generic9.aiuj virus?

**Shard92** · January 8th, 2008, 01:47 PM

I have a customer that keeps getting this on AVG. it claims to detect it and then heal it. it then comes back. I've used an older version of the public av cd ( as I can't seem to get it to update anymore ) and it removed a bunch of stuff so then I used hi-jackthis to remove the file : c:\windows\system32\cdfuie.dll but it comes back... I tried trend micro and it doesn't find it.... anyone have any ideas? I don't have a log as she took it back as she had some stuff to do on it....I've seen evidence of other people encountering this but no one seems to have an answer....

**CCT** · January 8th, 2008, 02:52 PM

I did a bunch of searching - make sure the AVG is the latest available (free or otherwise, whichever the client has) and is updated and run in Safe Mode.

Try an on-line kaspersky in Safe Mode with Networking.

If either appears to be removing it, but it reappears, turn off System Restore and do them again in Safe Mode.

Also, use this in safe Mode:

http://www.majorgeeks.com/download4954.html

**Shard92** · January 8th, 2008, 03:48 PM

thanks I'll check into that.... avg was run from safemode and was the latest.... it does "heal" it but it comes back the next time you boot... I'll check out that utility.... I'll have to wait till she is done and can bring her computer back in...

**NooNoo** · January 8th, 2008, 04:14 PM

Eset now have an online scanner... might be worth giving them a go as well.

Only AVG finds this thing, it might be a heuristic scan error. Does it find it with heuristics off?

**Shard92** · January 8th, 2008, 04:19 PM

I'll look into that too thanks NooNoo

**Ferrit** · January 8th, 2008, 08:21 PM

Should pretty much turn off system restore right away if you have a virus and it reappears even once.

**slgrieb** · January 9th, 2008, 12:30 PM

Shard92, this isn't a false positive, but information on the pest is scanty. Reportedly, ComboFix will remove it when run in Safe Mode after disabling System Restore. This takes you directly to the ComboFix download.

**slgrieb** · January 9th, 2008, 05:12 PM

The last post was very rushed, and I felt I should add to it. The name gneric9.aiuj is indeed generated by AVG hueristics, and no, I can't tell you which pest this thing is. However, I know a couple of folks who have encountered it lately (different filenames than cdfuie.dll) and found that Combofix was an effective removal tool. I wish they had run some scans with other tools that might have attached a name to this nasty, but they didn't. In fact, we might even be dealing with different infections to which AVG heuristics have attached the same name.

**Shard92** · January 10th, 2008, 10:56 AM

thanks slgrieb,

I have looked around as well.... I appreciate the info, my hands are tied at the moment as I dont' have the machine in front of me...

aren't virus' fun!!!

**Shard92** · January 23rd, 2008, 02:26 PM

slgrieb,

well the combofix seems to have worked.... I have restarted a few times and ran avg.... By the way if you didn't know it puts the infected files into a zip file called catchme so that the av program can successfully quarantine the virus....

---edit--- by the way I'm rebooting several times including going on line and running scans to see if it comes back and so far so good... wish me luck.