How to get rid of trojanhorse PSW.Generic3.YSB? Help please!

ravie75 · 28-04-2007, 07:47 PM

My PC is somehow infected with Trojan Horse PSG.Generic3.YSB. Affected file is c:\windows\system32\dllms.dll . Only AVG antivirus finds it. Spybot and/or ad-aware are unable to detect the trojanhorse. AVG (free version) antivirus heels the same; the infection keeps coming back. Object details under AVG says: Healable - No! The source is backup copy. I understand, after googling, that it is a dangerous malware which steals vital info from the PC.

Please help me solve the problem and get rid of the trojan.

the.kaushik · 28-04-2007, 08:01 PM

try other antivirus.. try with trial version of NAV 2007

boosters · 28-04-2007, 08:07 PM

NAV bad. use panda or Nod32 , they will help you.

anandk · 28-04-2007, 08:08 PM

had i been in ur place i wud v 1st done the foll :

disable system restore.
download deletedoctor from www.diskcleaners.cm and use it to delete the trojan c:\windows\system32\dllms.dll
reboot.
install/update a-squared anti-malware from www.emisoft.com. scan ur full pc with it. on completion, run ccleaner from www.ccleaner.com to clear up all pc junk.
reboot.

if matter stl persists, get ur hjt logfile autoanalysed at www.hijackthis.de
also see bleepingcomputer for more.

rakeshishere · 28-04-2007, 08:10 PM

use NOD32,KAV or NAV...and Do a PC scan...That will solve it...and Make sure the virus definitions are updated!

boosters · 29-04-2007, 12:33 AM

Last option use Bitdefender Online Scan.

Why don't you use all Antivirus Softwares and give the rating points

ravie75 · 29-04-2007, 10:01 PM

Hi Anand, thanks a lot. hijackthis.de gave all the clue required. I got my hijackthis.log autoanalysed and got further clues to solve the problem. The trojan had planted a folder 'Microsoft' in c:\program files and the folder 'Microsoft' contained SVHOST32.EXE. This malware was getting executed at win logon and created a file dllms.dll with infection.

Once again thanks for the help.

anandk · 30-04-2007, 09:09 AM

nice it helped.

jst repeating myself for ur sake : svchost.exe situated in the system32 folder is the legit ms process. situated anywhere else or scvhost.exe or svchost32.exe or svhost32.exe is (usually) malware.

ravie75 · 03-05-2007, 07:26 PM

Could not acknowledge any earlier as I was on tour. By the way, what is the best firewall software under freeware category in your opinion? (I do not have an adequate firewall for my PC. I am new to the forum, I do not know if there is any other section where i should ask for this info.)

rakeshishere · 03-05-2007, 07:39 PM

Quote:

Originally Posted by ravie75

Could not acknowledge any earlier as I was on tour. By the way, what is the best firewall software under freeware category in your opinion? (I do not have an adequate firewall for my PC. I am new to the forum, I do not know if there is any other section where i should ask for this info.)

Go For COMODO or Zone Alarm!

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine