Trojan Horse PSW.Generic.EKE

Sarahjovi

Hello,

My AVG program keeps reporting that the Trojan Horse PSW.Generic.EKE has been found on my computer. It is in c:\system Information volume\_restore(...

I have tried deleting and healing etc., but it still comes up as being there. I assume its in the System Restore so I have turned that off and ran Trogan Hunter overnight and also a full system scan by AVG this morning, and both found nothing. I haven't turned the System Restore back on yet.

Any advise about what I should do. I've search on google for it, but nothing comes up!

Thanks

Fran

From what you say it sounds like it has been cleared, so if that's the case you can turn on system restore again.

pchelpman

As Fran advises turn on the SR again and see what AVG has to say about it now.

Also I recommend, if you have a fast internet connection (Broadband), run online scans here….

http://www.pandasoftware.com/activescan/

…and here…..

http://housecall.trendmicro.com.

When running the Panda Activescan make sure you click the Free Online Virus Scan in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan.

Once it has finished save the Activescan log. Then post that log in your next post.

Please run ALL the free scans offered by Housecall.

Make sure they both perform full system scans.

If either/both scans find something they cannot fix - perhaps because the infected files are "in use" - please make a note of the file(s) concerned and post the details back to this thread.

Make a note to run all these scans on a regular basis. It will help keep your PC clean.

Best of luck.

Sarahjovi

Many thanks, I have turned System Restore back on and Avg hasn't reported anything since, so hopefully its gone!

I'll run some of the others just to double check and if they bring anything up, I'll let you know!

Thanks again.

Sarah

Sarahjovi

I've now run the Free Active Scan and this is the log it produced.
The G Drive is a 2nd hard drive from my old computer. I'm on a broadband connection, so I hope the dialer bug is not active! (Not had any huge phone bills). I have Spybot and Ad aware, so will these get rid of these problems!

Thanks for any advice!

Sarah

Incident Status Location

Adware: adware/azesearch Not desinfected C:\WINDOWS\SYSTEM32\azebar.xml
Adware: adware/secure32 Not desinfected C:\WINDOWS\secure32.html
Adware: Adware/AzeSearch Not desinfected C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\BTWGWJNJ\azesearch[1].cab
Adware : Adware/AzeSearch Not desinfected C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\OXC7WZCF\azesearch[1].cab
Adware: Adware/AzeSearch Not desinfected C:\WINDOWS\Downloaded Program Files\azesearch.inf
Dialer : Dialer.DZE Not desinfected G:\WINDOWS\Downloaded Program Files\msa64chk.inf

intel

Try http://www.microsoft.com/athome/security/spyware/software/default.mspx better removal and detection rate than Adaware but leave adaware on your system as they can both delete find different bugs.

pchelpman

Sarahjovi wrote:

Incident Status Location

Adware: adware/azesearch Not desinfected C:\WINDOWS\SYSTEM32\azebar.xml
Adware: adware/secure32 Not desinfected C:\WINDOWS\secure32.html
Adware: Adware/AzeSearch Not desinfected C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\BTWGWJNJ\azesearch[1].cab
Adware : Adware/AzeSearch Not desinfected C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\OXC7WZCF\azesearch[1].cab
Adware: Adware/AzeSearch Not desinfected C:\WINDOWS\Downloaded Program Files\azesearch.inf
Dialer : Dialer.DZE Not desinfected G:\WINDOWS\Downloaded Program Files\msa64chk.inf

Hi Sarah

Panda Activescan has revealed some malware on your system that (presumably) other scanners haven't removed.

I suggest you print this post out to make it easier to work through.

As a first step to fixing all this please go to Add/Remove Programs and uninstall/remove any programs with Azebar, Azesearch in them (or anything that looks like it's related to "Aze"). IF UNSURE don't remove it but post back here with the details.

Next go to the following locations and delete the files in bold IF found.....

C:\WINDOWS\SYSTEM32\azebar.xml
C:\WINDOWS\secure32.html
C:\WINDOWS\Downloaded Program Files\azesearch.inf
G:\WINDOWS\Downloaded Program Files\msa64chk.inf

Now download CleanUp! here…..

http://www.cleanup.stevengould.org/

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Run those free Activescan and Housecall online scans again (all 3 at Housecall) and see what they turn up now. Hopefully nothing bad.

Lastly, download and install the latest version of HijackThis on your main hard drive. Don't save/run the program from "Desktop" or a "temporary" location as any backups made by the program may be lost. Get HJT here...

http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Run the program and you will get a welcome menu...chose the option "Do a system scan and save a logfile". Two things will happen....a system scan will appear then a Notepad logfile on top. Copy and paste that Notepad logfile to this thread. Do nothing else with HijackThis.

I'll have a look at it to see if there's any other malware lurking in the main places on your PC.

All the best.