Trojan.generic.kdv.241263 problems

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jmesax, Jun 4, 2011.

  1. jmesax

    jmesax Private E-2

    I picked up a trojan last night that BitDefender Antivirus Pro 2011 picked up as Trojan.generic.kdv.241263. It said it protected me and deleted it but my computer then said I had hard drive problems and when I restarted Windows 7 recovery tried to repair but couldn't do several things. BitDefender again said it picked up a virus in the attrib.exe file. I have run through the Malware Removal guide in the sticky and will attach the 4 files (I'm running Windows 7 x64 so couldn't do rootrepeal). Running these programs has seemed to help but my desktop is still doing some strange things - when I hit the start button none of my programs show up until I hover over all programs (maybe this is just a reset of something?) Also only a few icons on the toolbar below show up (for a time all appeared as the paper icon but now half show up (Firefox, Spider Solatair, and Bitdefender) and half are still the paper icons (Windows media player, Windows Explorer, and Internet explorer (all of this is right next to the start button if that makes sense). Also my desktop picture wasn't restored (which again may not be anything...)

    I'm wondering first why BitDefender didn't protect me??? It was updated and running obviously but somehow it still infected my system. Thanks for the help.
     

    Attached Files:

    jmesax, Jun 4, 2011
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please download and save the below tool from Grinler @ bleepingcomputer to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

    http://download.bleepingcomputer.com/grinler/unhide.exe

    Now run it. Now see if you can find your Programs?
     
    chaslang, Jun 4, 2011
    #2
  3. jmesax

    jmesax Private E-2

    Thanks I'll try this - also I'm still wondering if I have this virus as when I look at my resource monitor the attrib.exe is still running although maybe this is normal? Thanks for all the help.
     
    jmesax, Jun 5, 2011
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes you have an infection but it is not a virus. Run the unhide command to see if we can restore things that seem to be missing. Then tell me your status. We will continue to check for other issue after this.
     
    chaslang, Jun 5, 2011
    #4
  5. jmesax

    jmesax Private E-2

    Ran the "unhide" command but everything seems to be the same - the paper icons at the bottom (for Windows explorer etc.) don't seem to have the right links as when I clicked on them the programs "weren't found" so I just deleted them. The start menu is the same although it's not a huge issue as when I click on all programs they will then appear. I'm more concerned that everything is off my machine at this point.
     
    jmesax, Jun 5, 2011
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay that is likely because ComboFix had already removed the backups that unhide.exe was looking to restore. Had you run ComboFix more than once??? ( It looks like the log you posted shows it was run at least twise ). Did you run someone else's instructions before coming here? You have folders deleted that show in ComboFix's quarantine that were not deleted when you ran the scan you posted the log for in this thread so they must have been deleted at an earlier time. In addition, they do not have the normal .vir extension added to them so the below attempt at dequarantining them may not work.


    So let's do the below.




    Now we need to use ComboFix to DeQuarantine some files that it should not have removed.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named C:\DeQuarantine_log.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now rerun the unhide.exe command as previously requested.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



    Then attach the below logs:
    • C:\DeQuarantine_log.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now! Did any of the missing information return?
     
    Last edited: Jun 7, 2011
    chaslang, Jun 7, 2011
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds