 5. Re: Trojan: Generic.dx!llk  What do I do?

                  Hi again,

                  Did a scan and all seems well.  Thank you so much Tony!  Will be in touch if I do in fact see anything else suspicious.

                   

                  Sincerely and thanks again,

                   

                  Shelley

                  • 6. Re: Trojan: Generic.dx!llk  What do I do?

                    More than welcome shelley.

                     

                    Rgds

                     

                    Tony