Trojan Horse keeps coming back

[mark1123emily]

Sucks for me though, Can't really download softwares using this laptop. But I tried other formats (mp3's) it can... I can't even download revo. Either cancelled or windows have no permission.

[mark1123emily]

Seems like everyday AVG could find a trojan horse generic14.GID tucked away in my system restore! I ran MBAM and SAS nothing was detected what's going on why doesn't it go away!

[micky77]

Do not worry about anything found in system restore, these can be deleted by disabling,the re-enabling SR.This will delete ALL restore points.So you may want to leave it for now.
Try a couple of things, first post a HijackThis log, choose scan and save a log file.Copy/paste the txt log.
Also, preferably from a clean pc,download Avira Rescue CD. Simply download the file,double click it,insert blank disc, the program is burnt to disc.Insert disc into infected pc,reboot.Follow the instruction from the link.If anything is found,write down the findings and post back

http://filehippo.com/download_hijackthis/

http://forum.avira.com/wbb/index.php?page=Thread&postID=730130#post730130


You said your laptop is one week old, if it has a recovery partition, the very best advise,would be to restore it to its factory settings,and start afresh.

[mark1123emily]

this is an eeepc model, so i have no dvd/cd rom. Im trying to do the system restore tru the programs/application/system tools/system restore but usually an error happens. It keeps saying that it cannot perform system restore. Thanks alot! Im still trying to call the store from which I brought this maybe they can restore it using an external ROM.
Thank you very much for all your help!!!

[mkis]

Hi Mark1123emily

If you have the computer only one week, then you should not be experiencing these problems, especially in System Restore. If still under warranty, then the computer can be taken back to the vendor. If not under warranty, then the vendor should still make the effort to return the computer to running condition, though not obliged to. With eeepc, hard to imagine problems so quickly. Not the normal situation. But anyway, best to try the store first, then come back to the forum if you have no luck there, and provide any new details.

[DavidR]

Seems like everyday AVG could find a trojan horse generic14.GID tucked away in my system restore! I ran MBAM and SAS nothing was detected what's going on why doesn't it go away!

Generic detections are a compromise between finding that normal signatures wouldn't find anf finding something that is a good file.

A generic signatures, is generally trying to catch multiple or new variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

So when MBAM, SAS and previously avast befor you ran AVG found no infected restore point, I would have to doubt the AVG detection of the restore point using a generic signature.

System Volume Information folder Restore points are by their nature inert, you would have to use system restore and restore your computer to a point where the suspect/infected restore point was restored.

Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
 
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
 
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

So as micky77 suggested clearing all restore points would resolve this once and for all, regardless if the detection by AVG is good or a false positive.

[mark1123emily]

Hi! First of all, a big Thanks to everyone who have taken their time to help me. I've learned a lot from you guys.

Secondly, I've decided to do a system recovery (restoring it to it's original factory setting) provided by Asus. Since it's only almost two weeks old, I don't have any important files in it yet. I still don't know where I got the Malware OGax.exe that for some reason infected both laptops (eee pc 1000HE & 701). So to end my misery (Downloading problems) I did a system restore for the 1000HE which has a F9 system recovery function. I am currently installing Avast! an I'm planning to install MBAM, SAS and Spyware blaster. This laptop (1000HE) was the only one displayed on the shop. So I guess they must have used to it to a lot of demos to their customers. They claim that they only order one for each model and replace it when it is already sold. So I guess they used it to test the wifi, LAN etc to see if it's working and that might be the cause of the dreaded malware getting into it. The only thing that both came into contact with both laptops was my BF's SDHC card where he puts his files. Since I've gotten this laptop I only used it for net (Facebook mainly). But before I used it for net purposes I made sure to ALWAYS install Avast! Even with other Computers that I have (and repaired).

I'll update you guys to see if everything's OK.

Again, Thank you so much!

Mark1123emily

[DavidR]

You're welcome, god luck with the factory restore.

[mark1123emily]

Can you give me the link from which I can download the Avast home edition? seems now that is my problem I've tried Downloading Avast twice now but it says Connection Terminated retrying 

Thanks

[nmb]

oki here it is:

http://www.avast.com/eng/download-avast-home.html

[mark1123emily]

Thank you!!!

[DavidR]

Can you give me the link from which I can download the Avast home edition? seems now that is my problem I've tried Downloading Avast twice now but it says Connection Terminated retrying  

Are you using a download manager (if so what) ?

How are you downloading were you trying to download and install in one action or saving the installation file to your hard disk first ?

[micky77]

Secondly, I've decided to do a system recovery (restoring it to it's original factory setting)

Very wise decision. For the future,consider purchasing,something like Acronis True Image. This will take a snap shot of your entire computer,you can then restore to that image, no need to go back to square one. Also for safer surfing, consider using Sandboxie, all surfing,is contained in a 'sandbox' When you finish surfing , the entire box is deleted.

[mark1123emily]

I got it from cnet. It needs to download the setupeng first before it automatically installs. I am currently Downloading the actual setupeng now.

@micky77- I'll consider that. I need to install Avast first before doing anything that involves the net

[DavidR]

You would be best to get it directly from avast.com (from the link you were given scroll down to the language version you want) download.com gets very busy and that could be a factor.

Plus I don't like the download a small file that starts to do the installation whilst on-line, it is much better to get the full setup file (from avast as above instruction) and install off-line, you can then save a copy of that file, should you need it in the near future.