Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Trojan Horse Generic27.SLL
Page 1 of 2 12››
February 29, 2012 16:00 Trojan Horse Generic27.SLL #194129
Reply with Quote | Quick Reply | Top
excalaber

Avatar

Novice
Join Date: 29.2.2012
Posts: 5
Hi,

Has anyone heard of this one before. "Trojan horse Generic27.SLL"
I can't seem to get rid of it or find any info on it!

Help please! Im ready to throw the computer in the bin. crying

Cheers
February 29, 2012 19:28 Re: Trojan Horse Generic27.SLL #194143
Reply with Quote | Quick Reply | Top
vd233

Avatar

Novice
Join Date: 29.2.2012
Posts: 6
excalaber wrote
Hi,

Has anyone heard of this one before. "Trojan horse Generic27.SLL"
I can't seem to get rid of it or find any info on it!

Help please! Im ready to throw the computer in the bin. crying

Cheers

I have the same problem crying

And I'm still using it for work.. even if I don't know how safe it is.. now..

I'm running Windows Vista Home Basic
AVG ver. 2012.0.1913
DB ver. 2114/4840

"";"C:\Windows\System32\rundll32.exe (3560):\memory_00ca0000";"Trojan horse Generic27.SLL";"Object is inaccessible."
"Detection name";"Trojan horse Generic27.SLL"
"Object type";"file"
"SDK Type";"Core"
"Result";"Infected"

"Object name";"C:\Windows\System32\rundll32.exe (3560)"
"Detection name";"Trojan horse Generic27.SLL"
"Object type";"process"
"SDK Type";"Core"
"Result";"Deleted"

Even if it says it was deleted it's not... whenever I do the scan it's still there and after I rebooted my laptop I still have the same problems with that Trojan Horse cloning explorer and other system or user files and AVG doesn't find them anymore... crying

in 10 hours I need to access my secure accounts to work crying I would really need some help crying crying

is it at least safe to access my accounts?

P.S. whenever I open my laptop I have to close down from task manager rundll32.exe for me to be able to even go on the internet.

crying crying crying
February 29, 2012 20:01 Re: Trojan Horse Generic27.SLL #194147
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 18.6.2009
Posts: 23811
@ vd233

Memory.. This type of infection can be usually removed by running a scan using updated AVG Rescue CD. Should the infection persist, please provide both Gmer scan results Msinfo output and AVG Anti-Virus scan results for further analysis.


AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
February 29, 2012 20:20 Re: Trojan Horse Generic27.SLL #194152
Reply with Quote | Quick Reply | Top
vd233

Avatar

Novice
Join Date: 29.2.2012
Posts: 6
BIG AL 43 wrote
@ vd233

Memory.. This type of infection can be usually removed by running a scan using updated AVG Rescue CD. Should the infection persist, please provide both Gmer scan results Msinfo output and AVG Anti-Virus scan results for further analysis.

Can you let me know if it is safe for me to access my accounts? I think I can live with closing down the programs from task manager if we can't solve it in 24h.

And thanks for the quick reply, really appreciate it.
error.jpg
February 29, 2012 20:22 Re: Trojan Horse Generic27.SLL #194153
Reply with Quote | Quick Reply | Top
vd233

Avatar

Novice
Join Date: 29.2.2012
Posts: 6
Error trying to put it on the USB.

Can you let me know if it is safe for me to access my accounts?

And thanks for the quick reply !!!
error.jpg
March 1, 2012 08:41 Re: Trojan Horse Generic27.SLL #194185
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello vd233,

It is definitely not safe to use your accounts when your computer is infected.

Please follow steps mentioned by BigAl so we can analyse the issue further.

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 1, 2012 12:13 Re: Trojan Horse Generic27.SLL #194195
Reply with Quote | Quick Reply | Top
excalaber

Avatar

Novice
Join Date: 29.2.2012
Posts: 5
Hi Big Al,

Im having similar problems to vd233.
I am running XP Professional on my pc. When I encountered this problem and realised it was a virus, I disconnected from the internet. Every time I start up the pc it opens 2 explorer windows with the ip address http://195.189.227.147/.

When I start up it also seems to clone my desktop, so that some of the system files i try to open, open behind the the cloned desktop. You see them briefly when shutting down. e.g. Task manager or if I push windows key + R.....

I am working off my laptop at the moment, so not sure how to get the required info through to you!
Worried about connecting my pc to the internet.
Can I take a photo? (sorry if its a silly question)
March 1, 2012 17:47 Re: Trojan Horse Generic27.SLL #194213
Reply with Quote | Quick Reply | Top
vd233

Avatar

Novice
Join Date: 29.2.2012
Posts: 6
I'm lucky I have Windows XP installed on it too but without internet, only a few basic drivers, so I was able to make the bootable USB from there and I left the scan run all night long, when I woke up in the morning he found 3 worms and the scan was frozen.. so I rebooted the laptop.. and when I went back on the bootable usb I chose to see the last result and what I remember is that one was in system32 and one in explorer, I chose the healing option and it said he healed all 3 files, then I scanned it again just to be sure and he found 3 Trojan Horses into Java, I chose the healing option again and the program said he healed only 1 file, when I went back to check the last result it said all the files were healed.

I opened windows vista and the same things happen, when the processes are loading at one point explorer disappears and this other "fake", "cloned" explorer comes into place.. I took a screenshot too so you can see how weird my task manager looks like. ( http://www4.zippyshare.com/i/96108801/22577/task%20manager.jpg )

Whenever I try to use gmer rootscan it freezes (while scanning) and at one point rebooted my laptop too, I tried the older version but I can't even open it up because it instantly freezes. (yes they were renamed into vd233roo.exe)

The normal gmer scan worked.. even if the first time I tried it rebooted my laptop.. and the msinfo was done on the "fake" "cloned" explorer so I hope is still some good.

What I also noticed is that whenever explorer starts and I quickly access task manager and I close rundll32.exe and everything that looks suspicious to me the "cloned", "fake" explorer and invisible notepads don't appear anymore, is that safe for me to work on? Without the "fake", "cloned" explorer?!?

Thanks again for the effort and the help, really appreciate it.

P.S: I had to access my accounts this morning to work a bit I hope they're not compromised... and after I'll post this I'll run the rescue CD again if it finds anything I'll choose renaming this time.

Cheers.
March 1, 2012 21:12 Re: Trojan Horse Generic27.SLL #194231
Reply with Quote | Quick Reply | Top
vd233

Avatar

Novice
Join Date: 29.2.2012
Posts: 6
not working....

crying I did another scan with the bootable usb... and he didn't find anything... but I still get the issues with "fake", "cloned" explorer and the rest...

crying crying crying crying crying

I just want to be able to work again on my laptop, I'm currently on a friends laptop..
March 2, 2012 07:36 Re: Trojan Horse Generic27.SLL #194248
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello vd233,

Please also provide us with Gmer anti-rootkit scan results.

If you will not be able to run anti-rootkit scan, you may try to restore master boot record in offline mode.
Right after the MBR is restored, please scan your computer with updated AVG Rescue CD to kill all remains of infection.

Thank you.

___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
Page 1 of 2 12››