Removing another Trojan horse Dropper.Generic_c.MMI

Discussion in 'Malware Help (A Specialist Will Reply)' started by Billiebob56, Aug 13, 2012.

  1. Billiebob56

    Billiebob56 Private E-2

    Hi,

    Its the first time I've posted so if I get it wrong let me know and I'll try harder!

    I've got a Trojan horse Dropper.Generic_c.MMI virus...It seems to be in my service.exe file. I'm getting AVG warning messages every few minutes regarding it (and what I assume are its off spring in the c:\windows\installer file!)

    I think I picked it up from an Adobe update...but can't be 100% sure.

    I've been through the "Read me" and followed it precisely. I have attached the scan results below and I would be very grateful if you could help me out.


    Thanks for any help.

    Will
     

    Attached Files:

    Billiebob56, Aug 13, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)
     
    Kestrel13!, Aug 14, 2012
    #2
  3. Billiebob56

    Billiebob56 Private E-2

    Hi,

    Frst.txt attached.

    Thanks for the help (in very clear instructions!)

    Will.
     

    Attached Files:

    Billiebob56, Aug 15, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Attached is fixlist.txt
    • Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST64.exe on your flash drive.

    Now re-enter System Recovery Options.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (How to attach)

    Now attempt to boot normally.

    -------------------------------

    • Now re-run RogueKiller - no fix just a scan and attach the log.
    • Re-run FRST - no fix, just a scan and attach the log.
      Re run HitmanPro no fix just a scan - attach log.
    • Let me know how things are running at this point.
     

    Attached Files:

    Kestrel13!, Aug 15, 2012
    #4
  5. Billiebob56

    Billiebob56 Private E-2

    Hi,

    Please find attached all the logs as requested...

    I've only just completed them so its probably too early to say...but thus far I have not had virus warnings...so fingers crossed.

    I guess if the logs tell you its clear then I should turn off defogger?

    Thanks for all the help.

    Will.
     

    Attached Files:

    Billiebob56, Aug 16, 2012
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hang on.


    http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate this 1 detection:
    • [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Will Thornton\AppData\Local\{3329dffd-f3f1-5768-ddbe-f6efec66dca6}\n.) -> FOUND
    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[3].txt to your next message. (How to attach)

    Reboot the machine.

    Now run FRST properly, log indicates you did not
    Re run RogueKiller - no fix just a scan and attach that log too.
     
    Kestrel13!, Aug 16, 2012
    #6
  7. Billiebob56

    Billiebob56 Private E-2

    Hi,

    I have carried out the instructions as noted.

    With regards to the Rogue Killer reports the numbers don't tie in with the ones you mentioned so I have included RKreport[3] as requested, but RKreport[4] & RKreport[5] were created as a result of todays scans.

    Many thanks for your help.

    Regards

    Will.
     

    Attached Files:

    Billiebob56, Aug 23, 2012
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Attached is fixlist.txt
    • Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST64.exe on your flash drive.

    Now re-enter System Recovery Options.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (How to attach)

    Now attempt to boot normally.

    -------------------------------

    • Now re-run RogueKiller - no fix just a scan and attach the log.
     

    Attached Files:

    Kestrel13!, Aug 23, 2012
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds