Trojan generic9.AOT HELP!!!

  foxykt89 19:10 24 Jan 2008

I have just realised I have quite a bad trojan generic9.AOT (so the anti virus says) on my new laptop! My avast anti virus found 1613 infected files and my AVG found 1428!!! It says they are not healable so I don't know what to do. They are in a folder called ' and also found one in 'a' in my user folder. Having looked at some other forums my best guess is that I got them from limewire. I recall a few months ago now attempting to download some software with the name crack.exe at the end (which I didn't know the significance of at the time) Please help I don't know what to do! Thanks x

  mfletch 19:20 24 Jan 2008


Download SAS Superantispyware,FREE version

click here

And do a scan in safemode,

1/Click Start and then click Turn Off Computer.
2/In the Turn Off Windows dialog box, click Restart, and then click OK.
3/As your computer restarts but before Windows launches, press F8 repeatedly.
4/Use the arrow keys to highlight Safe Mode, and then press ENTER.
5/If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.
Note: If Windows launches before you can choose a safe mode, restart your computer and try again


  p;3 19:44 24 Jan 2008

please clarify which antivirus program(s) do you have installed?

' I recall a few months ago now attempting to download some software with the name crack.exe at the end '

from memory I think you may be somewhat infected

have you been doing P2P stuff on there?

of interest, did the new laptop come with Norton preloaded and if so what did you do with the Norton program?

  skidzy 20:03 24 Jan 2008

Some sound advice above from Mfletch,follow his instructions.
However i think you may need more specialist help with so many infected files.

Is a restore to factory settings out of the question for you ?

I say this as its a new computer.

You probably got infected via Limewire,i wont ask what you where downloading !!

Have you used Kazza recently ?

One possible explaination click here

The problem you are going to have in trying to remove this Worm or its variant,is that it will reproduce on a restart of the computer.It has many variants and will be extremely hard to find all the registry entries and locations that are infected.

You can of course ask for help click here you will need to run Hijackthis click here and copy the log and post this at the Malwareremoval forum.You will need to register.

Personally i would restore to factory settings based on the information you have given.

I doubt backing up anything will be of use,as this more than likely infected also.

  foxykt89 23:24 24 Jan 2008

Thanks for the advice. Do you think taking it to a professional would be the best option? It hasn't actually done anything to the computer itself in terms of performance. The only trouble with restoring to factory settings is that I'm a student and have a lot of work on here, i also have lots of photos i would not want to lose. The AVG says not healable/deleteable but has quarantined the files. I downloaded the superantispyware suggested by mfletch and ran this, it only found 11 infected files, why is this? thanks for the help guys

  skidzy 07:09 25 Jan 2008

To cleanup this computer fully,follow my above advice regarding the Malwareremoval forum using Hijackthis.

Please be paitent once you have posted your log.The experts will get to you and help you with the cleanup.

  foxykt89 16:23 25 Jan 2008

I have realised that my important work is on my memory stick so I'm not too worried about losing stuff on my laptop. I think I want to go for the restore to factory settings option but i don't know how to, all i can find is restore to a restore point (which I can't be sure there is one before i downloaded the file)

  skidzy 18:11 25 Jan 2008

Ok,Firstly try tapping F10 or F11 on startup (may take a few attempts) we are looking for a recovery partition that will give you three want restore to factory settings.

This can be checked by looking in Disk Management

Assuming Vista as its a new lappy,click ;

Start / Right click Computer / Manage / Storage / Disk Management.

Under Disk 0 what is listed,post these details back here ?

You may have a recovery cd/dvd that came with the lappy,or you would have a program in all programs that creates the recovery disc....can you varify this ?

Please also post the make and model of the laptop.

  foxykt89 18:45 25 Jan 2008

Ok in disc 0 there are 3 sections: 1 no name- 'Healthy (EISA Configuration), 2 acer (C:)- 'Healthy (system, boot, page file, active, crash dump, primary partition)' and 3 data (D:)- 'Healthy (primary partitiion). If I had a progamme to create the disc what would it be called? I did not get the cd with my laptop. My laptop is an acer aspire 5633WLMi. What i have done so far is restored the computer to the earliest point which was 19/11/07, i can't really be sure that i hadn't downloaded this file before this date. I searched for 'crack' in search and found the folder: ' , however this time the folder didn't contain any files and i deleted the folder. I found it odd that some programmes i had downloaded after the restore point eg. avast antivirus were still on the computer, is this normal? i re-downloaded the free avg and ran it, it found 1 virus- trojan generic4. but then looking into the virus vault there were still the 1428 other files as before. Is the restore factory settings advisable? i want to ensure all these viruses are gone and won't come back! thanks for all the help so far

  skidzy 20:26 25 Jan 2008

Apparently the Acer has a recovery/restore partition that can be accessed via the bios;

With Acer you get a partition on the hard drive which contains a ghost copy of the C drive when you first get the laptop. You can access it through the BIOS, and it restores the laptop to factory settings pretty much by formatting and installing the partition drive to C. from click here

Personally ive never seen a restore partition accessed from the bios.

If you eventually get this computer back to factory settings,i would think twice about using p2p software !!

  p;3 22:00 25 Jan 2008

you are perhaps wasting valuable 'cleaning' time as you have not yet registered with the malware forum to get specialist help to get this mess sorted out?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Les meilleures tablettes 2017