Hi, I'm running the lastest version of McAfee with the lastest update but unfortunately, my laptop is infected with downloader-awx trojan. I've tried all methods know to me to clean, delete or move file but to no avail. The effect of this virus is that its eating up all the memory so I actually can't use file or work with it. I can only use the laptop in safe mode with networking as I am presently doing. Help needed to solve the problem. Below is a summary of the report. Thanks for the help
11/10/2006 18:52:12 Engine version =4400 11/10/2006 18:52:12 DAT version =4871 11/10/2006 18:52:12 Number of virus signatures in EXTRA.DAT =None 11/10/2006 18:52:12 Names of viruses that EXTRA.DAT can detect =None 11/10/2006 18:52:11 Scan Started COOMBERS\Administrator Scan All Fixed Disks 11/10/2006 19:30:33 Deleted c:\WINDOWS\system32\awvvvvs.dll Downloader-AWX(Trojan) 11/10/2006 19:31:26 Move failed (Clean failed) c:\WINDOWS\system32\gebcaba.dll Downloader-AWX(Trojan) 11/10/2006 19:32:04 Deleted c:\WINDOWS\system32\jkhfggg.dll Downloader-AWX(Trojan) 11/10/2006 19:32:10 Deleted c:\WINDOWS\system32\jkhhgda.dll Downloader-AWX(Trojan) 11/10/2006 19:32:33 Deleted c:\WINDOWS\system32\mlljihg.dll Downloader-AWX(Trojan) 11/10/2006 19:36:49 Scan Summary COOMBERS\Administrator Scan Summary
Ok guys, After posting my request I went searching for a solution and this is what I got that finally solved my problem. So below is a lonk to the site I found a solution.
Well, this is an old thread. But a persisting problem!
With the solution from majorgeeks, I was NOT able to delete gebcaba.dll! So you know, necessity is the mother of invention! :D
I did it but it was REAL tough. I also had another file in system32, SSQRR.DLL which could not be deleted either! In HijackThis, the gebcaba.dll appears under O20 (Winlogon stuff), hence it is almost impossible to remove this beast using common methods! That's why I resurrected this thread.
I managed it by simply denying system rights for gebcaba.dll and ssqrr.dll. Yes, not even system is allowed to do anything with the file: neither read nor execute it!
* THE REMOVAL * (note, I have foreign language windows, so it might be translations are not one-by-one!)
1. Go to %WINDIR%\SYSTEM32, using explorer.
2. Find gebcaba.dll, select Properties.
3. Go to the tab "Security settings".
4. Deny ANY permission to Anybody, including system and administrators.
5. Click on Advanced...
6. Clear the checkbox that you want to transmit inherited access rights.
7. Answer the message box with "Remove" (center of button row).
8. REBOOT.
9. Do steps 1-8 with ssqrr.dll (if you have been haunted by it too)
After this procedure, and after windows was up and running again, I was able to delete both files from system32!
Currently it is Friday, November 21, 2008 12:58 PM (GMT +1) There are a total of 63.985 posts in 15.829 threads. In the last 3 days there were 34 new threads and 167 reply posts. View Active Threads
Who's Online
This forum has 27186 registered members. Please welcome our newest member, Kerrloveswilly. 40 Guest(s), 1 Registered Member(s) are currently online. Details Behram
|