Tech Problem Aggregator

Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331, Both Located In My Temporary Internet Files Folder.

Q: Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331, Both Located In My Temporary Internet Files Folder.

Here is my HijackThis Log:Logfile of HijackThis v1.99.1Scan saved at 9:07:22 PM, on 10/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\SYSTEM32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\windows\Explorer.EXEC:\windows\system32\nvsvc32.exeC:\windows\system32\svchost.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\windows\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeE:\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Softwin\BitDefender9\bdmcon.exeC:\Program Files\Softwin\BitDefender9\bdoesrv.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\windows\system32\ctfmon.exeC:\WINDOWS\NCLAUNCH.EXeC:\Program Files\GetRight\getright.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-InternetR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exeO4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exeO8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dllO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

A: Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331, Both Located In My Temporary Internet Files Folder.

Reboot into Safe mode then follow these steps.Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet ExplorerGo to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu on the left side of the Options window.Click the Clear button located to the right of each option (History, Cookies, Cache).Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.Does that remove them?

2 more replies
Answer Match 225.6%

Help,

Nothing seem to work. I tried scanning with BitDefender but beside finding the virus, it cannot put both virus in quarantine.

I tried doing the technic that includes, rebooting in safe mode, using ATF Cleaner then doing a full scan with ewido (ewido 4.0). But ewido cannot spot the virus.

Can anyone help?

A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331

I just updated to AVG Anti-Spyware 7.5

2 more replies
Answer Match 94.92%

To Whom it may concern. On July 9th AVG Free Edition found the virus JS/Psyme which it was unable to heal and since then i have received numerous Trojan horse Generic 10 viruses that AVG states it healed but continue to hamper the performance of my computer. (Generic 10. BDVA, BEIA, BEWK, BAZL, BCCW, BVRB, BCQA, BCPW & Generic 7.SOQ & Agent AHMX. Im totally out of my witts here and i need some help. Thanks in advanceDeckard's System Scanner v20071014.68Run by Jean Marc McLean on 2008-07-27 11:25:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-27 15:25:32 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 23:00:59 UTC - RP3 - System Checkpoint2: 2008-07-24 03:36:00 UTC - RP2 - Software Distribution Service 3.01: 2008-07-24 01:23:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 11:31:17Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32&... Read more

A:Infected With Trojan Horse Generic 10 Bewk And Other Generic 10 Trojans

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NEXTPlease visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512

2 more replies
Answer Match 94.92%

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

2 more replies
Answer Match 91.14%

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

2 more replies
Answer Match 89.46%

I was performing a Panda Scan to check my system over today and the results indicated I have a generic malware infection.

After that I scanned with SpyBot Search & Destroy, Ad-Aware, and AVG Antivirus but nothing was found.

How can I remove this infection?

Here's the Panda Scan Report.

Incident Status Location

Virus:Generic Malware Not disinfected C:\System Volume Information\_restore{0E3F8F60-7697-482D-BE8B-6BF847CB234F}\RP662\A0041011.exe[TS25V1.0.dll]

I also scanned with HJT and here's the logfile for that.

Logfile of HijackThis v1.99.1
Scan saved at 4:26:30 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kirby Alarm\kirbyalarm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft... Read more

A:Solved: Generic Malware Located

11 more replies
Answer Match 88.62%

Hello,

I noticed last week that my browsers (Mozila and IE) were not working properly: all the searches I was doing were redirected. I can't access to some websites as this one or McAfee...
I can't update my McAfee Security Center software nor perform a restore system and Malwarebytes doesn't launch.
McAfee found the following trojans: Generic.dx, JS/Tenia.d and Generic PUP.z and I deleted them. However, my problems are still not solved. I was wondering if someone here could please help me to fix theses issues or if I should just reformat my hard drive (will this get rid of all viruses/trojans for sure?)?

Thanks in advance for all your inputs!
Fanny

You'll find here below the contents of the DDS.txt log:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Fanny at 13:11:49,90 on 26/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.509 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\... Read more

A:Infected with Generic.dx, JS/Tenia.d and Generic PUP.z

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

3 more replies
Answer Match 82.74%

i accidently deleted my temporary internet files folder - now i can not connect to the internet - what can i do to fix this problem?
 

A:Temporary Internet Files Folder

16 more replies
Answer Match 82.74%

This folder is empty and does not fill even when I have browsed around for a while. Whats going on?
 

A:No files in Temporary internet folder

Sure you're looking at the correct Temporary Internet Files folder?
In Internet Explorer go to Tools => Internet Options => General tab and check the 'Current Location' and then click on 'View Files'.
 

2 more replies
Answer Match 82.74%

I looked in the IE "view files" button, and it showed a whole lot of things in the "file attribute: hidden" that I didn't expect to find. I went in through the disc cleanup to get rid of cookies and such, but it didn't seem to clear them out. Your thoughts?

More replies
Answer Match 81.9%

I'm running Vista on a Dell with a 72GB hard drive. I'd like to know how to remove the Temporary Internet files and folders that are taking up over 21 GB of my hard drive. They can be found under C:\Documents and Settings\George Roberts\Local Settings\Temporary Internet files. There are over 855,000 files and 2,345 folders. There is also 559MB under the Temp folder. Windows Explorer will not let me delete or rename the folder because the Temporary Internet Files folder is a required hidden "Windows" folder. Any suggestions? Thanks, George Robertse-mail {Removed to prevent Spam bot attacks~~boopme

A:Deleteing Temporary Internet Files Folder

Hello try safely removing them with TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

1 more replies
Answer Match 81.9%

This has been happening for some time now,.....when i go to youtube or matacafe or some other video site and load a video , i usually go to the temporary internet folder to convert these video files and store it in my pc so i can watch again. But lately i can only see a few of the video files in the folder and i dont understand why.
does any one know whats the problem and what i can do about it??

A:youtube files not in temporary internet folder....

Hello Michael Y and welcome to TSF

I dont think they save to the temp files anymore I think they just get deleted for copyright laws.

3 more replies
Answer Match 81.9%

Windows XP media Center seems to be completely hiding folders from me. When I untick "Hide protected operating system files and folders" then right click properties my Temporary internet file folder, it says there's 71 folders within it. I can't see ANY of these folders in my browser. If I boot up my other OS (Win XP 64 bit) I can view these folders just fine. Furthermore, within media center edition, I can access Temporary Internet Files\Content.IE5 if I type it in manually, and can see 68 folders within.
Now, why would Media center be hiding Content.IE5 when supposedly I have display EVERYTHING turned on? I fear a malicious program may be doing this. An OS reinstall isn't a big deal for me, but I'd rather not.
 

A:Temporary Internet Files Folder Oddity

8 more replies
Answer Match 81.9%

i'm having this issue when i'm streaming an hd movie the space in drive C: reduces.
since i have only 2GB free it takes up all the space.

how can i change the directory where firefox keep the temp files/cache?

A:Firefox temporary internet files folder...

I haven't tryed this,but found on the Internet. Try it:






Quote:
type about:config into the firefox navigation bar and hit enter
find the browser.cache.disk.parent_directory, if it doesn't exist right click anywhere and select NEW, then STRING. Enter browser.cache.disk.parent_directory in the first popup box and then the location in the 2nd popup box e.g. k:\tempintfiles. If the entry already existed simply right click on it and select MODIFY and enter your new directory path.

4 more replies
Answer Match 81.9%

For weeks I have been puzzled by new Temporary Internet Files, Cookies and History folders constantly reappearing in my Windows XP Local Settings/Temp folder.
My normal TIF etc folders are still functioning normally in Local Settings. So no harm is being done but it's been annoying the hell out of me.
Today, quite by chance, I've discovered that the culprit is Adobe Reader X. 10.1.2. The act of simply opening Reader myself immediately creates these TIF folders within my temp folder. As well, of course, as every time I download and open pdf files.

I say immediately but it does take about 15 seconds after Reader opens on the screen before the TIF folders appear in the temp folder.
Does anyone know why this is happening and how I can go about resolving it?

(I've also asked this in the Adobe forums, had 100 views but as yet no replies!)

Many thanks.
 

A:New Temporary Internet Files folder being created.

I'd not worry about. It sounds like the adobe reader is just creating temp files to be able to access them quicker. I'd bet that when you have adobe reader and the files open, you cannot delete the files, but once all are closed, you can delete them no issues.
 

3 more replies
Answer Match 81.9%

Hello! Thanks for looking into this thread.

To make a long story short, I have a new HDD with not much on it, and I have an old HDD with all my other stuff on it. :)

Some of that stuff is located in the 'Temporary Internet Files' folder. Game saves on online gaming sites such as Armorgames.com etc.

It allowed me to copy from the 'Temporary Internet Files' folder onto a USB easily and without trouble. Whereas when I put my USB on the other computer, and try to copy them onto the Temp Internet Files folder of my new HDD, it just does not give me the option to.

I've looked into this a bit, and have discovered that there is no physical folder. I've gone to where I am supposed to, the Document Settings -> Local Settings ect. and it's not there. I guess that's the technical reason why it won't let me copy files to there, because there is no physical folder.

What I am asking is: Is there a way to copy files 'TO' the 'Temporary Internet Files' folder?

I emphasise the 'TO' as I've only seen information on google in regards to copying files 'FROM' the 'Temporary Internet Files' folder.

I hope you folks can help me out on this one. :)

Cheers,


ooeJack

A:Copy files 'TO' the 'Temporary Internet Files' folder

Hello

It is not that easy as IE stores TEMP file is multiple locations.

They could be stored in user temp files or in SYS files

1 more replies
Answer Match 81.9%

Hi,

I am running IE8 on Windows 7 (Home Premium 64bit). My Temporary Internet Files folder is C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5. I have enabled Show Hidden Files and Folders and removed the tick for Hide Protected Operating System files.

I've noticed that streamed .wma file appeared as .dat file in the temporary internet folder. I've tried copying it to the desktop and change the extension to .wma but it will not play at all. I have the same problem in another laptop running Windows Vista. In Windows XP platform, I have no problem retrieving the streamed files as they are saved in the original file format (i.e. .mp3 or .wma) in the Temporary Internet Files folder.

Please advise.

Thank you & regards

More replies
Answer Match 81.9%

Hi,

I am running IE8 on Windows 7 (Home Premium 64bit). My Temporary Internet Files folder is C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5. I have enabled Show Hidden Files and Folders and removed the tick for Hide Protected Operating System files.

I've noticed that streamed .wma file appeared as .dat file in the temporary internet folder. I've tried copying it to the desktop and changed the extension to .wma but it will not play at all. I have the same problem in another laptop running Windows Vista. In Windows XP platform, I have no problem retrieving the streamed files as they are saved in the original file format (i.e. .mp3 or .wma) in the Temporary Internet Files folder.

Please advise.

Thank you & regards

A:.wma files appears as .dat files in Temporary Internet Files folder

I'm have difficulty understanding the real problem since I have always set my browsers to delete at the end of a session, I use CCleaner to delete junk (read stuff in the temp folder).

In any case, you can help us by updating your system specs.

UPDATE YOUR SEVENFORUMS SYSTEM SPECS


User CP (3rd item in the top menu bar) |
in left-hand column, under Your Profile, Edit System Spec |


Use Speccy - System Information - Free Download
and/or SIW to gather info for filling in the blanks.

Do me a favor and add the word laptop or desktop to the ?system manufacturer? block.

Use the ?Other Info? block for Optical Reader, Mouse, touchpad, wifi adapter, speakers, monitor

Scroll down and click on the SAVE CHANGES button.

9 more replies
Answer Match 81.06%

Hey guys,

There was a setting that you could do which would allow you to view your Temporary Internet Folder like you would in XP, with everything in it, instead of being seperated into Content.IE5 folders.

I did it before...but I had to do a repair install....and now I can't remember how I changed that setting!

Could anybody help?

-----------------

I Solved it and forgot to post the solution lol sorry

Internet Options -> Security -> Uncheck 'Unable Protected Mode'

Enjoy

A:IE8 Windows 7 - viewing Temporary Internet Files Folder

Note: It didn't involve switching off UAC, which is a dangerous thing and it's not that irritating in Windows 7 anyway

4 more replies
Answer Match 81.06%

A friend is running Microsoft Security Essentials on a 64-bit Windows 7 Home Premium Edition system. MSE detected an infected file in c:\Users\{user}\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\{some string}\index[1].htm

I went into Windows Explorer and disabled the hiding of hidden files and the hiding of system folders. I then navigated to c:\Users\{user}\AppData\Local\MIcrosoft\Windows\Temporary Internet Files and found there was no "Low" folder. I saw other files in the folder but no "Low" folder.

Why am I not able to see that folder?

Thanks!

Peace...
 

A:Solved: Question about the Temporary Internet Files folder

8 more replies
Answer Match 81.06%

Hi Guys.

I regularly empty my Temporary Internet Files folder - -Or I thought I did.

When I click on the box in "tools/internet Options/delete temporary files", it always says "deleting files" and it certainly looks empty afterwards, but then today I right clicked on the temp internet file and clicked on properties, and it says it contains 30,000 files, and it is 1.2 GB in size. So what are these files, why can't I see them, can I delete them, and how do I delete them?

Thanks guys

A:removing hidden files from Temporary Internet Folder

Come on guys, surely someone out there has an answer?

Neil

8 more replies
Answer Match 81.06%

Hello,

I would like to be able to view the various temporary internet file folders like I used to with my previous version of Windows. Can anyone tell me how I can do this. I have tried using: C:> Users\My Directory\AppData\local\Micrososft. According to my antivirus scan tool, the temporary internet files are located within the Microsoft directory but when I try to access that directory it's not there.

A:Viewing Contents of Temporary Internet Files folder

They're hidden by default.

Where is located the Temporary Internet Files folder?

1 more replies
Answer Match 81.06%

OS: Windows XP Home
Dell Dimension 3000 Desktop computer

There is a Temporary Internet Files folder literally STUCK on my desktop. There was another listed under My Documents > When I tried to delete that one, it deleted. So then I tried to move the folder on the desktop to My Documents with no success. "Access Denied", or "In use by another user or program. Close all programs and try again." I tried to "Send" the folder to another location on the computer with no success. Also tried deleting it and cutting and pasting it some where else, that also did not work.

Temporary Internet Files folder's properties:

General Tab > Attributes: Read only box is checked and grayed out.

Any suggestions. Could not find anything in the past when Googling this problem.
 

A:Temporary Internet Files folder Stuck on Desktop

Have you tried last known configuration or system restore?

To start your computer by using the Last Known Good Configuration feature, follow these steps:
Start your computer.
When you see the "Please select the operating system to start" message, press the F8 key.
When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
If you are running other operating systems on your computer, use the ARROW keys to select Microsoft Windows XP, and then press ENTER.
 

2 more replies
Answer Match 81.06%

Hi i am running Windows 7 64-bit home edition and regularly clean out my cookies, temp folders from the tools button in firefox, i recently got UniBlue and did a scan and it read over 6,000 files in this folder "C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\" however when i go to my windows explorer and look for this file, i am cut off at ...\Microsoft\Windows\. There are 12 folders available for me to look through yet looking at the properties tab of \Windows\ shows over 120 folders in \Windows\ and most bugs like to hide in temporary internet files. Does anyone know how to unlock that file so i can do it myself?

PS
No, clocking delete internet history,cookies, and recent files does NOT work in firefox or IE

A:Cannot open Temporary Internet Files Folder in AppData

Run Treesize Free -- see what it finds in the ...\low folder.

You should see \Content.IE5 folders (related to IE) + \AntiPhishing and possibly some temp files.

http://www.jam-software.com/treesize_free/

Regards. . .

jcgriff2

`

4 more replies
Answer Match 80.22%

My laptop use internet explorer 8. Recently, IE8 haven't saved images file in Internet Temporary folder, it saved only cookies, password. So I cannot access offline wed pages in History tab. help me!

More replies
Answer Match 80.22%

Hi

I'm using XP-sp2 plus IE7 and I clean out my temporary internet files and cookies using Webroot's Window Washer (version 6). After a 'wash' I've noticed that while most files are gone from my temporary internet files folder some are still left and there seems to be nothing I can do to delete them. If I try a delete command, nothing seems to happen (e.g. no error messages) and the files remain where they are. Some of the files have a suffix .gif and a couple are named as cookies and end in .txt. Also, some have a date under the column 'Expires'. Any idea why I can't delete these files and what does an 'Expires' date mean?

I can't say for sure that that this is a recent problem but I didn't notice anything like this under IE6 and Window Washer version 5, both of which I was using until a few weeks ago.

Thanks for any help you can give me.

Regards from Tony.
 

A:Solved: Can't delete files/cookies in temporary internet folder

ie7 is not compatable to many cleaners yet,the cleaners will probably update as time goes on,new version of ccleaner now cleans ie7 temp folder,i just create a short cut to desktop to internet options and clean this way usually
 

2 more replies
Answer Match 80.22%

My computer wont let me delete my Temporary Internet File folder. Reason why I want to delete it is that the file is holding 30gb of data. The folder is in:

c://Users/V05/AppData/Local/Microsoft/Windows/Temporary Internet Files

I've tried Unlocker and file assassin and it doesnt work. The files that it contains are cookies in which I have never seen before. I believe I have a virus because it seems as the cookie files in which are in there are video cookies and once in a long time adds play in the background of my screen.

What can i do?

A:Trying to Delete Temporary Internet Folder Files Wont work

Use Ccleaner to delete the files.

CCleaner - PC Optimization and Cleaning - Free Download

Install and run Microsoft Security Essentials.

http://windows.microsoft.com/en-us/w...tials-download

9 more replies
Answer Match 80.22%

In Xp after browsing I could go to Internet Explorer Temp folder and sometimes find files to save
Favicons, video clips and music.
Good stuff lol

However now in Vista there does not seem to be anything there I recognise
Are they just not saved anymore?

As before I go to - Internet Explorer, click Tools, Internet Options. Under Browsing History, click Settings. Under Current Location, click View Files.
But never any icons or video clips or music to save in there anymore
Help!
 

A:Vista - why can't I find files I want in temporary internet folder anymore?

Go to folder options, view tab, tick "show hidden files and folders", hit OK.
 

1 more replies
Answer Match 80.22%

I am new to Windows 7 and have just purchased a new computer and am currently trying to set it up to my requirements. Being a novice to Windows 7 and IE8, I may be overlooking the obvious, so any help will be appreciated.

With IE8 and Windows 7 (64 bit), I would like to change the default location of the Temporary Internet Files folder. My drive C: is an SSD and I only want this for main program storage and another larger drive (F for general working data storage.

I have tried the following to change the default folder path for Temporary Internet Files in IE8:

Step 1. Launch the IE8 web browser.

Step 2. A list of menus is displayed on the top right hand corner of the window. Click Tools.

Step 3. A dropdown menu will appear. At the bottom of it, click Internet Options.

Step 4. In the Internet Options window that appears, in the Browsing history section, click Settings.

Step 5. A new window called Temporary Internet Files and History Settings will appear. Under Current location: you will notice the default path to the Temporary Internet Files folder. To change it click Move Folder.

Step 6. Select the new folder path -> when you?re done click OK.
(I have created a mirror path of the original storage location on the different drive, ie from C:\Users\[name]\AppData\Local\Microsoft\Windows\Temporary Internet Files to F:\Users\[name]\AppData\Local\Microsoft\Windows\Temporary Internet Files)

Step 7. In the Temporary Internet Files and History Settings window clic... Read more

A:IE8 Changing Default Folder Path for Temporary Internet Files

I haven't done it myself, but shouldn't there be a step 8...Reboot. Just a thought.

6 more replies
Answer Match 79.8%

I need help. I've been having trouble with my internet connection.

What do you mean that's not enough info to help?

Oh, ok.

Well, to some degree it works ok. On a good day, pages load in my browser fine, and I can even stream video. Steam logs in ok, and if everything's going well, I can use Skype and play games fine. Most days are not good days. Today, for example, Steam and Skype will sign in (just about, takes a while to try, and Skype doesn't seem to load my online contacts properly), web pages will generally load, but voice chat via Steam or Skype is impossible, and no games will connect. Other days voice will be fine, but browsing and/or games will be pretty impossible. Days when everything works perfectly are rare, but so are days when I get absolutely nothing at all (when browsing, pages will generally half load, no matter how bad stuff is).

I was running Windows Vista, I've since upgraded to Windows 7. I've had the same problem with three different routers on two different connections, and on both a USB dongle (tried a few, one was a Belkin if it's relevant) and an internal wifi card (Ralink, drivers up to date). I've tried turning off the power saving setting on the card ("allow my PC to turn this device off to save power"). Sometimes, just after making a change, it seems like I get a small improvement, but such impressions are generally fleeting and I'm guessing down to wishful thinking. Turning Windows Fir... Read more

A:Single Machine Connectivity Issues (Generic Title For a Fairly Generic Problem)

15 more replies
Answer Match 79.8%

I have got a problem with my computer, no matter how i try to get rid of these, they will not go. i am using BitDefender internet security 2009.
which fine these trojan. but when i run my trojan remover it tell me i have no trojan and my computer is free of all..? i have not notice that my computer is not playing up. but when trying to get rid of the three trojan it tells me it cannot because it is part of the system. i tryed in safe mode but it will not let me scan. but i can scan with my trojan remover, and it come up clean, some people say my computer has been kidnap and the trojan is hiding and pretending to be part of the system. the names are....Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD. with thanks Erwin

A:Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD

Hello ..I am moving this from XP to Am I Infected as it is a malware problem.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives sel... Read more

1 more replies
Answer Match 79.8%

Hello, my husband's computer seemed to contract quite a few trojans lately according to AVG free. I tried to use it to get rid of them, but I just wanted to check if it had done the job and if there is anything still lingering. Also I would like to prevent thhese infections happening again, as it seems a bit weird to me to have 5 different trojans at once. Can anyone say how the following trojans managed to download?

In temp folder: trojan horse generic 14.ABXY & trojan horse SHeur2.APYR

In system volume information _restore: trojan horse Downloader Generic 8.BJPU & another 14.ABXY

In temp internet files: trojan horse generic 13.BUBK

Thanks a lot for your time and please let me know if you need anymore info!! I appreciate it

DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gerard Sabapathy at 21:40:44.50 on 25/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.319.64 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin&... Read more

A:Trying to get rid of trojans generic 14.ABXY, SHeur2.APYR, Downloader Generic 8.BJPU

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 79.38%

Computer Runs very slow..bit defender finds Trojan.Generic 25641 and 1)Generic Peed.Eml.Ea92)Generic.Peed.Eml.AB3)Generic.Peed.Eml.FDO4)Generic.Peed.Eml.Fad..but bit defender cant disinfect or moved these viruses...and nowadays my computer runs really slow

Deckard's System Scanner v20071014.68
Run by Bishakha on 2008-02-23 14:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-02-23 20:31:45 UTC - RP164 - Deckard's System Scanner Restore Point
51: 2008-02-23 04:52:49 UTC - RP163 - System Checkpoint
50: 2008-02-22 04:31:29 UTC - RP162 - Software Distribution Service 3.0
49: 2008-02-21 04:33:06 UTC - RP161 - Removed InterVideo DeviceService
48: 2008-02-21 04:27:18 UTC - RP160 - Removed Pando.


-- First Restore Point --
1: 2007-12-24 19:59:33 UTC - RP113 - Installed Windows XP KB899589.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-23 14:33:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE... Read more

More replies
Answer Match 79.38%

Hello all,

McAfee keeps popping up a trojan alert every couple of minutes, and as I've watched them closely for the last few days, they seem to be the same 12 or so - over and over again. I have tried full scans using both McAfee and Spybot, and while they both indicate that they fix the problems, these trojan alerts keep showing up. My comp has become very sluggish, IE in particular.

Also, every time I restart after a scan requires it, I get the error message "Owner.exe - DLL initialization failed". I noticed that this process (Owner.exe) jumps around a bit in the task manager, especially when McAfee pops up with the alerts.

Below is my DDS. Please help!

-Jim

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:57:27.90 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2595 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\Photos... Read more

A:repeating trojan alerts - Generic rootkit, Generic!Artemis

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

14 more replies
Answer Match 79.38%

Hello, PC responsiveness is slowly deteriorating in last 2 weeks with symptoms including - browser (IE7) redirects- slow processing times (usage often pegged at 100% or several activities going on at the same time), - OExpress and IE unable to open occasionally. -Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i- Also at start up an apparent MS message says "Error loading JSUSA2.DLL Specified Module not found" (this loads before Mcafee opens)- Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also).Thanks for your help...DDS (Ver_10-03-17.01) - NTFSx86 Run by Robert at 9:31:27.43 on Sun 07/18/2010Internet Explorer: 7.0.5730.13AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://my.yahoo.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae06... Read more

A:Need help removing stubborn Trojans - artemis, generic.dx, generic dropp

Today another symptom: mcafee identified a buffer overflow in c:\windows\system32\svchost.exe at the same time that a host process error occurred... screen shot of all message alerts are attached. system is detriorating with frequent blue screens while rnning a virus scan or logger (ie MalwareBytes and gmer) I would appreciate a quick response if possible so I can get this one and only family pc up and running again. Thank you.

3 more replies
Answer Match 79.38%

Hi, I originally asked this on MS Answers and they recommended I cross post here. 
I have drive write restrictions enabled (via gpedit) on a publicly used PC to prevent clutter and users losing files. For most applications, I have moved temporary folder locations to a flash disk.

When I moved IE11's temporary folder and re-enabled the write restriction, upon login there is no destination temporary internet files folder. The disk space to use counter is at 0 and the current location field is empty (under the
gear, Internet Options -> General -> Browsing History -> Settings -> Temporary Internet Files -> Current Location and Disk Space to Use).

I also tried to move it back to a folder on the C: drive, and got the same result (empty location field). Ditto when telling IE to restore to original settings. 

What is happening here/ how can I solve this? Given the write restrictions, users prefer to use cloud storage systems, and these seem to require temporary storage to load.

Thanks.

More replies
Answer Match 79.38%

Hi Folks. I've been wading through all the threads associated with my problem - at least I think I have - but I don't see an answer, so I am going to start this new thread and risk the slings and arrows of the more perspicacious.
This little issue has followed me from XP to 7 and is actually more of a curiosity than a problem:
I check the Empty temporary internet files folder when browser is closed in the advanced section of internet options but it doesn?t work and never has. Does anyone know why?
I can easily do it manually but it annoys me that it doesn't work.

A:Faulty 'empty temporary internet files folder when browser is closed'

Have a read here.

Empty Temporary Internet Files Folder when brower is close does not work in windows 7 X64

Hope it is of help to you.

9 more replies
Answer Match 78.54%

Hi,

I have MacFee Virus Scan copy installed on my laptop. It displays virus detection and deleted messages for Generic.dx, Generic downloder.dx, and Puper Trojons in Temp folder. These messages keeps coming back.

Here is my HJT log file
=========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:34 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
C:\Program Files\Google\Common\Go... Read more

A:Generic downloder.dx, Generic.dx and Puper Trojon on my laptop

I had real time anti spyware enabled for my previous HiJackThis so now I have disabled the same and run HiJackThis again.

The new log is given below.
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:41 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateSe... Read more

1 more replies
Answer Match 78.54%

Hello, my Dell running XP (SP3) responsiveness is slowly deteriorating in last 2 weeks with symptoms including

- browser (IE7) redirects
- slow processing times (usage often pegged at 100% or several activities going on at the same time),
- OExpress and IE unable to open occasionally.
-Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i
- Also at start up an apparent MS message says "Error loading JSUSA2.DLL Specified Module not found" (this loads before Mcafee opens)

- Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also).

Thanks for your help...
**************************


DDS (Ver_10-03-17.01) - NTFSx86
Run by Robert at 9:31:27.43 on Sun 07/18/2010
Internet Explorer: 7.0.5730.13
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p... Read more

A:Need help with Trojans including - artemis, generic.dx, generic dropp

Hello again, obxhockeydad_1. Even though it's been almost a year since the last disinfection, which is ok, it's still a bit disheartening to see you back in the forums with another infection. Please be sure all who access the machine are taking great care when surfing the internet, opening emails, downloading files, etc...

Also, IE7 is not as secure as IE8. IE should be updated once the machine is clean.

I'd like to try to get a log from GMER rootkit scanner.

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you still have troubles, try running the scan in Safe Mode.

Restart your computer and boot into Safe ... Read more

19 more replies
Answer Match 78.54%

Hi there Tech Support Guru! my computer has been invaded by these three trojans: generic!Artemis, generic.dx and generic rootkit.w

At least, that's what McAfee is telling me.

I am using Windows XP pro

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:47 PM, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Prog... Read more

A:Please help! Generic!Artemis, generix.dx and generic rootkit.w have invaded

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far
 

2 more replies
Answer Match 78.54%

McAfee found those files and I wondering if they are slowing down my computer. I am also having problems removing programs and installing Microsoft security updates. When ever I try to remove certain programs I get a message that says, "This installation is forbidden by system policy. Contact your system administrator." My computer is a stand alone and I have admin privileges . Here is my log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:38 PM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicen... Read more

A:Help removing Generic!Artemis, MK Recorder, and Generic Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 78.54%

Have Compaq Presario CQ56 laptop running Win7 64bit. I use Norton thru my ISP and so far so good until a few days ago! Norton popped a box saying it had detected a problem and when I expanded the box it showed 3 trojans and only 1 removed. It then began popping up a box telling me to reboot so it could make the needed fix and I did but it didn't I downloaded Housecalls and the scan found nothing. Next I tried AVG and that scan found nothing! Now I can't even get on the web or open any desktop icons.... I get a pop-up stating "There was a problem sending the command to the program" and it refuses to do anything. I can't run any of the diagnostics posted on the self help instructions above... I need HELP Please!!! Thanks,
Jan
 

A:TROJANS: Generic dxlb2rms and Generic Backdoor!1sw - NEED HELP TO REMOVE PLEASE!!!

Please don't forget this post.... I really need help! THANKS!
 

1 more replies
Answer Match 77.28%

Hi,My device has been infected with ZeroAccess, which proceeded to bring along the 2 generic trojans. My main problems are that windows is very laggy (most things has to be done through Safe Mode at the moment), my firewall won't stay on (in normal and safe modes) and occasionally a pop-up appears with the title [Web Browser] warning that I should stop a script from running. It looks something like this: (I forgot to take a screenshot when it popped up, so here's the exact same thing that I found through google)Before I start off, here are some details about my machine.Windows 7 SP1McAfee SecurityCenter v11.0McAfee VirusScan v15.0 last updated today (17/6/12)McAfee Personal Firewall v12.0A few days ago, my friend was using my machine when McAfee popped up saying that it had quarantined some trojans and no further action was required.Afterwards, the computer was getting significantly more laggy with each reboot; McAfee Personal Firewall and Real-time protection were also unable to stay on. Looking through the quarantined list of items, there were multiple instances of the same 3 items:ZeroAccessGeneric.Backdoor!1ubGeneric.dx!b2ptAll 3 appeared in C:\Windows\Installer\post:27338360\UMy friend had already deleted the zip file which probably allowed ZeroAccess in. Since McAfee's complete scan of the computer was unable to complete due to the significant lag, I then downloaded and ran Spybot S&D and Ad-Aware Antivirus in Safe Mode, but n... Read more

A:Help with Zeroacess / Generic.Backdoor!1ub / Generic.dx!b2pt

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

50 more replies
Answer Match 77.28%

My wife downloaded a file through bearshare and now the computer is lagging bad and avg keeps picking up these 2 trojans. I navigated to and deleted the file that the generic arly was in. I have tried to run malware bytes,trend micro housecall and they lock up before finishing as avg also locks up before finishing. I have run spybot and it removed several things. Also if possible i would like to remove any garbage programs i dont need. Plese let me know what else you will need.

Thanks a lot

1. DDS LOG
DDS (Ver_09-06-26.01) - NTFSx86
Run by Jamion at 12:40:26.86 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3034.1773 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.in... Read more

A:Trojan generic 11zne and generic arly

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

7 more replies
Answer Match 76.44%

Hi, I keep getting the following message "Generic Host Process for Win32 Services has encountered a problems and needs to close." Short after that I lose my Internet connection. I went to the chat and was asked to post a HijackThis log here. I ran Adaware and Spybot and deleted what it found.Below please find my HijackThis logLogfile of HijackThis v1.99.1Scan saved at 19:12:56, on 04.09.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Programme\AntiVir PersonalEdition Classic\sched.exeC:\Programme\AntiVir PersonalEdition Classic\avguard.exeC:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\RunDLL32.exeC:\WINDOWS\SOUNDMAN.EXEC:\Programme\AntiVir PersonalEdition Classic\avgnt.exeC:\Programme\Java\jre1.5.0_06\bin\jusched.exeC:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exeC:\WINDOWS ... Read more

A:Generic Host Problem - Loosing Internet Connection / Generic Host Problem

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I apologize for the delay getting to your log, the helpers here are very busy.Your log is clean, so I don't think the issue is malware related. But let's see if we can figure it out for you.Click Start -> Run -> eventvwr.mscLook in SYSTEM and APPLICATIONS for anything around the time you are getting the error.Double click on anything you see with a red X, press the Copy button, and then paste it here in your next reply.

4 more replies
Answer Match 76.02%

I have mistakenly deleted all the files and folders included in my "Temorary Internet Files" folder, including "Content.IE5" and "OLKD7" folders. I am now unable to download attachments from Hotmail. I have tried to add these folders from another user on this machine however the folder is restricted. My OS is XP Prof. SP2 & IE 6. Any ideas?
Thanks
 

A:Deleted all files and folders from "Temporary Internet Files" folder

6 more replies
Answer Match 74.76%

Through IE Properties, the "Temporary Internet Files" folder cannot be emptied, neither by going directly to the folder.
It says "No Objects" although the properties from the folder show 10.000 objects and 600 MB size!!!

What could be the reason?
 

A:Files of "Temporary Internet Files" folder cannot be deleted

hi

try to right click on it and press cut the delete
 

13 more replies
Answer Match 74.34%

McAfee installed on computer but was "complaining" that the computer wasn't protected but when clicking fix - nothing changed. Finally tonight was able to get the updates and now it says machine is protected and it quarantined:

Generic Dropper.cx, Generic Downloader.x.

I can see from the logs that on 1/25 it supposedly removed Generic.dx. Obviously, this machine still had a problem so I ran dds and mbam - although in reverse meaning ran mbam first. Logs below. Perhaps MBam has fully resolved but I'd like an expert to confirm. Thank you.
*****************************************************************
Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 6.0.6000

2/6/2009 8:39:56 PM
mbam-log-2009-02-06 (20-39-56).txt

Scan type: Quick Scan
Objects scanned: 51894
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT... Read more

A:Generic Dropper.cx Generic Downloader.x

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 74.34%

I received notifacation by McAfee on Generic!atr & Generic dx $ DNSChanger.o. Must have gotten them from DVD X Copy pro download, it is the only file download I did. I do not check email on this computer. It is the only thing I can think of unless I got them surfing. I did all the things in log 793721 as It looked identical but I just want to make sure so I am posting a few logs. Thank you very much for looking into this for me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\e... Read more

More replies
Answer Match 74.34%

About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more

A:generic.dx and generic downloader.dx Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

6 more replies
Answer Match 74.34%

I can't get rid of the the Generic Rootkit w. My virus software warning window keeps popping up saying the Trojan is detected even after I ran SDFix.

Generic Rootkit w
File: c\WINDOWS\system32|securetm.sys
Process: c:\Docume~1\Valerie\LOCALS~1|Temp|BNF6FD.tmp

Generic Downloader.x!i
File: c:\Documents & Settings\Valerie\Valerie.exe
Process: c:c:\Documents & Settings\Valerie\Valerie.exe
Thanks for your help,
Valerie
______________________________________

DDS (Ver_09-03-16.01) - NTFSx86
Run by Valerie at 9:30:34.68 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1283 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\V... Read more

A:Generic Rootkit w and Generic Downloader

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies
Answer Match 74.34%

Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?)

I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =(

If you could help me that would be great!!!! Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Fi... Read more

More replies
Answer Match 73.92%

Hi Everyone,
I am hoping you can help me as I very stupidly downloaded a trojan virus onto my computer yesterday, I have backed up all of my files but really need the comp to be back in full working order asap as dissertation deadline is in two weeks! Initially trojans were popping up every minute or so as an AVG alert and websites were showing a warning that the site was using a weak algorithm, and Google was redirecting. All of the above problems seem to have been fixed after a system restore and virus scan in safe mode however on start-up a warning still pops up. I am worried that there is still something lurking and I have no idea how to find it! Here is my log, thanks in advance for any help!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Amy at 18:28:06 on 2012-04-30
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.2037.854 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:&... Read more

A:Generic trojan in System 32 folder

Hi,Please do the followingRefer to the ComboFix User's Guide Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.NEXTPlease download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exewhen the window opens, click on Change Parametersunder ?Additional options?, put a check mark in the box next to ?Detect TDLFS File System?click OK Press Start Scan
If Malicious objects ar... Read more

2 more replies
Answer Match 73.92%

Alright, I'm not entirely sure how or why, but for some reason C:\Users\generic is corrupt. Until now, that hasn't been a problem. However, when I tried to install the XPS/PDF plugin for Word, I got the error that my copy wasn't able to be validated. The fix specified that I delete a file in generic. So, I went to go see how to repair it. I found this:?How to Fix Corrupted User Accounts in VistaI could not complete the fix, no files would copy. So, my next idea was to use the latest Ubuntu build as a Live CD to go in and see if I could get around it. However, I've heard that messing with the NTFS partition from Linux was not exactly safe, and who knows with this corrupted folder, so I don't want to do that just yet. Is there anything else I can do??This computer is very new, so I find it odd that I'm already getting errors like this. As per school mandate, we can only have Sophos Antivirus on here, but I ran Malware-Byte's Antimalware anyway, with no results.Pertinent System Info:Vista Business SP1EDIT: Wait a sec, now it's picking up on a massive trojan infection, and on a Quick Scan no less. Last time I ran it, a Full Scan found nothing. Let's see if this solves the problem.EDIT2: It came back on the reboot full force. Looks like this is now an infection; could a mod move this to the appropriate section? By the way, here's the log.Malwarebytes' Anti-Malware 1.27Database version: 1130Windows 6.0.6001 Service Pack 19/8/200... Read more

A:User Folder "generic" Corrupted

Well, it's been a few days and my computer is becoming increasingly unstable, and I hvae yet to get a single response. Does anyone have any idea what infection could take control over all these important system files?

9 more replies
Answer Match 73.08%

I am a beginner and I need to find: Temporary Internet Files folder in Windows Explorer: Can anyone explain the step by step procedure to do so.
Shamou
 

A:Solved: Solved: Find: Temporary Internet Files folder in Windows Explorer

Temporary Internet Files are located within the users's profiles, such as:

C:\Documents and Settings\User\Local Settings\Temporary Internet Files

Each user has its own files.

Open Internet Explorer. Select Tools, then Internet Options. Under Temporary Internet Files click on Settings, then View Files.
 

3 more replies
Answer Match 73.08%

I am running vista home premium service pack one. On the desktop the program icons are there. Is this the way it is supposed to be?

A:My program folders all have generic folder icons

Yes it is, though you can change them if you so desire. I dont mind all the generic icons, since I jsut read the file names. We can tell you how to change them, though it is a bit of work, though you can change the default icon I think...

~Lordbob

P.S. To change the icon, right click on it and click "properties". Go to the general page, and next to icon, there should be a change icon button. CLick it, and you can choose the new icon from there. If you want a different one, there should be a browse button to select manually.

1 more replies
Answer Match 73.08%

As I intimated in the title, is there a list of all the generic folder names like %appdata% and %systemroot%?

Thanks.

A:List of generic folder names, like %appdata%?

Open a Command Prompt. Type set and press Enter. That's the complete list.

2 more replies
Answer Match 73.08%

hi,,when i open 'all programs' all the icons are a generic folder except for the windows programs which are the default icons for that particular program.now what i want to do is have all the icons relate to their own particular program,not a generic folder...i changed a setting somewhere & now i forget what i did..they used to be all different until i made a change....i'm not using the windows default icons but a different set,,i was using the other set then made a change which gave me the same folder view so it's not from using the other set, it's from a change i made somewhere in folder view or somewhere else..
 

More replies
Answer Match 73.08%

I am experiencing the same issue like most problem with the trojan issue (rdriv). My AVG keeps telling me that I have a virus but I can't seem to get rid of it. I have tried to delete the file but it keeps coming back after reboot. It looks like it starting as a service. I am running Windows XP home edition by the way. See HJT log file below for analysis. Thanks a bunch in advance
Logfile of HijackThis v1.99.1
Scan saved at 9:03:19 AM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsof... Read more

A:Rdriv Trojan Gm Generic In Sysyem32 Folder

7 more replies
Answer Match 72.66%

I need to know how to empty the "Temporary Internet Files" folder. Windows XP won't let me delete it and when I go into the folder, its empty, but when I check its properties, its more than 7GB in size which is taking up a lot of disk space. I really need to empty this folder, but I do not know how as it's not showing any contents in it. I even unhide the contents of this folder but it shows nothing in it. Please help!

A:How to empty "Temporary Internet Files" folder

Well, one way you can do it, is to go to Tools -> Options in your IE browser, and click on delete files under the Temporary Internet Files.

2 more replies
Answer Match 72.66%

This computer has only one account so that I can start it up or restart it and walk out of the room and it is ready when I get back.
I have lost my Temporary Internet Files folder, i.e.
C:\Documents and Settings\name\Local Settings\"folder should be here"

For some reason the folder moved to inside the Temp file and when I tried to move the folder back where it belonged it just disappeared. I searched ?Temporary Internet Files? and all the other folders are empty and not used.

Everything works fine, except when I try to download a program like Opera that puts a install file in the Temporary Internet Files folder windows gives me an error telling me to find where the install file is. Thus I cannot update or get programs like Opera that use this method of installing on the computer. Searching for these install files shows that they are not on the computer.

How can I get my Temporary Internet Files folder back?

A:Lost "Temporary Internet Files" folder

Correction...please forgive my ignorance but there is two problems here that I found at the same time and in my flustration combined.

1) The Temporary Internet Files folder does not show any more. I found it in the Temp folder and tried to move it with two copies of My Computer (Windows Key+E) whereupon it promptly disappeared. It must be there although it does not show as I can empty it and everything works.

2) Any program that has an install file will no longer work on this computer. I get a error showing me that the file should be in the Temp folder. A search will not find the install file anywhere.
I will start a new thread on this in the future.

Sorry about the newbe mistake, please forgive me.

3 more replies
Answer Match 72.66%

Hi,
I have located this folder and files in my C:Temp Directory(Normally C:Windows/temp).
CompatTelemetryLogs with
AppAndDeviceInventory.log right next to it.
and the following inside the folder.
Folder = "IMG" lots of little image files of all my software
Folder = "Resources" with nothing in it.
Files:
CompatData_2014_10_17_06_04_14_1_008001ff.xml
compatscancache.dat
DeviceGroupingRules.xml
diagerr.xml
diagwrn.xml
PreliminaryReport.xml
setupact.log
setuperr.log
TelemetryTransform.xsl
WICA_Devices_SOL.xml
WICA_Programs_SOL.xml
WICA_QueryAppBlock_SOL.xml
WICA_QueryBiosBlock_SOL.xml
WICA_QueryDeviceBlock_SOL.xml
WICA_System_SOL.xml
WICA_SystemReport_SOL.xml
WICA_TelemetryReport_SOL.xml
WicaDeviceFilters.xml
Windows_TelemetryData.xml

Not sure about all of these but I did a search for this one: "TelemetryTransform.xsl" and one entry was this below(except I do not have any office program installed form MS, I use Open Office) http://technet.microsoft.com/en-us/library/jj219431%28v=office.15%29.aspx

And this one: "Windows_TelemetryData.xml"
https://www.google.com/search?num=100&safe=off&hl=en&site=webhp&source=hp&q=Windows_TelemetryData.xml&oq=Windows_TelemetryData.xml&gs_l=hp.12...6809.28780.4.29973.3.3.0.0.0.0.82.216.3.3.0.ccynfh...0...1.1.56.hp..14.0.0.0.KGgYvIjDHXA

I am not attempting to install windows 8? at all so why this is coming up is beyond me I am using Win7 64 Pro and... Read more

More replies
Answer Match 72.66%

Hello, I seem to have something called generic pup.x on my computer and it won't go away. My virus protection is now out of date and I can't download a mcafee update because the window box saying that generic pup.x has been detected won't close, or be dealt with and mcafee won't update unless I close the dialogue box... Can you help? Many thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:22:03, on 08/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\Program Files\SiteAdvisor\6173\SAService.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exeC:\WI... Read more

A:Infected with Generic pup.x

to BleepingComputer.comI want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .If you would still like help, please follow the instructions below:We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.Save it to your d... Read more

2 more replies
Answer Match 72.66%

I am running XP SP2 with McAfee Virus Scan Enterprise 8.5i. I have performed a full system scan twice and Generic.dx keeps reappearing after a reboot. FYI, I have disabled system restore before performing the full system scan. Thank you for your help in advance.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Erik at 20:39:47.26 on Tue 02/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.832 [GMT -6:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ABS_VPN\cvpnd.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\BMWgroup\ETKLok... Read more

A:Infected with Generic.dx

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

3 more replies
Answer Match 72.66%

Trying to clean up my mom's computer and I've run all kinds of scans and Mcafee will clean it but once I restart my computer it's there again. I would really appreciate help removing this. Here Is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:58 PM, on 8/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.ex... Read more

More replies
Answer Match 72.66%

Hi,on Sunday 5/16, my Trend Micro anti-virus program reported that it detected a virus PAK Generic .012, which it quarantined. I deleted the suspicious file, but have seen a number of problems over the last several days (which seem to be in remission over the last day, but I doubt the problem just went away).1) My clock switched to military time2) When browsing the web, I'll sometimes get an error:svchost.exe ? Application ErrorThe instruction at ? referenced memory at ?. The memory could not be ?written?.Click on OK to terminate the programClick on CANCEL to debug the programIf I click on either or close the window, I'll lose my internet connection until restarting.3) Visual Studio Just-In-Time DebuggerAn unhandled exception occurred in svchost.exe [1236]. Do you want to debug using the selected debugger?4) Soon after startup (and before connecting to the internet), I was getting the following error:Data Execution Prevention ? Microsoft WindowsTo help protect your computer, Windows has closed this program.Name: Generic Host Process for Win32 ServicesPublisher: Microsoft Corporation5) Once on saving a Word document, I got a message, ?The File Normal already exists. Do you want to replace it?? I chose to save this under a different name Normal 2. Since then I've been mostly using Notepad as my text editor as I believe that's safer than Word.On Tuesday, I ran a system restore to revert my settings back to Saturday, which only seemed to temp... Read more

A:infected by PAK Generic .012?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

17 more replies
Answer Match 72.66%

Hello! Thank you, first and foremost, for giving your time and effort on this forum.

My computer (Toshiba laptop) seems to have been infected with at least 3 instances of Mal/Generic-A, as defined by Sophos antivirus. Sophos will not allow me to delete or move these files. I tried viewing my hidden files then using Autoruns to locate the infected files, but I couldn't find them even then. I'm getting popups and annoying music/advertisements running in the background, which I can temporarily stop by ending some processes in Task Manager. I attempted to download ComboFix so that I could be prepared if you asked me to run it, but it won't install on my Vista machine--I keep getting a "this program has stopped working" message.

Below, please find the text of the DDS.txt report:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Jess at 2:24:32.60 on Wed 07/08/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2038.527 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System3... Read more

A:Infected with Mal/Generic-A

Hello jlcardinal,I attempted to download ComboFix so that I could be prepared if you asked me to run it, but it won't install on my Vista machine--I keep getting a "this program has stopped working" message.Combofix in NOT a toy. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. ***************Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Ad... Read more

25 more replies
Answer Match 72.66%

i ran a full scan on McAfee and when finished it said unable to remove unwanted program Generic PUP .x!dx, how can i remove this from my computer? also i tried to run a GMER scan on my computer and i wasnt able to check any boxes as it showed in the online model the only ones that were cheked were services, registry, C:\, and ADS. when i ran the scan and it finished it said unable to scan your system these are the results from McAfeeItems DetectedViruses: 0Trojans: 6Rootkits: 0Tracking Cookies: 2811Buffer Overflows: 0Potentially UnwantedPrograms: 2DDS (Ver_10-03-17.01) - NTFSX64 Run by Blanca at 23:02:27.56 on Mon 06/14/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3837.2477 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRep... Read more

A:infected with generic pup .x!dx

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

4 more replies
Answer Match 72.66%

Hi all. I have McAffe Viruscan Enterprise installed in my computer. Version is 8.5 Oi. Scan Engine is 5400.1158 and Dat is 5820.0000 from Dec 2 2009.
It is been a couple of weeks since I started getting the messages from Viruscan about being infected with generic.dx!har on file winlogon.exe and it is not able to remove/clean.

This is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:23 PM, on 12/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nv... Read more

A:Infected with Generic.dx!har can you please help?

I was able to solve my generic.dx!har infection to the winlogon.exe file by creating a boot disc using secured2k's tool:

http://community.mcafee.com/thread/6923

It provided me with a safe boot disc and it allowed me to get into my computer and perform a safe command line scan which finally deleted the infected c:/windows/system32/winlogon.exe file. Using then the file handling file I was able to copy the non-infected c:/windows/servicepackfiles/i386/winlogon.exe to the system32 directory with no problem, and the generic.dx!har was gone!
 

1 more replies
Answer Match 72.66%

A few days ago I got this virus scan alert saying i had a vundo virus. Apparently the mcafee antivirus that i have deleted/cleaned the infected file. However, i kept noticing that whenever i went online, i would get an incredible number of pop ups. I downloaded several other programs such as malwarebytes and the antispyware provided by mcafee. fortunately the popups have stopped, but now they have been replaced by something else that just slows my computer down to a crawl. This has been unbearable, its finals week and i have all my notes on my computer. Anyways, virus program keeps popping up saying it has found Generic.dx!bx and when i click clean it says it failed. clicking delete also ends up in failure. one thing that i have noticed is that in the virus scan alert box (mcafee) the "username" and application that prompts this alert keeps changing. does this mean that the virus is spreading to every program? i have no idea what else i am supposed to do. i am this close to taking a hammer to this piece of... hope someone out there can helpDDS (Ver_09-03-16.01) - NTFSx86 Run by Hector Benavides at 5:35:26.00 on Sat 05/09/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.435 [GMT -5:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.... Read more

A:Infected w/ Generic.dx!bx

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

12 more replies
Answer Match 72.24%

Hey I installed Notepad++ to E:\ then I relocated it to a subfolder on that partition.

When I went to "uninstall" hoping it would give option to "fix" it didn't recognize the program.

Basically I relocated the application folder from its orig install location, now the application icon is generic.

Anyway to solve that (like updating registry or something) without reinstalling? Not that big of deal to reinstall but I would like to learn about updating system if I relocate app folder and whatnot.

Kind of noob question, but thanks!

A:Relocated a Program Folder (Notepad ++) icon is now Generic

Hello John,

You'll need to relocate it back to it's original location, or reinstall Notepad++. You cannot simply just move the installation folder and still have the program work. There are just to many unknown registry locations that are added during the program's installation that only reference the original location.

2 more replies
Answer Match 72.24%

Hi, I have encountered some trouble with my icons becoming generic. It started off with some icons turning generic, and then more and more over the past couple of days. When I try to change a icon, it says windows can't find a file in the %Systemroot%\installer folder. So I looked at the "Windows\Installer" folder (after turning on hidden/system files) and there was only one executable in it. I know that it should have a lot more files in it, but the total size of the folder is less than 1 MB. Unfortunately, my system restore doesn't go far back enough to restore everything.

As for changes to my computer, I did take ownership of the Windows folder a week or so ago to change explorer.exe and ExplorerFrame.dll (I followed some guide online). But I know I did not make any additional changes to the Windows folder.

Any suggestions?

