Avast WEBforum

Other => Viruses and worms => Topic started by: ravindrankotiath on January 08, 2010, 01:27:42 PM

Title: XTJI.bak malware generator
Post by: ravindrankotiath on January 08, 2010, 01:27:42 PM

in my machine avast showing freaquently that C:\DOCUME~1\Datamate\LOCALS~1\Temp\xtji.bak contains a win32:malware generater. but after it moved to chest or removed it again and again it is showing the same message please help me to solve the problem

Title: Re: XTJI.bak malware generator
Post by: Lisandro on January 08, 2010, 02:11:41 PM

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use MBAM (http://malwarebytes.org/mbam.php) (or SUPERantispyware (http://www.superantispyware.com) or even Spyware Terminator (http://www.spywareterminator.com/)) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan (http://www.abelhadigital.com) tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
9. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).