Hey all
Want to contribute for my first post, rather than "hit-n-run"
I had a dreded Generic9.AERR backdoor trojan attack one of my PCs. I tried AVG, McAfee Enterprise(at work), and Spybot. I also tried unlockers such as killbot.exe and unlocker assistant. The .dll was very attached in my system32 folder. I did some cross refrencing with a computer sitting right next to the one I was doing work on. I noticed that dfshi.dll is a clone of a used "dfshim.dll" file. I guess they were trying to outsmart virus scanners. Well, after reading alot of things on the internet about how to do this and that and then post log files... So I decided to break out the trusted BartPE bootdisk. I used the boot disk to boot from and scanned thru the files to the .dll in my system32 folder. Well, in short, I deleted it. Since I was booted from a boot disk, I got NO errors, NOTHING. Just a clean, virus free PC... Hope this gives a few people some insight on what to do for the stupid Generic9 backdoors.
Google BartPE for the download locations.
Peace
j0nnyf1v3

Just to let you all know, I am rather versed in the ways of operating systems and their required .dlls. This is a more advanced way of finding infected, or masked .dll's. I would not reccomend this treatment UNLESS YOU KNOW which file is infected and if you need it. I would run a virus scan, copy the test results, and search the infected files on Google and see if they are known hooks for viruses. You DO NOT WANT TO JUST DELETE any dll.... Unless you like doing recoveries. Such viruses as kathyros are easy to indentify, well, because the name of the virus is in the .bat name.. Easy to blast away. Generic9's, however, will mask themselves as operating system .dlls making it harder to identify.