Spyware, Viruses, & Security forum

General discussion

Help With Removing Generic Downloader.o

I'd greatly appreciate your assistance on the following matter:

Shortly after visiting http://www.safelyinvest.com, a McAfee prompt came up saying I had acquired a trojan (unfortunately, I didn't take note of the exact wording). I then had Virus Scan try to take care of the problem, but it could not clean, move, quarantine or delete the trojan. So, I closed it and tried SpybotSearchandDestroy. That didn't do anything either. All it told me was I had no immediate threats.

My DAT and engine files are up date, at least that's what I'm told at
http://www.amiuptodate.com/vsc/intro.asp.
I've also tried scanning in safe mode but to no avail.

My details are as follows:

Build: 10.0.27
Engine Version: 5100
DAT Version: 4848
DAT File Created: 9/8/2006

McAfee OAS details:

9/8/2006 2:36:05 PM ''C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QVQZEDAV\safelyinvest[1].htm''

''Generic Downloader.o'' ''1''

6/29/2006 6:41:56 AM ''C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SL23KH2N\prv9182636[1].php'' ''VBS/Psyme'' ''1''
6/29/2006 6:44:13 AM ''C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\K5A7GDYV\prv9182636[1].php'' ''VBS/Psyme'' ''1''
6/29/2006 6:45:19 AM ''C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SL23KH2N\prv9182636[1].php'' ''VBS/Psyme'' ''1''
6/29/2006 6:45:55 AM ''C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\UJ0NA9G1\prv9182636[1].php'' ''VBS/Psyme'' ''1''
6/29/2006 6:46:29 AM ''C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\UJ0NA9G1\prv9182636[1].php'' ''VBS/Psyme''
''1''

SYS800-10-2K
P3 800MHz, 128MB RAM, 10 GB HDD, Win2K

System:

Microsoft Windows 2000
5.00.2195
Service Pack 4

Computer:

x86 Family 6 Model 8 Stepping 6
AT/AT COMPATIBLE
129,260 KB RAM

No Firewall installed


Thank you all!

Discussion is locked
You are posting a reply to: Help With Removing Generic Downloader.o
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Help With Removing Generic Downloader.o
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Hi, Marimari! Since ALL the Files You Have Listed Are .....

In reply to: Help With Removing Generic Downloader.o

in temporary Internet files you will basically have to empty them. The easiest way I know (with future benefits to boot for next time) is to Download & Install CCleaner. It can be done manually but CCleaner will get them all in a very short time.
Get CCleaner (Freeware). It's not an AV but an extensive temp/cache/application cleaner.
Download (& print out for reference) the Help file (descriptions of items to be cleaned), then download, save & install either the "Slim"(suggested) or "Basic"(if you need additional language files) version.These versions are 100% adware/spyware free.
Additionally, add the download page below to your IE Favorites or Bookmarks list and use it to check for updates about once per month.
In "Options", click on "Settings" and uncheck:
"automatically check for updates" to prevent getting an undesirable (adware toolbar) version from built in updater link.
I run CCleaner immediately before & after each net visit as it only takes under 5 seconds to clean.I also have it set to auto-run at boot up.
Help file to print out:
http://www.ccleaner.com/help/fileclean.asp

Download Free Program Link:
http://www.ccleaner.com/downloadbuilds.asp

Since you're currently infected, after following directions below to install CCleaner, BUT BEFORE doing first cleaning, you will need to click on "Options" Button>then click "Advanced" & remove the check mark in box in front of: "Only delete files in Windows temp folders older than 48 hours".You need to empty ALL to be sure of removing infection.

Once you've run CCleaner & run another Virus Scan & come up as "no infection found"...You should re-open CCleaner and go in and re-check mark that same box for normal cleaning. Good safety feature for normal use.
Often, the first cleaning takes quite a long time as there is ofter a huge backlog of stuff that has been accumulating since day one. Once done cleaning usually only takes a few seconds.
You'll wonder how you survived without it. You're gonna Love it!!
Enjoy! Grin

Collapse -
Follow-up to Help With Removing Generic Downloader.o

In reply to: Hi, Marimari! Since ALL the Files You Have Listed Are .....

Thank you for the reply. I've downloaded and ran CCleaner. However, since the trojan wasn't being identified by both McAfee and Spybot before I ran CCleaner, how do I tell whether or not the problem is truly solved? McAfee only mentioned the trojan in its initial prompt, but when I ran it it said ''no infected files found.'' Thanks again for the assistance.

Collapse -
Follow-up to Help With Removing Generic Downloader.o

In reply to: Hi, Marimari! Since ALL the Files You Have Listed Are .....

