how to remove trojan horse generic 22.xib

May 10, 2011 at 10:38:32
Specs: Windows XP
The AVG resident shield on my computer indicated that I have a Trojan Horse Generic22.XIB virus. When I looked into where the actual object is located on my c drive, it was not there. It says that it should be located in c:\Windows\system32\dx8vb8.dll but when I go to that folder, the closest file is dx8vb.dll...can some one help me to remove this virus??

See More: how to remove trojan horse generic 22.xib

Report •


#1
May 10, 2011 at 12:04:49
it-illiterate

Please download TFC (Temp File Cleaner):
http://oldtimer.geekstogo.com/TFC.exe
Save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so. If not prompted, manually reboot the computer to ensure a complete clean.

Next, download Malwarebytes’ Anti-Malware (black button with green and white icon) Save to the Desktop:
http://download.cnet.com/Malwarebyt...

Double-click mbam-setup.exe and follow the prompts to install the program.

Run Malwarfebytes’ AntiMalware and update the program.
Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the Remove Selected button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.


Please post the Malwarebytes log in your reply so we can see where we are at, and plan any additional removal strategy.


Report •

#2
May 10, 2011 at 19:37:27
The TFC program gave me over 4GB free space...thanks for that!

The Malwarebytes antimalware found some virus and removed them, here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6550

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/10/2011 9:38:10 PM
mbam-log-2011-05-10 (21-38-10).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 201084
Time elapsed: 1 hour(s), 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Value: GHWAUC6NNZ -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Here is what the AVG resident Shield now states:

Infection: "Trojan horse Generic22.XIB";
Object "c:\WINDOWS\system32\dx8vb8.dll";"Infected";
Detection Time: "5/10/2011, 9:23:12 PM";
Object type: "file";
Process: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"C:\WINDOWS\system32\rundll32.exe"

Can this virus be removed? what else do I have to do?


Report •

#3
May 10, 2011 at 21:34:55
Let’s try EsetOnlineScanner, and see what kind of results we get from it.

First, temporarily disable your antivirus program (AVG), so that it does not interfere.
The AVG Resident Shield prevents certain programs from fixing an infection.

To disable the AVG Resident Shield.
Double click to AVG icon on the Desktop to show the AVG antivirus control center.
Click the Resident Shield
Uncheck Resident Shield Active box.
Click Save Changes.


Then, download the esetsmartinstaller_enu.exe installer http://download.eset.com/special/eo...
Click the file to run the EsetOnlineScanner.

If you accept the Terms of Use, check the box and click: Start
It takes a couple minutes for the scanner to get ready.

When the Computer scan settings appear, check the following boxes:

Remove found threats
Scan unwanted applications

Next to 'Current scan targets: Operating memory, Local drives', click: Change Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CDROM drives).

Now, click the Advanced option, then, place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start.

This scan may take a while, so please be patient.

A log opens when the scan is complete (If not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt).

Click Edit > Select All, and copy/paste the Eset log in your reply.


Report •

Related Solutions

#4
May 11, 2011 at 09:41:28
The link that was provided for the online scanner does not work.

is there another similar site?


Report •

#5
May 11, 2011 at 10:53:11
If Eset does not download, place the following address in your browser, but, without the quotes:


"http://download.eset.com/special/eos/esetsmartinstaller_enu.exe"


Report •

#6
May 14, 2011 at 06:13:27
I ran the ESET online scanner and here is the log:

ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=d075e6fe37d3984d9b1f9bcafac47535
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-14 04:31:32
# local_time=2011-05-14 12:31:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 47239214 47239214 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64973
# found=0
# cleaned=0
# scan_time=2847
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=d075e6fe37d3984d9b1f9bcafac47535
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-14 12:45:40
# local_time=2011-05-14 08:45:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 47268614 47268614 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64988
# found=0
# cleaned=0
# scan_time=3095

Now when I go into the resident shild for AVG it still shows that I have
Object: "Trojan horse Generic22.XIB";
Infection: "c:\WINDOWS\system32\dx8vb8.dll";"Infected";
Detection Time: "5/12/2011, 9:40:44 PM";
Object type: "file";
Process: "C:\WINDOWS\system32\MRT.exe"

What is left to do? every scan that is performed does not show this virus, and when I click remove threat from the AVG program it states that "some files can not be healed" and that 'access is denied'.


Report •


Ask Question