A:Empty Windows\Installer folder and generic icons

If the problem started after you changed permissions on the Windows folder and then you modified core Windows components, then it's possible that is the cause of the problem. Hopefully you made backups of those files - restore the originals.

2 more replies
Answer Match 71.82%

Hiya! I'd originally come aboard with the intention of asking why I see one or two "Generic volume shadow copy" driver installs EVERY DAY in perfmon/Reliability Monitor. After reading other threads on this topic, I'm now convinced this is related to my leaving a USB drive plugged into my PC 24/7 for ReadyBoost, and ditto for an external USB-attached hard disk (for backups).


My questions have now become:
1. I have 98(!!!) Generic volume shadow copy entries in the "Storage volume shadow copies" element in Device Manager (and my rebuilt Vista install is about 5 weeks old, installed on 8/7/08). Should I be concerned? What can I do to get this number down? How do I keep it down? The obvious bonehead answer appears to me to be "Delete them all, and keep it up every day, or write a script to do likewise." Is this even reasonable?
2. I have 5 "Generic volume" entries in the "Storage Volumes" element in Device Manager. Same questions as before...
3. I can't get any meaningful info from the Properties windows under either heading, though complete coverage of "Storage Volumes" and random sampling of "Generic volume shadow copy" entries all say "The device is working properly"

Any input, ideas, advice, or references that will help me understand how to proceed from here will be greatly appreciated.

TIA for your help and support,

--Ed--

A:Device Mgr: 98 Generic volume shadow copy, 5 Generic volume entries

Just FYI in scanning elsewhere on the Web I've found other posts that report this same behavior. For example: http://www.vistax64.com/vista-genera...talling-s.html (no resolution). This posting may offer some relief, and recommends uninstalled the USB Root Hub drivers so they can be rediscovered upon bootup: http://www.vistax64.com/vista-genera...ecognized.html. Haven't tried this yet, though, so I don't know if it helps or not.

HTH,
--Ed--

3 more replies
Answer Match 71.82%

Can you please answer this

where is the desktop users files folder located ??? example (it would be the folder senthil):



when I click on that folder is similar to the one located in C users, username. but it cant be because i recently moved my documents, pictures, etc to another partition.. this is what I get:



I found this quite useful, i just want to know where this is located lol besides desktop.... like I already know where the libraries folder is: c:\Users\<username>\AppData\Roaming\Microsoft\Windows\Libraries\

what about that other folder ??

thanks

A:Where is the desktop users files folder located?

Hello Mikey,

The "Desktop" folder under Favorites is a shell folder that doesn't have a folder location.

You can open it's location using the shell command below in Run, search, shortcut, etc.....

shell:desktop

Hope this helps,
Shawn

3 more replies
Answer Match 71.82%

Norton Anti-virus displayes a number of pop-up messages informing me that I'm trying to send spam email although I'm not actually trying to send any email. I noticed (alerted by anti-virus Scan) that within the windows/temp directory there is a folder called "AEXAM" which contains many temp files being generated every minute.

I've run Norton a few times without success in cleaning my laptop. I've also not installed AVG (unable to update virus definitions), and it also doesn't find anything. I've run Malwarebytes, and it found some items, but the symptoms are still present.

Not sure what else I should try, but I'm hoping you have some suggestions.

Below is the copy/paste of the DD.txt file. Attached I'm including the attach.txt file as per instructions.


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by PaArCA at 13:59:43.40 on Mon 07/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.1022.668 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
c:\_integra\bin\shs... Read more

A:Infected with Packed.Generic.45 and others

Hello, PauloA.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksPlease note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.We need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:Log.txtinfo.txt

14 more replies
Answer Match 71.82%

McAfee has found the Generic.dx trojan on my computer, on file c:\programfiles\iwingames\iwingameshookIE.dll. I cannot delete, clean or quarantine the file and when I try it says "Access is denied. Make sure the disk is not full or write-protected or that the file is not currently in use"

Any and all help would be appreciated!

Heres the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:38 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr... Read more

A:Infected with Generic.dx trojan, help!

Hi, Welcome to TSG!!

Run HJT again and put a check in the following:

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\RunOnce: [iWinArcadeIECleanup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iWinArcadeAutocleanup.bat

Close all applications and browser windows before you click "fix checked".

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:

c:\program files\iwingames\iwingameshookIE.dll
Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results ... Read more

1 more replies
Answer Match 71.82%

A warning came up on McAfee security center the other day saying that I had Generic Rootkit.D!Rootkit. Then when I restarted my computer a windows program came up and said that it had stopped the execution of a program (would give exact details but can't replicate the error currently). After this error as windows continued to load, I get a message from NT authority\system with the error 1073741819 saying my computer would reboot in 60 seconds, which it proceeded to do. If I ran shutdown -a before the shutdown completed I would regain access to my desktop, but everything would be so slow I could not use my computer. I restarted in safe mode with networking, ran a full McAfee virus scan (found nothing) and ran some other program suggestions I found on the web, including ATF-Cleaner, Stinger, SDFix and combofix (note I had a really hard time downloading this, I get a 404 error when I click on the links to it) . I realize now I should have come here first before running these files. My computer now will boot into normal windows and seems to run smooth, but I want to post my log files to make sure I'm clear of the virus. Below is my DDS log and attached is my attach.zip and ark.txt files. Thank you in advance for your help!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Matt at 22:05:37.45 on Tue 12/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.510 [GMT -8:00]

AV: McAfee VirusScan *On-access scannin... Read more

A:Infected with Generic Rootkit.d

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

11 more replies
Answer Match 71.82%

My computer is an Inspiron 2200 running Windows XP with 512 ram. My web browsing has recently started slowing down. I've cleared my cache, ran adaware and Spybot multiple times, even yahoo anti-spy, and limited my startup programs that appear in the tray at the bottom with spybot. I also ran avast which moved one infection to chest. When I scan with Macfree, nothing comes up; but when I run Hijackthis, Macfree tells me it just deleted the w32/generic.worm!p2p infection from Avast. I'm not good with this area of computers, but I've followed the advice from this and other help forums. Please tell me if there's anything from my log I should delete.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:54:05 AM, on 8/25/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS... Read more

A:Might Be Infected With W32/generic.worm!p2p

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

3 more replies
Answer Match 71.82%

Hi everybody.
I am new to this site and in need of help.
During a routine Ad Aware scan, my computer was found to be infected with Win32.Generic!SB.0.
I chose the option of removing the component, but I am not sure the action was successful or that it won't come back.
Any suggestions to solve this will be greatly appreciated.
My PC works on Windows 7 and I use Firefox for browsing.
Thanks!
Hobnf.

A:Infected with Win32.Generic!SB.0?

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

2 more replies
Answer Match 71.82%

Unfortunately, I'm back after a short time away. AVG AV found a trojan today - then I ran it again and it found two more. Then as SAS ran AVG found two more. 8 cases in all. In program files, turbotax and install shield, temp file, and system volume information files. It is identified as Trojan Generic6.umu or ums.

Obviously, I am anxious as it seems to keep getting worse. I look forward to your assistance.

Here are the scans I ran.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:50 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\... Read more

More replies
Answer Match 71.82%

First off thank you for your assistance, this is very frustrating. I was working and my computer just shut off so I restarted and ran SpyBot which let me know of our friendly trojan. I did try to follow another self-help topic from major geeks but didn't post for help there. This help topic removed the issue for about 5 minutes and then another issue came up with the SmitFraud that I only know as winrscmde that randomly plays ads out of nowhere. I have followed all instructions minus the gmer since I am on a 64 bit system.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Kim at 8:37:09 on 2012-06-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1670 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Wi... Read more

A:Infected with SmitFraud.C - Generic

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

15 more replies
Answer Match 71.82%

My computer problems appear to be the Generic Process Host Win 32 message, as well as the search re-direct virus. My computer seems to be grinding at all times, slowing down any programs I am trying to use, primarily internet browsers. I ran Malwarebytes this morning, and it turned up several infections. When I tried to relaunch Mozilla Firefox, I got the following message: "The proxy server is refusing connections. Firefox is configured to use a proxy server that is refusing connections. Check the proxy settings to make sure that they are correct." I reset the proxy settings from manual to automatic, and the connection worked. Everything seemed to work well for a while, and then everything returned. I have also gotten a couple of messages about my default search settings being changed. Below are the logs/attachments requested. Let me know if I failed to provide enough info. I appreciate your help! Thanks,Mike

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Mike at 16:59:19.46 on Mon 05/16/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.60 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Run... Read more

A:Infected with Generic Host Win 32 and more!

