Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Trojan Horse Generic27.PN & ARZX
March 14, 2012 14:27 Trojan Horse Generic27.PN & ARZX #195361
Reply with Quote | Quick Reply | Top
nospamprl

Avatar

Novice
Join Date: 14.3.2012
Posts: 4
I also have the generic27 problem and can't get rid of it yet.

Here is where I'm now:

I did the offline fixmbr procedure from the XP CD
Rebooted into the AVG rescue disk
Updated the rescue disk (priority 2 - database update)
Scanned boot sector (no infections found)
Performed a full scan (Default options = arc,heur,pup,pup2)
Detected several instances of generic27.ARZX and generic27.PN on DLL's in WINDOWS\system32 and on desktop.ini on WINDOWS\assembly (title shows identity alert)
I repaired them from inside the rescue disk
Rebooted into windows
AVG started reporting infections as soon as windows and AVG loaded
Ran GMER (both autostart and antirootkit), MSINFO and saved the attached result files.

I suspect the virus generates wifi activity, I'm afraid it is stealing my info.

Does reinstalling XP will clean it? I'll do it if its the only solution.

Please help me.
March 14, 2012 15:13 Re: Trojan Horse Generic27.PN & ARZX #195366
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello nospamprl,

Formatting HDD and re-installing Windows may not help.

Please carefully follow How To Restore The Master Boot Record article.

Also please provide us also with new full AVG Anti-Virus scan results so we can analyse the issue further.

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 14, 2012 15:57 Re: Trojan Horse Generic27.PN & ARZX #195373
Reply with Quote | Quick Reply | Top
nospamprl

Avatar

Novice
Join Date: 14.3.2012
Posts: 4
As I mentioned in my previous post, I performed the fixmbr procedure in offline mode (from the XP CD recovery console) as a first step.

Anyway, I just did it again and also did a fixboot.

I rebooted but I keep getting alerts.

Attached is the last AVG scan result. But it seems it keeps creating new infected files constantly every minute.

Please let me know the step by step procedure to follow.

Thanks
March 14, 2012 18:16 Re: Trojan Horse Generic27.PN & ARZX #195391
Reply with Quote | Quick Reply | Top
Dusan Obert

Avatar

Administrator
Join Date: 12.8.2009
Posts: 1595
Hello nospamprl,

Please try to scan your computer with updated AVG Rescue CD.

Afterwards, perform all steps described in full reinstallation instructions - AVG files may be infected.

Provide us with fresh AVG full scan and both GMER outputs if the infection still persists.

Thank you
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 14, 2012 20:42 Re: Trojan Horse Generic27.PN & ARZX #195411
Reply with Quote | Quick Reply | Top
nospamprl

Avatar

Novice
Join Date: 14.3.2012
Posts: 4
I performed what you asked for in the las post, unfortunately, now I can't get internet access, neither wifi nor LAN, so I cant update AVG database.

Is there a way to download the updated database to another computer and perform an offline update? I cant find it.

Anyway, Im running the AVG scan now.

EDIT.. UPDATE,

I just rebooted and AVG says I'm not protected: Antivirus not active, Antirootkit: Controller not found, Identity protection: Disabled (My messages are in spanish, these are my translations)

This is getting worst, do I still have any chance of correcting it or should I go the hard way and repartition, reformat and reinstall XP?

Thanks.


March 15, 2012 08:08 Re: Trojan Horse Generic27.PN & ARZX #195442
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello nospamprl,

Have you performed full re-installation as Dusan suggested?

To restore lost Internet connectivity please follow this howto article.

Also please provide us with new Gmer scan results Msinfo output and AVG Anti-Virus scan results for further analysis.

Thank you
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 15, 2012 16:46 Re: Trojan Horse Generic27.PN & ARZX #195483
Reply with Quote | Quick Reply | Top
nospamprl

Avatar

Novice
Join Date: 14.3.2012
Posts: 4
Since every step made the situation worst, I took the "hard" way and reinstalled XP. I deleted the partition, reformated it and reinstalled. First thing was to do an offline AVG update as described above, then reinstalled drivers and connected to internet. The infection seems to be gone according to AVG.

I have one more question:

To make sure the infection is gone, I tried to run the rescue disk I have. After reinstalling XP the rescue disk cannot connect to internet. I thought reinstalling XP would do nothing to rescue cd because its a complete different OS. It should only be affected by bios and the internet connection, which I didn't touch. The internet connection is running fine on the reinstalled XP environment and in other computers in my network? Any suggestions to enable internet on the rescue cd?

BTW, how is it that the rescue CD connects to internet? I am never asked to provide my wifi password. Or was it doing it thru the wired ethernet card?

Thanks.


EDIT*********************************************

Suddenly I received a BSOD with driver_irql_not_less_or_equal and atapi.sys

I restarted the machine, but now the windows xp logo screen stays for as much as 5 minutes. Programs are very slow to load. AVG is active but doesnt reports any infection.

Am I infected again? Is there anyway to get rid of this? Since I already did a clean XP installation I'm willing to do it again or if necessary, buy a new disk (ouch).

Now I'm running another rescue disk scan. Now it's able to connect to internet again.
March 15, 2012 20:27 Re: Trojan Horse Generic27.PN & ARZX #195510
Reply with Quote | Quick Reply | Top
Dusan Obert

Avatar

Administrator
Join Date: 12.8.2009
Posts: 1595
Hello nospamprl,

As suggested in post 195366 by nemethste, formatting drive may not help when there is MBR infection present.

If you are willing to perform another reinstallation, try to delete all partitions, then create single partition and perform full format on it.
Afterwards, follow [url=forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=147645]How To Restore The Master Boot Record[/url] - Offline mode.
Only then proceed with reinstallation of Windows.

Make sure to install AVG prior to installing or downloading any other software.

AVG Rescue CD should connect via ethernet cable. Since you were able to connect with it again it is possible that the cable was unplugged or due to some temporal issue with connection/CD.

Thank you
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us