Cleaning Your System of the Nasty - Dropper.Generic_c.MMI Virus
I Truly Hope This Help the Management of Your PC
This is a communal post - I cannot take any responsibility for anything that happens. This fixed the virus problem for me and there was no good, 1 stop place for finding out how to fix the problem, get the files for fixing it, and doing things in the right order. Use at your own risk. Any comments, I will try and help.
I think I got the virus from fixing one of my friends hard drive. It was throwing bad blocks and would only boot periodically. I pulled the laptop HDD and used Stellar Phoenix for the heavy lifting.
I got the Trojan Horse Dropper.Generic_c.MMI virus which seems to be able to attract other viruses and does the normal stuff like shutting down your anti-virus. I use solid anti-virus software but circumstances can prevail and let one in. Regardless...
The steps I took were rather easy. The virus was the type that did wierd things but nothing to shut everything down. These are actually the worst because sometime you don't know you have it and it could run wild for a week until a full scan, down to the rootkit is done, on a normal weekly virus scan (even if resident sheild is on).
Using Another PC!!!
Step 1a - Arm Yourself
Step 1b - Caveat - There are many sites that list the following files but are viruses themselves. Do your level best to find a legitimate site. I think I got half lucky and half disciplined about where to download them from.
I downloaded iexplore.exe, rkill.exe, and rkill64.exe first. These are currently on our companies web site util we're told to take them down or hackers try and get at our site.
Then I downloaded tdsskiller.exe
Last I downloaded mbam-setup-1.62.0.1300.exe (I ended up not using this because my normal anti-virus was functional by this time)
Here they are (note: if anywebmaster lays claim to them I will imediately taken them down or redirect to you site).
www.agilitynetworks.com/images/files/rkill.exe
www.agilitynetworks.com/images/files/rkill64.exe
www.agilitynetworks.com/images/files/mbam-setup-1.62.0.1300.exe
www.agilitynetworks.com/images/files/iexplore.exe
www.agilitynetworks.com/images/files/tdsskiller.exe
www.agilitynetworks.com/images/files/services.exe
please be aware of the caution in step 11 regarding services.exe
Step 2 - Using a thumbdrive, fob, or whatever you call it; move the three files to your infected computer - put them on the desktop where you can see them.
Step 3 - Extract the Extractable Files
Only one of the aforementioned 3 files needed extraction. Run the rkill.exe and it will extract into several files (I believe it reads the type of PC you're running 32 v 64 bit) and places extra files (all with the same icon so it's pretty easy to see what it creates).
Step 4 - Give the Apps some room:
Close as many programs as possible. Closing all is what I did. I left my normal virus protection running.
Step 5 - Stop the bulk of problem
Run the apps in this order:
rkill64-9802
rkill64-9887 (this one caused a reboot but there was no harm)
rkill64-9907
rkill64-9913
tdsskiller.exe
Step 6 - Reboot
Step 7 - Run a full virus scan selecting all options for what it can check
(like rootkit viruses, etc.) with your virus protection software - AVG, Kasperski, Symantec. 75000 viruses were detected on this particular computer, I let it run overnight in high-priority mode (not available on all virus protection software suites - but I beleive it finished in a couple hours).
Step 8 - Dropper.Generic_c.MMI is still there and you have to continue on... you need these very important steps below
Find the EXACT same type of computer "Windows 7 64 bit" or "Window 7 32 bit" and copy the c:\windows\system32\services.exe file. Put this on your desktop. The one I have available for download is for Windows 7 64 bit.
Step 9 - Open the Task Manager
There's many ways to do this but the sure-fire way is to click the Start button, type cmd, a command screen will appear and then type taskmgr. Your task Manager will start.
Step 10 - Kill All Running Instances of svchosts.exe
Click the "Processes" tab in the Windows Task Manager and scroll to find all instances of svchosts.exe running. Right-mouse click each one and select 'End Process Tree"
Step 11 - Open a File Explorer and navigate to c:\windows\system32.
Then rename the services.exe file to services.exe.old. Then copy the previously downloaded services.exe file from Step 8 and copy it into this folder. Depending on how the folder files are sorted you should see services.exe and services.exe.old listed in the directory.
Step 12 - Test
Reboot the computer, open an Internet browser and do a few Google searches. If no other screens, tabs, or pop-ups appear - you're probably in the clear. Set your virus protection to run every night for a few nights with all of your external drives turned on (just so it checks everything) and it should be ok.
The whole process took 1 day but I was at the computer following these steps for about a total of 2.5 hours. Not bad for a bad infection.
www.agilitynetworks.com Agility Networks, Inc.