Hi
While scanning my PC (Windows XP Pro) with Ad-Aware AVG threw up a threat detected warning. In my Temp folder it found "Trojan Horse Back Door.Generic8.ZPK".
The problem is AVG can't heal it,delete it or move it to the virus vault.
I googled the virus but found nothing at all with this exact name, there are plenty of Generic Trojans out there though!
Whats the plan? Some C4? Or something a little less destructive?
Hope you guys can help!

Hello and welcome to PC Help Forum.

Can you do the "Prework" and copy n paste results back here on your thread?

Its Prework link in pink below.

I'm trying to do this but having a few problems in Safe Mode. One thing is although I can start AVG I can't access the net to Update (although I updated this morning so maybe we can skip this?)
nor can I find any "Settings tab" to implement the settings you suggest before scanning. I do have AVG Free so does this mean I need the full version?

Ok heres the file from HijackThis. As mentioned I couldn't generate a log from AVG Free but it hasn't found anything new. Also CCleaner has been run with no recurring files returning except a log file for Zone alarm showing this:
ZoneAlarm Logging Client v7.0.462.000
Windows XP-5.1.2600-Service Pack 2-SP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent, class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
ACCESS,2008/05/07,16:50:12 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 53335).,N/A,N/A
ACCESS,2008/05/07,16:51:24 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 9334).,N/A,N/A
ACCESS,2008/05/07,16:53:18 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 41394).,N/A,N/A
ACCESS,2008/05/07,16:54:40 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 3031).,N/A,N/A
ACCESS,2008/05/07,16:56:06 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 61476).,N/A,N/A
ACCESS,2008/05/07,16:57:40 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 65447).,N/A,N/A
ACCESS,2008/05/07,16:59:32 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 62844).,N/A,N/A
ACCESS,2008/05/07,17:01:44 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 17959).,N/A,N/A
ACCESS,2008/05/07,17:04:02 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 13074).,N/A,N/A
ACCESS,2008/05/07,17:06:28 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 24901).,N/A,N/A
ACCESS,2008/05/07,17:09:04 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 23516).,N/A,N/A
ACCESS,2008/05/07,17:12:04 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 25344).,N/A,N/A
ACCESS,2008/05/07,17:15:22 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 11934).,N/A,N/A
ACCESS,2008/05/07,17:18:40 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 35235).,N/A,N/A
ACCESS,2008/05/07,17:22:22 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 58947).,N/A,N/A
ACCESS,2008/05/07,17:26:32 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 43521).,N/A,N/A
ACCESS,2008/05/07,17:31:06 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 14247).,N/A,N/A
ACCESS,2008/05/07,17:36:00 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 19337).,N/A,N/A
ACCESS,2008/05/07,17:40:54 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 4919).,N/A,N/A
ACCESS,2008/05/07,17:45:50 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 21556).,N/A,N/A
ACCESS,2008/05/07,17:50:50 +12:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.1.1.3:Port 29809).,N/A,N/A

HiJackThis results see attached log.

Attached Files

hijackthis.log (7.4 KB, 1 views)

there's a few things in your log that need attention, most notably updating your java. That will close a few holes right there, you can do so at java.com. In the meanwhile, let's run combofix and see what that spits out:

We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Thanks,

v

Hi
Here is the ComboFix log and the new HijackThis Log.

Attached Files

	ComboFix Log.txt (12.2 KB, 1 views)
	hijackthis.log (7.1 KB, 1 views)