Trojan.Gen.3

Discussion in 'Malware Help (A Specialist Will Reply)' started by StuT, Oct 3, 2013.

  1. StuT

    StuT Private E-2

    Hi Guys,

    My machine seems to be infected by Trojan.Gen.3.

    Norton has started popping up today with this as the threat, and finds quite a few temp files, but can't fix or quarantine the problem.

    Is there a fix for this one?

    Cheers,

    Stu
     
    StuT, Oct 3, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 4, 2013
    #2
  3. StuT

    StuT Private E-2

    Hi Guys,

    Ran all the tests and still having my Symantec finding problems.
    It's popping up every 2 mins with an infected file.

    They seem to be tmp files in my AppData\Local\Temp folder.
    And the file names all seem to start with DWH.

    Cheers,

    Stu
     

    Attached Files:

    StuT, Oct 7, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The only questionable items that see in your logs is the below:

    C:\Program Files (x86)\Common Files\akl\secsvr.exe
    C:\Program Files (x86)\Common Files\akl\GetKey.dll
    C:\Program Files (x86)\Common Files\akl\sqlite3.dll

    Do you know what this really is and how it loads? The secsvr.exe process is running but I do not see a place in your logs where it is loading. The only real useful info on this is in the below link but it really does not explaing what it is:

    http://www.threatexpert.com/report.aspx?md5=9308ce20361ffb13e5fc0870c87db14b


    Is this what Symantec is complaining about? If not then exactly what / where is it complaining about. You only have some minor junkware other than the above to remove and that can be removed by deleting the below folder:

    C:\Users\sturner\AppData\Roaming\OpenCandy
     
    chaslang, Oct 8, 2013
    #4
  5. StuT

    StuT Private E-2

    It really is very strange.

    My Symantec is popping up every 30 secs catching something new. Those 2,500 warnings are since yesterday morning.

    Attached are 2 screen grabs showing my desktop pop up and the 2 messages I'm getting. Also attached is a grab of the Symantec control panel showing a few of the many files that are sitting in quarantine.

    Something really odd happened on Monday and sadly I can't replicate now.
    I looked in the Users\sturner\AppData\Local\Temp folder to see what all the tmp files where. There was only one, but it kept visibly changing name every few seconds, as I was looking at it.

    Yesterday it wasn't doing it, and there were only a handful of temp files in there.

    This morning I've looked, and there were about 50 tmp files, all the same size at 1,944kb. But as I'm looking at the folder, they are slowly deleting themselves. There's about 10 left as I type this.

    Very odd.
     

    Attached Files:

    StuT, Oct 9, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 9, 2013
    #6
  7. StuT

    StuT Private E-2

    Fabulous - thanks for that.

    Great advice as always.

    Cheers,

    Stu
     
    StuT, Oct 9, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.


    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Oct 9, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds