0 Replies Latest reply on May 23, 2010 11:32 AM by PyrosLambert

    How to get rid of the Generic.dx!ssp

      For a period of the last 3 days, each time I was rebooting my PC, I was receiving ALERTS that a trojan was detected and removed.

      The trojans were named after a name like the following "Generic.dx!ssp" (with variations of the last 3 letters) and despite the fact that I had performed 3 times a full scan nothing more was detected...

      Still each time I turned on my PC there was an alert of 3 to 7 new trojans...

       

      aplac.jpg

       

      The problem is that I couldn't do anything to fix this situation until I read about a free antivirus external program (also recomended by McAfee), so I gave it a try and this is how I got rid of this annoying worm.

       

      This is the program Malwarebytes Anti-Malware

      http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?par t=dl-10804572&subj=dl&tag=button

       

      mentioned here

      http://community.mcafee.com/message/6645#6645

       

      and this is what the log file gave me after the remove of all infected elements

       

      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Database version: 4132

      Windows 6.0.6002 Service Pack 2
      Internet Explorer 8.0.6001.18904

      5/23/2010 1:00:58 PM
      mbam-log-2010-05-23 (13-00-58).txt

      Scan type: Full scan (C:\|D:\|)
      Objects scanned: 313735
      Time elapsed: 1 hour(s), 18 minute(s), 2 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 1
      Registry Data Items Infected: 1
      Folders Infected: 0
      Files Infected: 3

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Quarantined and deleted successfully.

      Registry Data Items Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-5162644410-0203606188-367361584-3723\yv8g67.exe,explorer. exe,C:\Users\USER\ctfmon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      C:\RECYCLER\S-1-5-21-5162644410-0203606188-367361584-3723\yv8g67.exe (Worm.Autorun.B) -> Delete on reboot.
      C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MITUM1GS\dwwmk[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
      C:\Users\USER\AppData\Local\Temp\578.exe (Trojan.Ddox) -> Quarantined and deleted successfully.