Help me please: Invasion from Win32:Adware-gen?
I’ve got a PC thats infected with a trojan. Here are the details:
1. The threat is a folder named: RGGZS
2. It is located at: C:Program FilesCommon Files
3. It contains the following:
i. A folder named: res
ii. readme.mht
iii. trz2.tmp
iv. WNSO.exe
v. WSOREM.dll
vi. citing.dll
vii. SoBar.dll
viii. trz54.tmp
ix. WSOMAIN.exe
Each time I delete it manually, it actually goes…but immediately comes back/reappears. This has led me to believe that somewhere in my PC, it has an accomplice (which restores a copy of it) which is well hidden or disguised. I’ve tried AVG-AntiSpyware, Avast,etc. They can see this threat but can’t prevent its restoration once its deleted. I think this threat is the latest on the web. I don’t even know how it got into my PC.
What do you think…any suggestions/remedies/ideas? So far it seems to be slowing down my PC.
1. before you scan turn of system restore. sometimes they can hide in the drive space reserved for restoration.
2. have you tried scanning in safe mode? to get to safe mode, restart your computer and press F8 before windows starts loading. that will give you a list of options and from there select safe mode.
3. You’ve run anti spyware but what about anti virus? I know that on machines I have scanned AVG anti virus will pick up things that AVG anti spyware doesn’t.
4. Make sure your internet is disconnected or disabled when you run the scans. A small exe file might exist somewhere but it may be contacting the website it came from and running the infection again.
If those don’t work, ask again on here and I’ll think of some more answers.
Here’s some info about your infection
http://research.sunbelt-software.com/threatdisplay.aspx?name=Baidu.SoBar&threatid=92336
Adware Punisher win32 virus removal software
