Hi, my sister’s notebook has recently acquired the trojan trojan.gen.2
I am in the process of installing roguekiller onto her notebook, is there anything else I should do?

Hi,

Write to us the exact file / folder detection path or give us screenshot.

P.S: do not run RogueKiller. Run this diagnostic tool:

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

im not on her notebook, i’m on my laptop, so, if there’s any attachments, how shall I attach them?

http://www.mcshield.net/personal/magna86/Images/avast%20attach%20post.png

her notebook is incredibly slow and is still loading the webpage… we may be here a while.

ok, downloaded the frst64 file, just waiting for it to open up now

i’ve downloaded both of the files, and clicked to open both, but neither are opening, maybe because her notebook is incredibly slow?

ok, after around 30 mins waiting, one of them opened… wahey.

As I wrote above, I shall require FRST logs if you want my help.

hey, sorry for the late reply :confused:

[list]Hi,

C:\Users\Danielle\Desktop\RogueKillerX64.exe
=> As you have been run this tool, attach here all RK reports.

Multiple Antivirus Programs

You are running more than 1 Antivirus program!

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall one of them. Which one, is your decision.

THEN…

Then go here to download tool to remove posible AV leftovers:
http://www.avast.com/en-us/faq.php?article=AVKB11

-------- next -------

We need to uninstall bad software:
Start > Control Panel > Program and Features
Uninstall/Remove the following (if you find)

[] Ask.com Search Assistant 1.0.2 (x32 Version: 1.0.2)
[
] BitGuard (x32)
[*] WebConnect 3.0.0 (Version: 3.0.0)

-------- next -------

For Google Chrome …
Go to the link below for instructions on how to change you homepage in Chrome back on “www.google.com
https://support.google.com/chrome/answer/95314?hl=en

-------- next -------

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


START
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=2CA60026B6AFD7A1&affID=119357&tt=280813_ctrl1&tsp=4992
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=2CA60026B6AFD7A1&affID=119357&tt=280813_ctrl1&tsp=4992
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0BC99A13-2E08-4392-AF1B-E55089A67FF6} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2CA60026B6AFD7A1&affID=119357&tt=280813_ctrl1&tsp=4992
SearchScopes: HKCU - {18EAB056-9057-F224-FD4C-1F6569C4D8D2} URL = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
BHO-x32: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files (x86)\WebConnect\WebConnectbho.dll (Web Connect)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Homepage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=2CA60026B6AFD7A1&affID=119357&tt=280813_ctrl1&tsp=4992
FF NewTab: hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=2CA60026B6AFD7A1&affID=119357&tt=280813_ctrl1&tsp=4992
CHR HKLM\...\Chrome\Extension: [khongjfjjmklggionajlpjcpmnppdace] - C:\Users\Danielle\AppData\Local\BargainJoy.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Danielle\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [ieakfmpjhljbpbfpldjkddkjmmgjmgon] - C:\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx
CHR HKLM-x32\...\Chrome\Extension: [khongjfjjmklggionajlpjcpmnppdace] - C:\Users\Danielle\AppData\Local\BargainJoy.crx
C:\Users\Danielle\AppData\Local\BargainJoy.crx
C:\Users\Danielle\AppData\Roaming\BabSolution
C:\Users\Danielle\AppData\Local\BargainJoy.crx
S2 Update WebConnect; C:\Program Files (x86)\WebConnect\updateWebConnect.exe [65320 2013-10-06] (WebConnect)
S2 Util WebConnect; C:\Program Files (x86)\WebConnect\bin\utilWebConnect.exe [65320 2013-10-06] (WebConnect)
C:\Program Files (x86)\WebConnect
C:\Users\Danielle\Desktop\RK_Quarantine
Folder: C:\{6B4A87A5-D896-4DF0-BC8C-765CFEA28720}
Folder: C:\{E2AFFBBC-F772-4660-8999-D3D2D36FD19E}
CMD: ipconfig /flushdns
END

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

-------- next -------

Please download CCleaner, light software from here and install …
http://www.piriform.com/ccleaner

Do NOT do anything with him, we will use CCleaner later

-------- next -------

Re-run FRST, just press Scan button and post me fresh created FRST.txt logreport.

on it

here they be

also, i will not be able to reach the notebook in question for the coming day or so, therefore I cannot do anything you will tell me to until 20/10/13

Hi MattiieG,
You didn’t obey tip for AV. Please return in “Multiple Antivirus Programs” tip part and follow the instructions:

Then;

[*]Re-run FRST.
[*]Under Optional Scan ensure Additional.txt are ticked.
List BCD" and "Driver MD5 options are not necessary
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]FRST shall generate another log (Addition.txt). Please attach it to your reply.

bump!

Are you still with me? Do you still require malware removal assistance?

Due to user inactivity, I will no longer monitor this topic.