Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

downloader.generic.ueo?

Status
Not open for further replies.
sidmickmol

sidmickmol

IS-IT--Management
Jan 14, 2006
35
US
Is this a new variation of the Downloader? I received a PC with the usual severe adware problems and their copy of AVG free that is updated identifies the remaining problems as downloader.generic.ueo. I've tried the usual known cures. Oddly when you go to housecall.trendmicro.com the page moves around a few times (just a little) and then seems to run. It has removed other stuff (this pc was loaded) but I haven't had time to run it again. I'm currently running something called the cleaner and will see how that one does. I've not been able to google anything using the complete name with the UEO. I'm sure you all now there is alot written about the downloader. Any thoughts? At this point, I'm just trying to avoid the backup, reformat and reinstall.
 
Sort by date Sort by votes
I can't believe I didn't think to run hijackthis. It did point out somethings I didn't catch. Will see how it goes.
 
Upvote 0 Downvote
Post the log on here if you can. We will go through it.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
This is getting strange. (I've worked with a lot of Hickackthis logs (sorry can't post this one yet.) It did help me point out how the file that AVG was identifying as trojan.downloader.ueo I was able to change the attributes of the file, rename it, and delete it. Then I created a text file and renamed it to the name of the problem file so it wouldn't be put back. Then Hijaak this found a registery entry to a file named userinit.exe that was putting back a file that I had deleted several times that would show up in windows/system32/yQQbefg.exe (Not exactly the file name) so I found userinit.exe and delted it. It looks like that was a mistake now as I can't book into a GUI desktop or even safe mode.
 
Upvote 0 Downvote
PS the Userinit.exe file had a date that ended in 2006, I didn't think the virus might have replaced a legit windows file. This is getting ugly.
 
Upvote 0 Downvote
userinit.exe is part of windows , go into restore mode and try this

expand -r x:\i386\userinit.exe C:\Windows\system32

x=the drive letter of your CD-ROM...

or winnt if ntfs.

let us konw if this helps

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
I mean recovery mode not restore lol

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
I thought of that and it did get it running and I'm back to fighting the virus, I am probably going to contact the customer about reformatting.
 
Upvote 0 Downvote
Actually ill give you a few things to get rid of it.





Run the top 3 in safe mode, full system scans, then perform a full system scan with the last one in normal mode


that should take care of it. If not let us know

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top