Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How do you get rid of "Trojan horse Downloader.Generic_c.AFT"

Posted on 2008-11-17
Medium Priority
Last Modified: 2013-11-16
I got this today even though I use norton corporate edition that is up to date.  Any suggestions on how to get rid of this little devil?  I have runa virus scan, but it say it cannot heal the files.  I ran a registry cleaner, but that didn't work either.  I would really like to not have to format and reload.  
"Trojan horse Downloader.Generic_c.AFT

Open in new window

Question by:cmwinchester
LVL 20

Expert Comment

ID: 22978804
Does it give you any info. on the name of the file? Location? ect...?

It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.


Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Expert Comment

ID: 22978813
LVL 27

Accepted Solution

David-Howard earned 2000 total points
ID: 22978931
I recommend downloading and updating malwarebytes.
You can get it free from www.malwarebytes.org
Once updated, reboot into Safe Mode (F8 at startup) and run a scan.
You should do this with your current antivirus product as well.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.


Author Comment

ID: 22978977
I tried AVG and got a similar response to Norton, saying that the specified file could not be found.  I am attaching my Hijack This Log.  Thanks for the help!!
LVL 27

Expert Comment

ID: 22979138
Check and remove the following entries.
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
If you haven't downloaded Malwarebytes yet, please do so and run a scan in Safe Mode. (F8 at startup).
LVL 20

Expert Comment

ID: 22979153
These are bad:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O2 - BHO: getfn32.msiets - {21A237A4-3A94-4198-911D-647ED2263DD2} - C:\WINDOWS\system32\getfn32.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll

Can be fixed with HJT. And the files/folders should be removed if still present. I would still advise running MBAM.
LVL 20

Expert Comment

ID: 22979162
Beat me to it David...

To clarify....
For file deletion,

Delete this one: C:\WINDOWS\system32\uesiuqcr.exe
Not this one: C:\WINDOWS\system32\userinit.exe

Expert Comment

ID: 24660908
how do i get rid of the virus trojan horse

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question