Home > Trojan > BackDoor.Generic11.ZNE

BackDoor.Generic11.ZNE

July 5th, 2009 Leave a comment Go to comments

What is BackDoor.Generic11.ZNE?

BackDoor.Generic11.ZNE is a trojan horse that can secure remote access on an infected computer without proper authorization from the owner. BackDoor.Generic11.ZNE infects executable files on the computer and has the ability to kill any security programs installed.

Type Trojan
Sub-Type Downloader
Aliases  
OS Affected Windows
Detected By AVG

What BackDoor.Generic11.ZNE Does?

The threat will drop the following malicious files:

  • /Windows/System/SKYNEToiprpjby.dll
  • /Windows/System/hjgruidrtsrfiu.dll
  • /Windows/System32/hjgrimimnbbxb.dll
  • /Windows/System/[Random Letters].dll
  • /Windows/System32/[Random Letters].dll

How to Remove BackDoor.Generic11.ZNE Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, on the right pane delete any value similar to mentioned above.
- Click Edit>Find and look for “Skynet” and delete all it finds

3. Delete malicious files that the threat added
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search and search for the file/files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

Automatic Removal of BackDoor.Generic11.ZNE

1. Download TrendMicro Sysclean and pattern files here. Save all files on the new folder.
2. Extract all the downloaded files on the same folder.

3. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

4. Go to Sysclean folder you created and run the extracted file SYSCLEAN.COM
5. It will start virus scanning and clean/delete infected file.
6. Reboot your computer in Normal Mode and do another scan with Sysclean.

Categories: Trojan Tags:
  1. jjj
    July 6th, 2009 at 15:03 | #1
    Reply | Quote

    holly!!! S!
    disaster, i have tried above, but skynet no where to be found.
    avg reports backdoor generic11.zne & hjguiimnqolbq.dll file keeps getting caught by it, but even under safe mode and above autoclean – no go.
    virus still alive and well, im not so good!
    my restore points are gone(not that this would have fixed it)and no more help on web??

    manual search no good as above details of skynet etc are non existent in registry?

    plssss help

  2. maudie16
    July 6th, 2009 at 18:32 | #2
    Reply | Quote

    Sam problem as jjj,

    but the dll file name is hjgruiisxydifq.dll at my place. Restore points also gone.

  3. smiley
    July 6th, 2009 at 22:16 | #3
    Reply | Quote

    Many users that have been having this issue, downloaded “MALWARE” removal kits.

    This is a big no no. Anything with the word MALWARE in it, is a virus magnet.

  4. shaglo
    July 7th, 2009 at 15:30 | #4
    Reply | Quote

    hi all

    also tried the above manually but threat still their please help am i missing something maybe

    thanks in advance

  5. jjj
    July 8th, 2009 at 04:40 | #5
    Reply | Quote

    ..wasnt malware, just made mistake in web travels, and executed a file i shouldnt have_the infection soon followed..
    either way, some method of removal would be appreciated.

    ran trend micro in safe mode, found it but failed in moving/deleting the exe. the virus has made itself invisible even in dos mode when i dir windows directory when it resides??!! rrrrr!*!

  6. maudie16
    July 8th, 2009 at 20:43 | #6
    Reply | Quote

    Hi,

    I repaired it with Combofix and it’s gone.
    try it and let me know.
    good luck with it.

  7. shaglo
    July 10th, 2009 at 14:57 | #7
    Reply | Quote

    i finally succeeded to get rid of the virus using the above instructions it worked perfectly the only thing that took time was finding the files and deleting them they were everywhere in the windows folder

  8. smithers357
    July 11th, 2009 at 15:45 | #8
    Reply | Quote

    Does anyone have experience with getting rid of this thing from Windows Vista??? I’ve tried AVG, Malwarebytes, and Spy Bot in regular and safe mode… and everytime i think it’s gone… my AVG Resident Shield keeps picking it up in System32\hjgruimempuvue.dll. Please help out! Thanks!!!

  9. Simon
    July 17th, 2009 at 00:06 | #9
    Reply | Quote

    Just download trojan remover and it will detect the virus right after installation

  10. rpmfarley
    October 18th, 2009 at 19:35 | #10
    Reply | Quote

    find or create a clean boot disk on a clean pc and run it. anti virus software will not remove ANYTHING including viruses from files that are running. so if virus has infected files necessary to run for booting, the virus will not be removed from them and it will keep infecting others that you just cured every time you start up your pc. i had this problem with virut. if you ceate a boot disk for your pc to boot off of, your system boot files will not run and you will be able to clean them. Run anti virus program after boot disk boots up your pc. use dr web it works quite well. once you are finished, run anti virus again to insure it is all gone. Than remove boot disk and restart allowing pc to boot itself. this should work. if not consider reformatting and reinstall. You’ve officially been hosed and lost the fight to regain control of your pc. do this before it infects others. Oh and one more thing, as soon as virus is detected. or your system is showing signs of infection, immediately disconnect from web to avoid passing virus to others and than back to you once pc is cleaned

  1. No trackbacks yet.