BackDoor.Generic 10 SNU

kayabay · Dec 15, 2009

When one of my computers was effected by the BackDoor.Generic 10 SNU trojan, the AVG 8.5 professional was telling that it was a trojan but cannot heal or delete it. Also SpyBot and MalwareRemoval could not recognize it. So there were always CAUTION windows on the computer which was annoying.
Then I've found a way to remove it permanently though.
I started up my computer in SAFE MODE ( for Win 7 it is not as easy as it was ).
Then deleted C:\Windows\Temp folder completely.
The thread was gone.

Note: To start Win 7 in Safe Mode, you have to run "msconfig" and change the start position from normal.

Major Attitude · Dec 15, 2009

You could have deleted just the contents, this is bad advice telling people to delete folders. You also list MalwareRemoval, we don't list that, never heard of it. Spybot is out of date, its detection and removal is not even top 10. Simply put, you got bad advice and got lucky, although the temp folder should have been recreated. You might not have removed this still, just because AVG is not giving you any errors does not mean your clean Some files and folders rename and move themselves, you could be manually deleting files and folders forever. Starting in safe mode is as easy as tapping f8 on bootup for ANY operating system.

SuperAntispyware:
http://www.majorgeeks.com/SUPERAntiSpyware_d5116.html

Malwarebytes Anti-Malware:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

kayabay · Dec 15, 2009

First, my Lenovo X61s does not respond to F8 for a Safe Start So I've found a way inside Win 7 via "msconfig". )

You're right though on not deleting any folders under Windows folder ( too risky ). In fact I only deleted the contents of the folder "TEMP" 'cause the trojan originated files were there and could not be deleted in a normal session.

Also sorry for the second program I wrote. That was MalwareBytes that couldn't find any thread as well as SpyBot. I think the Backdoor.Generic 10 SNU is a new one. I've seen many complaints on it but no realsolutions on the net. So I decided to write down how I managed to.

DavidGP · Dec 15, 2009

Hi

While msconfig is an alternative, the F8 at boot should work with a Lenovo as its not a PC hardware or BIOS based thing bit a Windows OS one, as Win7 boots pretty quickly need to repeatedly tab F8 as soon as you power on.

As the Major said about just deleting a folder or its contents may not mean the malware is gone, they are sneeky and can leave triggers in other areas that may crop up or be active, our Malware Forum has a Read Me guide thats worth running and then starting a new thread in that forum area and attaching the logs per the instructions to get an all clear, to be sure.

kayabay · Dec 15, 2009

This time it is different !
The best spyware software I tried since was the SuperAntiSpyware.
And it seems a new trojan is in that Lenovo notebook named:
SpamTool.EVL
It cannot be detected by even SuperAntiSpyware, and there are only a few new messages in the net that SpamTool.EVL is disturbing computers and yet there are no solutions.
I'm working on it too...
Any help will also be appreciated.

Log in or Sign up

BackDoor.Generic 10 SNU

kayabay Private E-2

Major Attitude Co-Owner MajorGeeks.Com Staff Member

kayabay Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

kayabay Private E-2