Trojan horse Generic14.DNH

July 26, 2009 at 10:47:02
Specs: Windows XP
I have avg internet security 8.5 and broadband of you telecom. When i connect my modem to pc(i.e. dial-up) my avg web-shield pops-up with message of file name:brenz.pl/ex/0032.exe infection:Trojan horse Generic14.DNH and path location of c\windows\system32\winlogon.exe, in web-shield there is no any option to remove infection. i have tried whole scanning of avg in normal as well in safe mode but nothing found. What should i do? note that i m not able to open antivirus websites as well microsoft. my home page is also sometimes hijeckted what should i do plz help me

See More: Trojan horse Generic14.DNH

Report •


#1
July 26, 2009 at 11:52:46
Download and run Kaspersky AVP tool in safe mode: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool in safe mode:
# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
July 27, 2009 at 07:51:15
Thank u for ur reply. today i have scanned my pc in safe-mode with avg, surprise is that it has found it moved to virus vault from virus vault i have deleted it in normal mode after safe mode complete scan. When i have connected my pc with modem to use internet, at that moment avg again pops up with same message of trojan and so on....and still i m not able to remove it from web shield. Thanks for your opinion but as i have mentioned in my above message i m not able to access websites with words like kaspersky,avg,virus,spyware,and many other.... So please give me another link from which i can download like download.com or any other....But note that i can update my avg but can't update any other antivirus program which i recently install. So give me your another opinion with thoroly understand my message. Thank you again

Report •

#3
July 27, 2009 at 08:05:35
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connected to internet. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Also make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility.

--> Please navigate to "File" => "Custom Scripts". Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdate;
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script.

--> Choose from the menu "File" => "Standard scripts" and mark the "Healing/Quarantine and Advanced System Investigation" check box. Click on the "Execute selected scripts" button.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. Upload virusinfo_syscure.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

Image Tutorial

2) Can you also make a new HijackThis log and upload it to rapidshare.com. HijackThis: Here

In your next reply, please include download links to the following:
[*] virusinfo_syscure.zip
[*] HijackThis Logs


Report •

Related Solutions

#4
July 28, 2009 at 07:15:51
Hi thank you for your response. I have tried much to download avz.exe but as because of trojan i can't download it resone is same ie can't open webpage.

Report •

#5
July 28, 2009 at 07:28:48
Edit and delete your Response Number 4. Try this link for AVZ: http://www.uploadjockey.com/downloa... and follow the directions carefully.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
July 29, 2009 at 06:02:23
Hi, Following is a rapidshare link which contains my log file of avz as told by you.

http://rapidshare.com/files/2613728...

Thanks For your responce.


Report •

#7
July 29, 2009 at 06:04:56
Hi, Hey man how can i delete my response 4 there is only an edit option. Where have to delete it. give me reply please.

Thanks


Report •

#8
July 29, 2009 at 06:52:46
You can't delete only edit. Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\WINDOWS\system32\userinit.exe','');
 QuarantineFile('C:\WINDOWS\system32\SHELL32.dll','');
 QuarantineFile('C:\WINDOWS\system32\rundll32.exe','');
 QuarantineFile('C:\WINDOWS\System32\wscript.exe','');
 QuarantineFile('C:\WINDOWS\System32\cscript.exe','');
 QuarantineFile('C:\WINDOWS\system32\Drivers\mchInjDrv.sys','');
 DeleteFile('C:\WINDOWS\system32\Drivers\mchInjDrv.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(true);
RebootWindows(true);
end.

2) After reboot execute following script in AVZ:

begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.


A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.

3) Redo Response Number 3 and generate new set of logs.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#9
July 29, 2009 at 11:14:04


Report •

#10
July 29, 2009 at 12:33:21
Delete Response Number 9 and read carefully Response Number 3.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#11
July 30, 2009 at 03:54:58
Log file of Hijeckthis is:
http://rapidshare.com/files/2617171...

And Virusinfo_syscure.zip is:
http://rapidshare.com/files/2617174...

Keep me replying Thanks in advance and again


Report •

#12
July 30, 2009 at 06:18:49
Open HijackThis click on scan only. Then select entry below:
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1085543-B7B5-4C03-A50F-028D5CF26EF0}: NameServer = 203.187.192.12 203.187.192.15

Hit fix.

Then follow:
Download and run Kaspersky AVP tool in safe mode: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool in safe mode:

# Check below options:

    * Select all the objects/places to be scanned. 

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#13
July 30, 2009 at 08:26:33
Sorry bro still i m not able to open given link of kaspersky avp tool. I have tried twise and thrise but ie7 gives message of internet explorer cannot display the webpage. Give another website where i can download kaspersky avp tool but in that link there must not use of word kaspersky before first backslash (/) Better that give me a link of download.com or softpeia or any ohter. Thanks... :)

Report •

#14
Report •

#15
July 31, 2009 at 20:57:43
Hi, sorry for late reply. I have scanned my pc in safemode and found 3218 infections i have disinfected them but some of are trojans so they can't disinfected and so i have deleted them. Here is my log file on rapidshare.

http://rapidshare.com/files/2623752...

Today when i have restarted my pc and coonected to internet avp again pops-up with msg of webshield findings "Trojan horse Downloader.Generic8.AZUN" object:"put.ghura.pl/gc.exe" "" "7/28/2009, 7:11:44 AM" "file" "C:\WINDOWS\System32\winlogon.exe"

And still i am not able to open websites of, with words antivirus,etc.. and can't update avp tool and avg... as mention in other responses. Thanks for your kind help.


Report •

#16
July 31, 2009 at 21:20:36
I suggest you reformat your PC its nearly impossible to recovery completely from virut.ce infection without corrupting original file.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#17
July 31, 2009 at 21:55:47
Hey don't tell me to reformat i don't have my bootable cd. Please give me another way to clean it please please.

Report •

#18
August 1, 2009 at 05:43:06
this is really nasty virus it might make your system really unstable. Download ftp://ftp.kaspersky.com/devbuilds/RescueDisk/kav_rescue_2008.iso and burn it to disc on clean system. Then boot from it and run a scan.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#19
August 1, 2009 at 11:52:33
i can't open that website plz. give me another link with http://.... plz. thnks for your kind help. In my pc there is a mirecle done now i can able to open all websites and avg doesn't gives msg of infection i think virus is being removed. But there is a problem with my avg it's resident scanner can't active. Give me another link of rescuedisk i want to format my pc. But give me the procedure b'cause i am not good in computer knowledge i never formatted anyone's pc so please help me at all

Report •

#20
August 1, 2009 at 12:28:37
Burn the disc on clean system.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#21
August 22, 2009 at 01:17:21
i have downloaded rescue disk and bunred it on disk and i have boot that cd in my pc but it can't get update from my internet connection i think i accurs because i need to enter username and password i.e. need to connect from pc to modem but in rescue disk i doesn't appear any dialog box from which i can connect and so it can't update. So my question is is there any way to update rescue disk manually or a way with which i can download and save update on my hard drive and execute it on rescue disk. If there is any way give me a link from where i can download virus definition for rescue disk.

Report •


Ask Question