Can't Delete Trojan.generic.x

RicketyHat

My BitDefender finds a Trojan in memeory every time I scan. When I mark it for deletion, it says it will delete it when I restart, but it is always there again after reboot. It calls it Trojan.generic.x, where x is a six or seven-digit number, and the number varies (209057, 2438994, 2283141). The infected file is \\?\globalroot\systemroot\system32\hjgruihowinyly.dll each time.

At the same time, which may be unrelated, I am having troubl with excessive traffic on my Internet connection and I have used a protocol anaylyser to examine the packets going from the PC to the network. It looks like a virus problem. I have seen:

1) Excesive pinging to a particular site (pokertrading.org) - 50 packets per second. This is undoubtedly a DDOS attack originating from my PC. I have put a firewall rule in to stop ICMP pacets beeing transmitted and this has stopped it.

2) DNS resquests to other sites e.g. judlife, minihyip, jidrka, seemingly trading sites similar to the above; once the site has been located, the PC downloads files from them. I have put the names of these sites in my "hosts" file (windows\system32\drivers\etc\hosts) - should I also put a deny rule in my firewall?

3) Even once I have done the above, there is still traffic from one of my PC processes to the network card. When I use bitdefender's firewall view log (increased verbosity), it shows the above firewall deny rule being activated for the process:

c:\windows\system32\svchost.exe, Cmd. Line: -k dcomlaunch

Questions:

a) is the svchost.exe for dcomlaunch causing the network accesses to the trading sites?

is this a virus/trojan?

c) if so, is it the trojan.generic I keep finding but am unable to delete?

d) how can I delete the trojan?

I hope the answer isn't to use the rescue CD as I only has a slow broadband link and 280MB is a lot to download in one go ( I download BitDefender 2010 after upgrading from 2008, and it took over 90 minutes - this will probably take nearly 4 hours, if it doesn't crash).

I can't find anyone on the forum with the same problem, maybe if there is they will tell me and we can commiserate with each other!

Alex Stanciu

Hello RicketyHat,

We need you to run 2 of our special malware diagnoses tools, in order to obtain some reports which will be analyzed by my colleagues from the Virus Analysis team . Please follow the next link: http://kb.bitdefender.com/KB490, download the Avis and the Gmer tools, run them and after you obtain the files that we need, go to http://www.sendspace.com/ , upload these reports then post here the download links. Also, it will help us if you can upload a copy of the scan report that you have run .

We are looking forward to your reply .

Thank you .

RicketyHat

bd_sys_log.xml.ziP: http://www.sendspace.com/file/0jnasj

gmer.log: http://www.sendspace.com/file/wu57xy

deep scan log: http://www.sendspace.com/file/aux0zk

The details of the problem are in my previous post.

Kind regards,

RicketyHat