AVG found a Trojan

Discussion in 'Malware Help (A Specialist Will Reply)' started by BillD, Apr 5, 2006.

  1. BillD

    BillD Private First Class

    Hi, again, all. Another weird one (wife's comp). AVG keeps popping up an alert saying there is a Trojan Back Door.GENERIC2.QET, located in system32/pptp32.dll. It can't heal it, or rmove to the Virus Vault, as access is denied. I have done a search and cannot find the listed dll. I ran House Call, and Symantec online, and neither found it (although House Call found a bunch of spyware and grayware). In addition, the AVG icon in systray, went gray and said the virus definitions weren't up to date, (not true). So, I uninstalled AVG, reinstalled AVG, updated, and immediately got the same popup, and the icon went gray. Any thoughts or ideas would be much appreciated. Thanks.
     
    BillD, Apr 5, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That file is a Haxdoor problem.

    Download haxfix.exe from to your Desktop.

    • Close all other programs including all browsers windows (this one too).
    • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
    • Checkmark "Create a desktop icon"
    • Click "Next"
    • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
    • Click "Finish"
    • A red "dos window" (dos box) will open with options:
    1. Make logfile
    2. Run auto fix
    3. Run manual fix
    E. Exit Haxfix

    Select option 1. Make logfile by typing 1 and then pressing Enter

    Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
    Attach the contents of that logfile in this thread please. (c:\haxfix.txt)

    Then also tell me what your current status is.
     
    chaslang, Apr 5, 2006
    #2
  3. BillD

    BillD Private First Class

    Thanks for the reply. I will try that when I get back from running some errands. What did you mean by current status?
     
    BillD, Apr 5, 2006
    #3
  4. BillD

    BillD Private First Class

    Hope I did this correctly. Again, I am not sure what you mean by current status.
     

    Attached Files:

    BillD, Apr 5, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I mean are things working any better or are you still having problems. If you are still having problems, it is time to work thru our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, Apr 5, 2006
    #5
  6. BillD

    BillD Private First Class

    Sorry for not getting back sooner. I do appreciate the help, but wasn't able to get to the whole job till Monday. The trojan (it became 2) is now gone. AVG was able to remove it when I disabled System restore. I followed the procedure to the letter, and after the spyware and adaware was removed I ran the AVG, and it seemed to clean the trojan out. It should have occurred to me earlier that Accesss was denied because the problem was in system restore. In all, Adaware and Spybot found, and removed a few items as did the Windows Malicious Software scan. Windows Defender found nothing, and Bitdefender came up clean. I also ran Hax.exe, and allowed it to clean. After the wife used it last night I scanned with Panda today, and it found 8 instances of spyware. I ran Spybot and it came up clean, Adaware found 19 items and removed them. It appears that the original problem is gone.
    I thank you for your help, and I have printed out the instructions and will keep them handy for future reference. Thanks, again.
     
    BillD, Apr 11, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Make sure you follow the below steps:

    How to Protect yourself from malware!
     
    chaslang, Apr 11, 2006
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds