win32/genetik variation won't go away!

Please attach only the logs that are requested. The instructions did not request a HijackThis log as one from a properly installed program is already included as part of the MGtools program. You needed to only attach the C:\MGlogs.zip as requested. DO NOT try to create your own log from the files in C:\MGtools and do not add any logs to it on your own unless requested to do so. Did you have problems while running MGtools.exe? Did you get any error messages that were mentioned on the download page? Did you accept the license agreement for TrendMicro HijackThis as specified?

Did you create the below policies yourself?

I strongly advise that you uninstall QQ, QQ2007II Beta2, or Tencent (whatever it is called). This program has been the cause of many many people coming here with malware problems. It is also considered to be adware. See the below links:

http://www.tenebril.com/src/info.php?id=441301950
http://www.securemost.com/articles/rm_tencent_qq.htm


Now we need to use ComboFix to remove some files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Delete the below two files:
C:\WINDOWS\lov01.exe
C:\WINDOWS\TEMP\os0yzk2f.TMP

Now empty your Recylce Bin.

Now use the instructions in the below link to toggle System Restore off and then back on (disable then enable).

Afterwards, are you still having problems? If so, attach a log that displays the problems.

 

Sorry about that. Here is the link: Disable And Enable System Restore

 

You're welcome.


If you are not having any other malware problems, it is time to do our final steps:

2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
3. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!