Shoutbox

Well, thanks to my brother just now telling me that our office computer has a virus on it I can't do a system restore to get rid of this little bastard. It's called "Generic2.AVS". I have used both AVG Professional and NOD32. Both have healed the virus, but after every reboot the stupid thing comes back. What it does is disconnect my internet and connect to some dodgy place in Austrailia which I'm being billed for. I've looked on my startup list (msconfig), and I don't see anything out of the norm. I've googled this but nothing has helped.

Solution anyone? Really annoying, especially now that the family computer is down .

quote:

---

Originally posted by RebelSean
Well, thanks to my brother just now telling me that our office computer has a virus on it I can't do a system restore to get rid of this little bastard. It's called "Generic2.AVS". I have used both AVG Professional and NOD32. Both have healed the virus, but after every reboot the stupid thing comes back. What it does is disconnect my internet and connect to some dodgy place in Austrailia which I'm being billed for. I've looked on my startup list (msconfig), and I don't see anything out of the norm. I've googled this but nothing has helped.

Solution anyone? Really annoying, especially now that the family computer is down .

---

Download and run Autoruns from http://download.sysinternals.com/Files/Autoruns.zip and run it in Safe Mode then check for anything out of the ordinary.

Woah, I have no idea what half that stuff is, or if it's sopossed to be there or not .

You should be able to save a text file of all of it then try and post it. (May need to copy it to a key drive to post it here). Or boot in Safe Mode with Networking.

I think this is it.

quote:

---

Originally posted by AutoRuns.txt

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run   

+ gwiz            c:\windows\system32\ntsystem.exe

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute           

+             File not found: 

+ ????Ta             File not found: ????Ta

+ ?A??2            File not found: ?A??2

+ SsiEfr.e            File not found: SsiEfr.e

+ SsiEfr.e            File not found: SsiEfr.e

+ SsiEfr.e            File not found: SsiEfr.e

+ SsiEfr.exe\            File not found: SsiEfr.exe\

+ stera            File not found: stera

+ t?A(            File not found: t?A(

---

These are all oddities. However you ant to delete the gwiz and as well delete that file. (If you want to zip it up and post it I can open it in a VM and see if it does anything else).

[edit]

ZOMG My Post Counter~ 4666


[/edit]

Ok, I have had a look trough there.  First filter out verified microsoft processes (go to option then Hide Signed Microsoft....).  Second remove all the settings that say "File Not Found" next to them (they are obviously not needed and redundent) that is for general maintainance.  Filtering out the windows varified makes it alot easier for us looking at your log files.  (Damn trojans are annoying!)

quote:

---

Originally posted by Matty

quote:

---

Originally posted by AutoRuns.txt

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run   

+ gwiz            c:\windows\system32\ntsystem.exe

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute           

+             File not found: 

+ ????Ta             File not found: ????Ta

+ ?A??2            File not found: ?A??2

+ SsiEfr.e            File not found: SsiEfr.e

+ SsiEfr.e            File not found: SsiEfr.e

+ SsiEfr.e            File not found: SsiEfr.e

+ SsiEfr.exe\            File not found: SsiEfr.exe\

+ stera            File not found: stera

+ t?A(            File not found: t?A(

---

These are all oddities. However you ant to delete the gwiz and as well delete that file. (If you want to zip it up and post it I can open it in a VM and see if it does anything else).

[edit]

ZOMG My Post Counter~ 4666


[/edit]

---

So I can untick those boxes and then delete the ntsystem file?

quote:

---

Originally posted by RebelSean
So I can untick those boxes and then delete the ntsystem file?

---

Yup.

Better now RebelSean?  I want to know if our advice worked....