Trojan horse Dropper.Generic_c.MMI

Hello,
I am new to this forum and have been amazed at the wisdom of some of you guys. Your help in my trojan demise would be greatly appreciated...

I run avg only, run firefox only and have windows 64bit. I get the Trojan horse Dropper.Generic_c.MMI alert constantly.

Here's my farbar recovery tool scan

 

Welcome to MajorGeeks, marcalis77

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Reboot

 

Thanks for your quick reply thisisu! Attached is the fixlog...

 

Delete the C:\FRST folder.
Reboot.

Let me know if AVG is still picking up detections and if you are experiencing any malware related problems.

 

ok, so i deleted the c:frst folder and still am getting the pop up... what's next? its the same trojan dropper.generic_c.mmi...

 

Ok, start reading and following this guide: READ & RUN ME FIRST Malware Removal Guide

 

Ok...did everything in the readme. Attached are the logs.

 

I think you attached someone else's FRST.txt and not your own. That is why the fix didn't find the files/folders we wanted to delete.

• Username in FRST log: Sherlock <== Sounds familiar actually..
• Username in latest set of logs you attached: heather

I can still make you a fix but it may take me a while to review the rest of your logs. Please be patient.

 

Awesome. Sorry bout the noob err. Do u need me to ge another frst?

 

I think I have all the information I need now so we can fix everything in one FRST fix.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

http://img805.imageshack.us/img805/9659/rktigzy.gif Now reboot and run another RogueKiller scan

 

k. attached are the logs for frst64 and rogue killer. do i do anything with what was found in rogue killer? i haven't got another popup in the last 5 minutes...looks good so far.

 

First, delete the C:\FRST folder

Second:

http://img805.imageshack.us/img805/9659/rktigzy.gif Delete items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Once the scan is complete, go to the Registry tab and checkmark everything except the below items:

• [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0)
• [HJ] HKLM\[...]\System : EnableLUA (0)

Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[4].txt
Attach RKreport[4].txt to your next message. (How to attach)

__

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

Ok. I think the most recent is rkreport[4]

 

sorry didn't get the bottom part of the message. running mgtools...

 

here they are

 

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 32
• WhiteSmokeTranslator

Also choose one of the following to uninstall as it is a bad idea to run more than one anti-virus. You can run the uninstaller too to remove additional traces of the one you choose to uninstall:

• Norton Internet Security ==> Norton Removal Tool
• AVG 2012 ==> AVG Removal Tool x64

The rest of your logs are clean. Let me know if you are still experiencing malware related issues.

 

I get an error when trying to remove white smoke. i attached a photo below. but everything else looks awesome. I appreciate all of your help. You are a godsend.

 

You're welcome.

Delete these folders if they still exist:

• C:\Users\Heather\AppData\Local\Temp\WhiteSmokeTranslator
• C:\Program Files (x86)\WhiteSmokeTranslator

Let me know if successful or not.

http://img205.imageshack.us/img205/4783/regeditb.gif Then download fixme.zip

• Extract the fixme.reg file that is inside fixme.zip onto your desktop.
• Then double-click fixme.reg and allow it to merge into the Windows registry
• Let me know if the merge was successful or not.

 

whitesmoke in appdata/temp wasn't there but i did the rest and the fixme file successfully merged. please tell me you are paid to help people like me out. i don't know how to thank you for all of your help.

 

You're welcome and no this is a volunteer service.

__

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe