Trojan horse Generic38.OZM Access denied deletion?

Valorek

Distinguished
Jan 12, 2014
104
0
18,690
virus in question: http://www.avgthreatlabs.com/us-en/virus-and-malware-information/pu/free/?var=1&utm_expid=34410884-35.CS_WEkTPR3ybFVKTDsXCHQ.1&utm_source=TDPU&utm_medium=SCAN&CTRY=us&LNG=us&PRTYPE=AVF&V=2016&AI=-1&BE=21198549&IDNT=QEVJRF9JZF90cmp8JW5hbWUlPUdlbmVyaWMzOC5PWk0&IDN=YzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxBVkdcRnJhbWV3b3JrXENvbW1vblxhdmdzdmNhLmV4ZSAoMzc4MCk

Yes hi, first of all Ill try to keep this at short as possible, my apologies this is my first virus...

I have a custom rig I built myself roughly a year and half ago has not had any issues up until now...

OS:Windows 10 Home
AV:AVG, and Malwarebytes
Memory: 16gb DDR4
Board:Crosshair V Formula Z Asus
CPU: AMD FX 8350 on water (Apogee XL waterblock)
Graphics: Nvidia GTX 780ti on water (Custom loop, EKWB Waterblock)

So recently I was doing the normal daily virus scan not unsupervised and AVG discovered the same trojan (Description in title) 12 times it has secured 11 of them but 1 remains present with the same name and it says access denied when trying to remove...

a window then pops up saying your computer will restart in a few moments something went wrong...

So it restarts...then i run the scan again and exactly picks up the same 12 trojans then same window pops up saying restart soon.. I'm really not sure how to tackle this I''ve tried multiple things but thats why im here hopefully to get this resolved by someone who knows more.

AVG Description of issue:

Threat: Trojan horse Generic38.OZM
Object name: c:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (3780)


Things I've tried..

1.Booted in safe mode and tried full scanning and rootkit scanning the whole computer.
2.Ran malwarebytes, only found 1 PUP but was not tied to the trojan (removed it)
3.Cleaned out registry using CCleaner, found 40 errors, still did nothing.
4.Windows 10 and AVG are always up to date double checked.(latest definitions)
5.Lastly tried to unregister the module in question using command prompt with admin rights
I also made sure that the entries were all correct, upon trying to unregister windows said it could not detect the file? wierd
6.Performance is not affected at all
7.No odd tasks are running in task manager that i could see.
8. There is also no network packet loss what so ever My ping is 20ms
9. There is also only 1 account tied to this computer(me) no other accounts I even looked to make sure no other accounts were created.

The last thing I need to mention is when i got home from work a few days ago my fiance was watching a movie from a burned cd... I'm assuming this data came from a torrent website just guessing? and perhaps maybe this is where it came from..

Anyway thank you so much for your time and effort in reading this, I really hope i can get this resolved soon.
 
Solution
Im personally using the free version of avast, and i'm careful with the connections that i have outgoing and incoming( I'm an IT student ), so i guess it helps a lot with another barrier that avast is actually providing me. I have this computer for 3 years and it's still going pretty well with no virus showing up with scheduled scans once every 2 weeks !

P.S. i actually have encountered people coming to me with their systems unable to boot up and the cause of it was actually some AVG file they have in their systems, so i personally wouldn't recommend AVG AV software to go along in any systems.


This is why I dont got with AVG. Try install another brand of virus scanner and do a scan.
 


I appreciate your opinion Kevin but this does not resolve my issue at all nor is it relevant however I might consider switching after I gather more insight from other professionals if it comes to that As I have not had a 1 virus since i built this computer with AVG for a year and half so. Anyway, thanks
 


You can try installing avast, and disabling AVG first. Run a full scan. if it still detects the the AVG file is a virus then i'll say, do a full uninstall for the AVG program.
 


See i had avast for awhile and then bought AVG I never had problems with avast, just knew that the avast team was not that large and i just jumped to the conclusion that they were not that popular but I guess i could be wrong.
 
Im personally using the free version of avast, and i'm careful with the connections that i have outgoing and incoming( I'm an IT student ), so i guess it helps a lot with another barrier that avast is actually providing me. I have this computer for 3 years and it's still going pretty well with no virus showing up with scheduled scans once every 2 weeks !

P.S. i actually have encountered people coming to me with their systems unable to boot up and the cause of it was actually some AVG file they have in their systems, so i personally wouldn't recommend AVG AV software to go along in any systems.
 
Solution


Gotcha! thanks for the consideration I might check that out! I feel sorry for those people that are having those issues I never experienced a POST error before or even a boot error haha

 
Running windows 10 here as well, same exact problem as you pretty much down to the letter. Ran Rkill and Malwarebytes, came up completely clean. I ran a safemode scan successfully with AVG, and came up with this, "program(c:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe (1868) Trojan horse Generic38.OZM". I find it odd we both had the same problem on the same day within hours of each other, it's possible AVG might be conflicting with Cortana or some other windows program.

I would post the AVGrep text file but I'm not sure what's safe to publicly post or not.
 


Same problem here since last night. Tried safe mode scanning with multiple AV. Only AVG detects this problem. As OP stated, AVG cleans some instances butWindows forces shutdown before the scan completes.

Never had such a problem removing a detected virus before.

Edit: Have also run scans in Normal mode, again only AVG reports any detections.

AV tried: AVG (detects), Malwarebytes, SuperAntiVirus,
Windows Defender. Also run SFC.
 
Hi,

I'm also getting the same exact issue on (4) computers. Valorek's description is right on it. By the way Google does not return many results on Generic38.ozm.

Here are some more observations :
- Using AVG business edition with a console listening to (9) stations
- Got a first infection AVG e-mail around 4pm yesterday.
- As I was in the AVG console and talking about it with the user a second station got "infected". They are on the same wi-fi network but they can't "see" each others. That other station was just powered up by the user
- While investigating, My own station got "Infected". I'm on a different network and only connected to the 1st station with Teamviewer.
- AVG scans were all leading to the "Computer will shut down in 1 minute" pop-up
- The common point at that time was that we had just Update the virus database from 13119 to 13120
- The (2) users station were shut down and I kept working on mine.

- Recovered my station to Sept 29th
- In the meantime AVG published virus database 13121
- Ran AVG scan with no problem
- Concluded that it might have been a false positive in 13119.

- This morning another station is being "Infected"
- Virus DB is 13123
- Previous conclusion was wrong.

It is all too weird that we are all seing this only with AVG and at the exact same time without sharing network and most likely web sites. Our common point I think is W10 and AVG.

- This morning W10 is asking me to restart to install (KB3194496) that I had reverted from by making the Sept 29th recovery.
- That would coincide with all other occurrences except that I have another station that went thru the same upgrades and is not being "infected".
- That station act as my server and runs the Pro version of W10 while all others are Family editions.

I will apply (KB3194496) and see how it goes...

Michel

Update 1 :

- I have reapplied (KB3194496) and the AVG/W10 must restart problem resurfaced.
- I have uninstalled (KB3194496) and was able to run an error free AVG full scan.

How to (Translating menu option from my french version...)

Parameters > Security and updates > Update history > Uninstall updates > "Select (KB3194496)"

More observations :

W10 Family + (KB3194496) + AVG + Chrome = Problem and Generic38.OZM detection along with AVG crashing
W10 Pro + (KB3194496) + AVG + Edge = No problem

- Are one or more files infected in (KB3194496)?
- Is AVG showing false positives?

My computers are now working like they were yesterday but I'm not 100% reassured.

Michel.

Update 2 : There are more issues with others that translates in the update itself crashing. See Microsoft thread here
 

Had this issue too. I started to believe it was a false positive. But there was something that didnt really behave like a false positive usually do.
I have now however removed said windows update since I read on the AVG website that there was some issue with the update. Now i wonder, as I just uninstalled AVG and is now running bitdefender. Did your AVG find any infections post update uninstall?
 


To answer your question, after the (KB3194496) cumulative update being uninstalled, AVG is not detecting any infection.