-
January 8th, 2008, 01:47 PM
#1
generic9.aiuj virus?
I have a customer that keeps getting this on AVG. it claims to detect it and then heal it. it then comes back. I've used an older version of the public av cd ( as I can't seem to get it to update anymore ) and it removed a bunch of stuff so then I used hi-jackthis to remove the file : c:\windows\system32\cdfuie.dll but it comes back... I tried trend micro and it doesn't find it.... anyone have any ideas? I don't have a log as she took it back as she had some stuff to do on it....I've seen evidence of other people encountering this but no one seems to have an answer....
Don't hate me because I'm a US citizen!
-
January 8th, 2008, 02:52 PM
#2
I did a bunch of searching - make sure the AVG is the latest available (free or otherwise, whichever the client has) and is updated and run in Safe Mode.
Try an on-line kaspersky in Safe Mode with Networking.
If either appears to be removing it, but it reappears, turn off System Restore and do them again in Safe Mode.
Also, use this in safe Mode:
http://www.majorgeeks.com/download4954.html
-
January 8th, 2008, 03:48 PM
#3
thanks I'll check into that.... avg was run from safemode and was the latest.... it does "heal" it but it comes back the next time you boot... I'll check out that utility.... I'll have to wait till she is done and can bring her computer back in...
Don't hate me because I'm a US citizen!
-
January 8th, 2008, 04:14 PM
#4
Driver Terrier
Eset now have an online scanner... might be worth giving them a go as well.
Only AVG finds this thing, it might be a heuristic scan error. Does it find it with heuristics off?
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
January 8th, 2008, 04:19 PM
#5
I'll look into that too thanks NooNoo
Don't hate me because I'm a US citizen!
-
January 8th, 2008, 08:21 PM
#6
Registered User
Should pretty much turn off system restore right away if you have a virus and it reappears even once.
-
January 9th, 2008, 12:30 PM
#7
Registered User
Shard92, this isn't a false positive, but information on the pest is scanty. Reportedly, ComboFix will remove it when run in Safe Mode after disabling System Restore. This takes you directly to the ComboFix download.
-
January 9th, 2008, 05:12 PM
#8
Registered User
The last post was very rushed, and I felt I should add to it. The name gneric9.aiuj is indeed generated by AVG hueristics, and no, I can't tell you which pest this thing is. However, I know a couple of folks who have encountered it lately (different filenames than cdfuie.dll) and found that Combofix was an effective removal tool. I wish they had run some scans with other tools that might have attached a name to this nasty, but they didn't. In fact, we might even be dealing with different infections to which AVG heuristics have attached the same name.
-
January 10th, 2008, 10:56 AM
#9
thanks slgrieb,
I have looked around as well.... I appreciate the info, my hands are tied at the moment as I dont' have the machine in front of me...
aren't virus' fun!!!
Don't hate me because I'm a US citizen!
-
January 23rd, 2008, 02:26 PM
#10
slgrieb,
well the combofix seems to have worked.... I have restarted a few times and ran avg.... By the way if you didn't know it puts the infected files into a zip file called catchme so that the av program can successfully quarantine the virus....
---edit--- by the way I'm rebooting several times including going on line and running scans to see if it comes back and so far so good... wish me luck.
Don't hate me because I'm a US citizen!
-
January 23rd, 2008, 02:30 PM
#11
Driver Terrier
Good Luck Shard. Take care.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
Similar Threads
-
By xacebop in forum Spyware & Antivirus - Security
Replies: 21
Last Post: April 8th, 2008, 04:45 PM
-
By GrandDad in forum Spyware & Antivirus - Security
Replies: 1
Last Post: October 27th, 2004, 07:23 AM
-
By Froghead in forum Spyware & Antivirus - Security
Replies: 4
Last Post: January 14th, 2003, 02:55 AM
-
By Danrak in forum Tech-To-Tech
Replies: 21
Last Post: May 12th, 2000, 07:18 AM
-
By pcshark in forum Tech Lounge & Tales
Replies: 4
Last Post: March 10th, 2000, 05:14 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks