I also have the generic27 problem and can't get rid of it yet.
Here is where I'm now:
I did the offline fixmbr procedure from the XP CD
Rebooted into the AVG rescue disk
Updated the rescue disk (priority 2 - database update)
Scanned boot sector (no infections found)
Performed a full scan (Default options = arc,heur,pup,pup2)
Detected several instances of generic27.ARZX and generic27.PN on DLL's in WINDOWS\system32 and on desktop.ini on WINDOWS\assembly (title shows identity alert)
I repaired them from inside the rescue disk
Rebooted into windows
AVG started reporting infections as soon as windows and AVG loaded
Ran GMER (both autostart and antirootkit), MSINFO and saved the attached result files.
I suspect the virus generates wifi activity, I'm afraid it is stealing my info.
Does reinstalling XP will clean it? I'll do it if its the only solution.
Since every step made the situation worst, I took the "hard" way and reinstalled XP. I deleted the partition, reformated it and reinstalled. First thing was to do an offline AVG update as described above, then reinstalled drivers and connected to internet. The infection seems to be gone according to AVG.
I have one more question:
To make sure the infection is gone, I tried to run the rescue disk I have. After reinstalling XP the rescue disk cannot connect to internet. I thought reinstalling XP would do nothing to rescue cd because its a complete different OS. It should only be affected by bios and the internet connection, which I didn't touch. The internet connection is running fine on the reinstalled XP environment and in other computers in my network? Any suggestions to enable internet on the rescue cd?
BTW, how is it that the rescue CD connects to internet? I am never asked to provide my wifi password. Or was it doing it thru the wired ethernet card?
Suddenly I received a BSOD with driver_irql_not_less_or_equal and atapi.sys
I restarted the machine, but now the windows xp logo screen stays for as much as 5 minutes. Programs are very slow to load. AVG is active but doesnt reports any infection.
Am I infected again? Is there anyway to get rid of this? Since I already did a clean XP installation I'm willing to do it again or if necessary, buy a new disk (ouch).
Now I'm running another rescue disk scan. Now it's able to connect to internet again.
As suggested in post 195366 by nemethste, formatting drive may not help when there is MBR infection present.
If you are willing to perform another reinstallation, try to delete all partitions, then create single partition and perform full format on it.
Afterwards, follow [url=forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=147645]How To Restore The Master Boot Record[/url] - Offline mode.
Only then proceed with reinstallation of Windows.
Make sure to install AVG prior to installing or downloading any other software.
AVG Rescue CD should connect via ethernet cable. Since you were able to connect with it again it is possible that the cable was unplugged or due to some temporal issue with connection/CD.