Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

WIN32:Trojan-gen {UPX!}

1144 Views 9 Replies 3 Participants Last post by  Flrman1
Y
It seems I've this computer has been infected with this ->WIN32:Trojan-gen {UPX!}<- virus. I've successfully deleted a few of the files, but there 8 files that I cannot get rid of. These are the files:

c:\windows\system\iijouqg.tsd
c:\windows\system\dupmqfw.adr
c:\windows\system\pwdly.jkg
c:\windows\system\jjij.uyb
c:\windows\system\winsrv32.exe
c:\windows\system\s7captur.dll
c:\windows\system\icqpwsteal.dll
c:\windows\system\s7advanced.dll

These pesky files will not delete and I cannot figure out how to get rid of them. Any help would be appreciated.

Thanks,
Sammy
Save
Like
Status
Not open for further replies.
1 - 2 of 10 Posts
Flrman1
Boot to safe mode and delete them.

How to start your computer in safe mode.

Also please do this. Click here to download Hijack This. Click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.

*Note: When you download Hijack This Do Not download it to a temp folder or to the desktop. Create a permanent folder somewhere like in My Documents and name it Hijack This and put it in that folder.
See less See more
Save
Like
Flrman1
Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [MSN Messenger] C:\MY DOCUMENTS\MESSENGER SERVICE RECEIVED FILES\PIC1324(1)(1)(2)(1)(1).exe

Restart to safe mode and delete:

The C:\MY DOCUMENTS\MESSENGER SERVICE RECEIVED FILES\PIC1324(1)(1)(2)(1)(1).exe file

How to start your computer in safe mode.
Save
Like
1 - 2 of 10 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top