Please Help! Troj_Generic.ADV that I can not get rid of

I use Trend Micro and starting yesterday I started getting notices that I had Troj_Generic.ADV infecting my computer. After using their removal tool and help desk, both of which have failed to get rid of it, I'm going crazy. I followed all your instructions and here are my logs.

I ran CCleaner and it turned up nothing. I ran Spybot (which I use regularly, along with Ad-Aware and Spysweeper)...it found nothing.

 

GetrunKey Log
ShowNew log
Hijack This Log

Thanks in advance for any help with this.



Some more info

The trojan seems to be in my documents and settings temp folder and any time I try to delete it, it says I don't have access. If I delete in safe mode, it's just back in regular mode. The file name is C:\Documents and Settings\Laura\Local Settings\Temp\Clclean.0001.dir\~df394b.tmp

 

Welcome to Majorgeeks!

If you spoke to TrendMicro and they did not know what those file are, they need to educate their tech support people better. Those files are not problems. They are due to software you installed.

See this: http://www.whatsrunning.net/whatsrunning/QueryProductID.aspx?Product=682

Any number of companies may be using licensing schemes like this. Adobe, Creative Labs....etc.


I suggest that you uninstall CounterSpy now. You don't need it anymore and it is only a trial.

Also uninstall the below:
Search Assist

 

Ok...I uninstalled SearchAssist and Counterspy.

So...the fact that it won't allow me to delete this temporary file isn't a problem? I'm a little confused. Is my antivirus wrong? There weren't any problems with any of my logs?

Part of the problem is when I do things with certain programs my trend micro pops up with this file I listed and the fact that I have the Troj_Generic.adv. For example, when I was uninstalling the CounterSpy, the real time virus warning was popping up, like it was being triggered by something in the uninstall.

Thanks for getting back to my post right away, btw.

Thanks for the welcome too.

Oh, and do I want to run the process in the link you gave me? http://www.whatsrunning.net/whatsrunning/QueryProcessID.aspx?Process=5207

 

No it is not a problem! And as you already found out, if you delete it, it will come back.

Yes!

No! This is what is commonly referred to as a false positive.

No I just wanted you to read the info which supports what I was telling you. The files and folders are not problems.

 

Thanks so much! I've been going crazy and obsessing over this all day.

So is there any way to get my Trend Micro to stop warning me about it? It pops up on my screen.

Oh, and the one scan (Activescan.txt) pulled up the virus that it didn't fix. Was that anything? (Virus:Eicar.Mod)

 

Only if they have a way to configure it to ignore certain file names. You could also complain to them about the false positive and see if they will come up with an updated to correct it.

It was also a false positive. It was detecting a help file for your TrendMicro antivirus. In some regards it was not a true false positive since it was just detecting the test virus that was in the file.

 

Thanks for all the help!!!!!

 

You're welcome!

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!