CCleaner keeps reporting that the following files have been deleted, but, when I re-run it, it brings them up again:

CLEANING COMPLETE - (1.146 secs)
------------------------------------------------------------------------------------------
247 bytes removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\desktop.ini 67 bytes
C:\Documents and Settings\User\Local Settings\History\History.IE5\desktop.ini 113 bytes
------------------------------------------------------------------------------------------

I suspect the problem hasn't been solved. Any insights? Thanks again.

Collapse -
The 247b is Not a Problem. It is The Normal Start Info ....

In reply to: Follow-up to Help With Removing Generic Downloader.o

loaded at boot & is residual. Basic framework so to speak. If you did the original disable of "only delete temp older than 48 Hrs" and then re-enabled you should be fine. I get the same 247 (occasionally 515 a little later) when I start up. I only get O to be removed if I run cleaner and then run it again immediately after. Happy

Collapse -
Re: Help With Removing Generic Downloader.o

In reply to: Help With Removing Generic Downloader.o

Mari..

Since you've only recently, posted at the McAfee Forums, I would give them some additional time to get back to you. You said you tried scanning in Safe Mode. Did you try to empty your Temporary Internet Files?

According to McAfee, Generic Downloader.o, only requires disabling System Restore, but only for ME and XP not 2000. I'm not quite so sure it's that simple. I don't know, but it may be worth a try?

They will get back to you at the McAfee Forums. Give them some time. Since there have been quite a few recent reports of Downloader ''c'', ''a'' and ''g'', it might be more reason to stick with them. Unless, of course, someone here is able to help.

Sorry I can't be of further help..
Carol

Need I mention, your lack of a firewall? Wink

Collapse -
Re: Help With Removing Generic Downloader.o

In reply to: Re: Help With Removing Generic Downloader.o

Thanks for the response. Yes, I've tried to empty my Temporary Internet Files but I don't think its helped any. Thanks though.

Collapse -
You're welcome. Are you sure..

In reply to: Re: Help With Removing Generic Downloader.o

'However, since the trojan wasn't being identified by both McAfee and Spybot before I ran CCleaner, how do I tell whether or not the problem is truly solved? McAfee only mentioned the trojan in its initial prompt, but when I ran it it said ''no infected files found.''

Are you sure McAfee didn't block the intrusion and only notified you of such?? If you're saying ''no infected files were found'', and nothing is in quarantine, it just might be the case.

If you look at the name at end of the TIF's path, you'll see ''''VBS/Psyme'' . The files are also dated June 29th - with the exception of the first one. (If you haven't cleared your TIF's since June, I would suggest keeping CCleaner and running it on a regular basis.)

You also mentioned, 'CCleaner keeps reporting that the following files have been deleted, but, when I re-run it, it brings them up again. Everytime you go to a website, the Temporary Internet Files will be created. As fast as CCleaner deletes them, additional one's will be created. It doesn't necessarily mean they were deleted, but they very well could have been. If I haven't made myself clear, the article should explain it.

VBS.Psyme can come about as a result of email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc. The trojan exploits an unpatched vulnerability in Internet Explorer. Are you current with your dates? And lastly.. I may not be sure of much, but I am sure, without a firewall, you'll run into more and more of these problems.

Just my 2

Collapse -
You're welcome. Are you sure..

In reply to: You're welcome. Are you sure..

''Are you sure McAfee didn't block the intrusion and only notified you of such?? If you're saying ''no infected files were found'', and nothing is in quarantine, it just might be the case''

Yes, I'm sure because initially McAfee said it couldn't clean, move, quarantine or delete the trojan.

''You also mentioned, 'CCleaner keeps reporting that the following files have been deleted, but, when I re-run it, it brings them up again. Everytime you go to a website, the Temporary Internet Files will be created. As fast as CCleaner deletes them, additional one's will be created. It doesn't necessarily mean they were deleted, but they very well could have been. If I haven't made myself clear, the article should explain it.''

I understand that, but it keeps bringing up the same files time after time:
CLEANING COMPLETE - (1.146 secs)
------------------------------------------------------------------------------------------
247 bytes removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\desktop.ini 67 bytes
C:\Documents and Settings\User\Local Settings\History\History.IE5\desktop.ini 113 bytes
------------------------------------------------------------------------------------------

Thanks anyway.

Collapse -
desktop.ini

In reply to: You're welcome. Are you sure..

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GRAMMYS 2019

Here's Everything to Know About the 2019 Grammys

Find out how to watch the Grammy Awards if you don't have cable and more.