Phoenix.GoldGeneric need help

My computer has been infected with the phoenix.goldgeneric and after much research, I havent been able to find a way to remove it. I have located the .exe file and a .tlb file in the sprint folder causing interference with my internet connection. My computer has also been throwing a blue screen lately which i havent been able to get a screen shot of yet.

Mcaffe claims that they can remove this virus however it hasnt been able to detect it. any help to get rid of this would be much appreciated.

thanks in advance,

- Clay

 

i have located the exe file along with a .tlb file at C:\Program Files\Sprint\Sprint SmartView

I also had a hit in the following places when I ran a search by the name however im not sure if they are related to the problem or not:

Reenen - phoenix.milk --> C:\Program Files\Winamp\Plugins\Milkdrop2\presets

Phoenix --> C:\Program Files\Summit\jre\lib\zi\America

Phoenix --> C:\Program Files\Java\jre6\lib\zi\America

PHOENIX.EXE-060C1A06.pf --> C:\WINDOWS\Prefetch

and in the registry @ HKEY_CLASSES_ROOT\AppID\{02E0D2BF-1B2D-4ef4-B3CE-541AFD9DAF62}

hopefully that helps.
thanks again - clay

 

I saw a change when I went thru the steps you gave me, but after a couple of days I started to see the symptoms return. I looked at another officers computer and the pheonix.exe and the pheonix.tlb files dont exsist on there machines.

McAfee has not at anytime detected any files (which I dont understand because there website is the only one so far that I have been able to find any info on this virus) Since I installed it prior to starting this thread. The way that I found these files was by simply using the windows file search looking for anything named Pheonix. I also searched the registry in the same manner using regedit.

Also when sprint locks up and I restart the machine a force quit window pops up saying that Pheonix.GoldGeneric is not responding etc etc.

 

None of these files exist on the other computer that i could find; Unless this phoenix program infected the files and renamed them.

I uploaded some screen shots hoping it may help. Disregard the .jpg files in the search picture, they are just the screen shots that I was saving.

Would it help if i sent you some of these infected files, or parts of them, so you can evaluate them?

 

Not sure if the original post applied, computer crashed while i was waiting for the upload.

None of these files exist on the other computer that i could find; Unless this phoenix program infected the files and renamed them.

I uploaded some screen shots hoping it may help. Disregard the .jpg files in the search picture, they are just the screen shots that I was saving.

Would it help if i sent you some of these infected files, or parts of them, so you can evaluate them?

 

None of these files exist on the other computer that i could find; Unless this phoenix program infected the files and renamed them.

Would it help if i sent you some of these infected files, or parts of them, so you can evaluate them?

 

all of our machines were installed using the same image. Software consists of sprintsmart view for the air card, spillman, microsoft office, fire fox, ccleaner, and avg. I uninstalled avg prior to installing mcafe to see if mcafe could remove the virus. When mcafe didnt locate the virus, I posted this thread looking for help.

All of the computers recieved the same image in the same time frame.

After the image was installed, I added Winamp and some other software that I personally own, which to my knowledge the other machines do not have.


I just looked at a 3rd machine and again no phoenix files.

 

I havent tried this option yet, I do not have access to the original copy of this software

 

I havent tried this option yet, I do not have access to the original copy of this software

I just ran ccleaner again and it located HKEY_CLASSES_ROOT\Phoenix.Generic.Client and HKEY_CLASSES_ROOT\Phoenix.GenericGold.Client, however it is not fixing them.