Trojan.Downloader-Gen

[KarenAkaDimples]

Trojan.Downloader-Gen C:\SYSTEM.SAV\UTIL\TDCTWKS\CLEARLOG.EXE

I was hit with this on saturday morning. Next thing I know, I can't run IE or FF. I only have access to IE 64-bit. Malwarebytes doesn't run at all...Not even in safe mode. In the "Action Center"...There's supposed to be a blue flag, showing updates. Mine flag is white with a lil black clock running under it...It says backup in progress. It's been running since saturday, when the virus hit. It also runs while in safe mode. I'm convinced that's the virus. I've tried stopping it, etc and nothing works. I've done numerous restore points and it's still there. The only cleaners that run are CCleaner and SuperAntiSpyware. I can't even use my back-up disc! Have no clue what to do.

[Maurice Naggar]

Hello Dimples and welcome to Malwarebytes' forums.

Please do not post multiple topics. Just stay with this one.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for member KarenAkaDimples only. If you are a casual viewer, do NOT try this on your system!

If you are not KarenAkaDimples and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

• Click the Start button, and then click Computer.
  
• On the Organize menu, click Folder and Search Options.
  
• Click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders.
  
• Click Apply > OK.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, do that right then. Press Reboot Now.
  The report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt
  ". Please copy and paste the contents of that file here.
  

Reply with copies of the aswMBR log and the TDSSKiller log.

Do not do any websurfing or online games, or anything online until we have all this cured. I'll advise when.

There's a lot more after this.

[KarenAkaDimples]

Hey Maurice, sorry about the multiple posts. I followed your instructions here and came across a problem. I copied & pasted to notepad, I'm in safe mode, I downloaded ERUNT, but it's nowhere on my laptop. That's been happening since saturday. No matter what I download, it's nowhere to be found. I went on to downloading aswMBR.exe and when I clicked on download a box popped up saying: aswMBR.exe is not commonly downloaded and could harm the pc.

Have no clue what the problem is. For some reason, I can't download anything...not even in safe mode.

Edited January 15, 2012 by Maurice Naggar
removed quote box from quote-reply

[KarenAkaDimples]

Just found ERUNT in my downloads, that's a first. I click on it and nothing happens. It starts loading then stops...nothing more happens....Grrrrr

Edited January 15, 2012 by Maurice Naggar
Removed quote box

[Maurice Naggar]

Have a lot (lots) of patience.

If you have Windows 7 or Windows Vista, do a RIGHT-Click on ERUNT and choose Run As Administrator to start it.

If you have Win XP, a douuble-click should get it going.

IF it still will not start, skip and do the next steps in my last reply.

Have infinite patience.

[KarenAkaDimples]

Hey Maurice...I finally figured it out, after 4 days! I came here and scoped out what others were told to do. I downloaded everything I could find, on the posts here, until one would download and run/scan. I came across "HitmanPro" and it worked!! Soon as that was done downloading, it scanned my laptop and caught two viruses. I then gave Malwarebytes another try and that worked as well. I was able to clean the laptop and get it back to running perfect! Thanks so much for your help anyways, appreciate it!

[Maurice Naggar]

Hello Karen,

I'd like for you to get the last scan log in MBAM and copy & paste it here in a reply, or you could also attach it in a reply.

The easiest way to find it is by starting MBAM

click the Logs tab

Look for the one named mbam-log having the latest date (should be date of your last run)

then click Open button

It will open in Notepad

you can do Edit, select all, Copy (CTRL+A then CTRL+C )

and then paste in a reply.

Keep in mind that you should return here for additional help to run some other tests to be sure all is OK.

Also, it is NOT a good idea for safety-sake to look at the fixes used in other people's topics.

Some of them can render your system in-operable.

Provide an update on the situation.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!