yet another trojan-gen {VC} thread

[J-2000]

I've read throughout the forums about this virus and ive got it myself, the lil bitch keeps regenerating whenever i delete it. I have no idea what it does, how i got it, when i got it but most importantly how the hell to kill it!

ive got the info from the chest:

C:\program files\Common files\updater\Delupdat.exe
was infacted by the win32:trojan-gen {VC}

and

C:\program files\Common files\updater\Sui.exe
with the exact same virus

ive had this thing for about a week now and have repeatedly attepted to kill it but with no luck. so how do i kill it? and also what does it do? is it harmful? please help me.
Thanks

P.S. Im a total novice to PC's

[whocares]

I've read throughout the forums about this virus

Hi,
what about the results of other scanners, e.g. from Trend, KAV, RAV ?
or running SPYBOT, AD-Aware and Cwshredder ?
see the other "trojan-gen" posts for Links & details

you might want to try booting the PC in SafeMode (press F8 when booting, until a menue appears; select safeMode)
Then delete the file with avast, or manually

[J-2000]

ive attached my hijackthis log to the post, this log was made 5 mins after i ran and fixed things through spybot.

also i moved the files to the chest and deleted them, i also went to the source of the virus (the updater folder) and wiped it.

is there anything on the log which needs removing?

[whocares]

Hi,

there seems loads of malicious or unnecessary stuff in there

Did you do a thorough scan with avast ?

also use onlinescanner from Trend and www.ravantivirus.com
remove found malware according to info on avast's pages, VGREP (see below) or google

also install, update, scan and fix with:
Ad-aware, cwshredder

Check the files listed in the Hijackthis-log with
http://www.sysinfo.org/startuplist.php  (and search on Google)
and scan them with KAV (see below),
to see what's malicious or useless: fix those with hijackthis

Links and further details can be found via the board search or google

then scan again with hijackthis and post the NEW log here

 

[J-2000]

thanks, but i seriously have no idea what im doing here

i used the online scanner on my C:\ drive, but avast on access scanner was on too so it was finding the virus before housecall could, it found 3 (of you guessed it, trojan-gen {VC}) i moved them to the chest.

also, i came home from colledge to find my dad had started playing a game, all he said was "the scanner said it was ok so i switched it off."
im now looking through the filenames on my new hijackthislog, and so far ive found some live sexchat thing, sahagent and everything else so far is clean.

as i said though, i have no idea what im doing so if someone could tell me what and what not to delete, I will appreciate it.

thanks

[whocares]

Hi,

0) it seems you have the AV-Monitor /resident shield/Vshield of BOTH avast and Mcafee running simultaneously ..
That is BAAADDD!!  disable one of them permantly
(or if our subscription to mcafee has run out, uninstall Mcafee completely)

1) uninstall new.Net /newdotnet via control panel -> Software/programs

2) PAUSE avast's ResidentShield = AV-Monitor BEFORE you do a scan with
Ad-Aware and cwshredder or other scanners

-> Fix everything found

3) do a scan with Trendmicro's and then RAV onlinescanner (with avast still paused); note the found virusnames exactly, and look up info for Trend here:
http://www.trendmicro.com/vinfo/virusencyclo/

and for RAV results here: http://www.virusbtn.com/resources/vgrep/index.xml
(select Gecad RAV in the VENDOR menu, enter the found trojan/virus-name and follow the red links to the instructions on removal to trend, mcafee or symantec)

if you don't succed there, tell us for each finding of Trend and RAV:
- exact virus name and exact location (full path/folder/filename)

4) rerun spybot and ad-aware again, best in SafeMode (F8-Boot); fix everything found
 if something keeps occuring there, report here what it is

5) remove everything in the hijackthis-log from O16 DPF ... that you don't know or need

6) is www. btbroadband. com/ your desired startpage ?
if not: fix it


and then post new hijackthis-log