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that ... Read more

21 more replies
Answer Match 71.82%

Once in my external drive and the other time in my OS partition.I have updated Win XP as much as possible and used the latest version of AVG and Spybot Search & DestroyI enabled my firewall using Win XP.Kaspersky took about 4 hrs to scan but did not find anything. I just want to make sure things are fresh and clean.Thanks for all the help in advance.Main text:Deckard's System Scanner v20071014.68Run by Galen on 2008-06-10 21:45:42Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --13: 2008-06-11 04:45:45 UTC - RP95 - Deckard's System Scanner Restore Point12: 2008-06-11 04:41:20 UTC - RP94 - Installed Java™ 6 Update 611: 2008-06-11 04:28:03 UTC - RP93 - Software Distribution Service 3.010: 2008-06-11 04:26:20 UTC - RP92 - Software Distribution Service 3.09: 2008-06-11 04:24:58 UTC - RP91 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-06-10 06:54:28 UTC - RP83 - Installed iTunesBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-06-10 21:46:52Platform: Windows XP Service Pack 3 (5.01.2600)MSIE: Internet Explorer (6.00.2900.5512)Boot mode: NormalRunning processes:K:\WINDOWS\... Read more

A:Infected With Trojan Generic 10.thy

Hello zoeybadm. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.If you still would like help, please follow the following instructions: Please run Deckard's System Scanner again, this time using these instructions:(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)Click on Start, click on RunCopy and paste the following in the open window and then click OK:
"%userprofile%\desktop\dss.exe" /configThis will open up DSS configurationClick on Check All.Click Scan.
DSS will now run again.Please post back both logs that open in notepad.
Main.txt and Extra.txtNextPlease do an online scan with Kaspersky WebScanner.Please visit the Kaspersky Online Scanner website.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section sele... Read more

4 more replies
Answer Match 71.82%

Hello!I installed Acronis Disk Director program on my computer(laptop) and I found out that it is infected with virus. Now, when I turn on my computer, it doesn't load all programs that it should load on startup, or at least it doesnt show them in the taskbar(including my antivirus program). Other thing is that it is very slow, unusably slow, and I made a clean instalation of Windows one week ago. Please help me!Here are the logs:Here is DDS log:DDS (Ver_09-07-30.01) - NTFSx86 Run by Filip at 14:30:14,12 on pet 14.08.2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.177 [GMT 2:00]AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}FW: BitDefender Vatrozid *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}============== Running Processes ===============D:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeD:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeD:\Program Files\BitDefender\BitDefender 2009\vsserv.exeD:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeD:\WINDOWS\system32\spoolsv.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\RTHDCPL.EXED:\WINDOWS\system32\igfxtray.exeD:\WINDOWS\system32\igfxpers.exeD:\Program Files\BitDefender\BitDefender 2009 ... Read more

A:I am infected with Trojan.Generic

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

6 more replies
Answer Match 71.82%

I am using Win XP Home Edition Version 2002 Service Pack 2 and IE 7. McAfee Seurity Center has been reporting that I have the trojan Generic Dropper.au, however it can not correct it.

Here is my HijackThis log, please help!!!
Thanks,
Michele

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:37 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\antiviirus.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDevice... Read more

A:Infected with Generic Dropper.au

Next download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-... Read more

5 more replies
Answer Match 71.82%

Hi all

I've been watching episodes of family guy on the internet on my company laptop and have by mistake clicked on one of the stupit adverts which has got my computer infected by Generic.dx!dtk.

I've reset the admin password on my laptop so I now have admin rights.

Can you guys help me remove the trogan without interfering with any of the essential programs etc that are installed by my company?

I've currently running Vundofix whilst typing this message...

NB: nothing found by vundofix. Also since im in the admin profile I be able to search within my profile where I believe Generic.dx!dtk is??

All help greatly received,
 

A:Infected by Trogan - Generic.dx!dtk

Also some serious pints of note:

This virus has already redirect me to an extremely realistic RBS website which i almost put my details in.

When i open IE and typed in google it redirected me to igoogle where it was already signed into one of my collegues profiles??
 

1 more replies
Answer Match 71.82%

The browser on my college's computer was redirecting. Then, I came home and put my USB into my comp and voila, same thing. Norton pops up every now and then saying it's quarantining "Packed.Generic.277". I tried the SDFix and did not succeed. I greatly appreciate any assistance I can get. I have a big government job interview in a few days and I'm scrambling to get some documents prepared but I can't even use a friend's computer because my USB will probably affect their computer too. Plus, my computer needs to be backed up, but I don't want to plug in my external drive because I dont want it to get infected also. I plan to head to The Source to purchase Zone Alarm later today or tommorrow. I would also appreciate any assistance with erasing the virus from my USB stick. Thanks.DDS (Ver_09-12-01.01) - NTFSx86 Run by usr at 2:48:57.71 on Thu 01/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.632 [GMT -5:00]FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\... Read more

A:Infected with Packed.Generic.277

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

16 more replies
Answer Match 71.82%

So Symantec keeps popping up with these.Scan type: Realtime Protection ScanEvent: Virus Found!Virus name: Packed.Generic.190File: C:\WINDOWS\system32\nnnmjkHx.dllLocation: C:\WINDOWS\system32Computer: AMANDACORPUser: SYSTEMAction taken: Clean failed : Quarantine failed : Access deniedDate found: Sunday, November 09, 2008 2:34:24 PMThe first one was trojan .vundro. I tried to remove that, and I guess I did because it's pop up is gone?It says that I have 490 files infected. The computer is running very very slowly. Before, when it was just thetrojan.vundro, it wouldn't let me shut down or open any programs.I ran a malware scan, and here is my hijack this log.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:35:38 AM, on 11/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\... Read more

A:Infected with Packed.Generic.190

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Regards

2 more replies
Answer Match 71.82%

I've recently been infected with generic.dx trojan.

Operating software is Windows XP

I ran a scanner and believe I have isolated the location of the file: C:\WINDOWS\system32\dspvfx.dll

Is it as simple as just deleting the file? Or is that a bad idea?

I'm not exactly computer savvy so any help is appreciated. THANKS!

A:Infected With Generic.dx Trojan

Please follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection".After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe ... Read more

1 more replies
Answer Match 71.82%

respected sir/mam,i would like to bring to your kind attention the problem i have been facing in my system fr past 2-3 days.i accidenty downloaded an infected file on my desktop from local intranet.it was having shape of a folder so i tried to open it but couldn't do so after some time i realised that a file named "chrome" was created on the desktop itself.i tried to delete it but error message saying words like "file already open in someother place".so i came to know it was a virus and was multiplying within itself . i tried a number of ways to solve the problem on my own. i read (from net)that combofix should be downloaded from site (bleepingcomputer.com ) itself so i made an account .i followed the link provided and was able to download combofix but when i had run it , i was not able to get any of bluecoloured screens (which should be there );it gave me an error saying !! not safe !! and process got aborted.I had switched off firewall,malware,spyware,bitdefender (antivirus) but couldn't get help.the problem with system is existence of that virus it make copies of itself in every folder of computer with the name of specific folder and cause problem in system.for instance folder "acads" will have the same virus with name acads only and is referred to as an application by the system. i asked a friend with same problem and he was able to solve it with combofix only.but since combofix is itself a problem(doesn't run on... Read more

A:infected by Generic.Virtob

respected sir,i have a problem in my system. antivirus (bitdefender ) shows that syste32 fies are affected by generic.virtob.1.(something).this something varies from file to file and is an numeric and alphanumeric charcter combination. other files also exist which are infected.i had performed deepscan of bidefender any times but it is unable to delete some files. i want that it should be removed from the system. combofix doesn't run on the system . i download it from your site but it says that it doesn't belong to the site and download it from there only.!!!! i had posted a similar post few days before (plz read that);the reason why i'm giving a new post is that i wasn't able to run "clean files" option. but after reinstallation i'm able to do so . so i have tackled majority of problems with that but rest can't be done from my side so i need your help i was not able to upload zipped file so uploaded text file directly. please see to it.thanking you yours sourabh bits pilani pilani,rajasthanindiaDDS (Ver_09-12-01.01) - NTFSx86 Run by abcd at 23:16:09.26 on 20-01-2010Internet Explorer: 7.0.6001.18000============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\WLA... Read more

12 more replies
Answer Match 71.82%

McAfee detected Generic.dx and deleted it (several times). Now, however, my browser(s) -- IE 8 and Firefox 3 -- are hijacked and go to different locations when hyperlinks are clicked. The colorful "Google" logo only half appears (an indication that things are not 'normal'). When I click it link inside on e-mail message (in Microsoft Outlook 2000) a majority of the time it will start to open a browser window, then lock up the entire machine. I attempted System Restore, but the clicking the 'Next' button to initiate it did nothing. I turned System Restore off and ran McAfee Scan again. Nothing. I attempted to install Spybot -- no can do. I ran McAfee Scan in Safe Mode but it didn't detect anything.DDS (Ver_09-03-16.01) - NTFSx86 Run by Paul at 21:50:38.62 on Wed 04/29/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2154 [GMT -5:00]AV: Total Protection Service *On-access scanning enabled* (Updated)FW: Total Protection Service *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\Explorer.EXEC:\Program Files... Read more

A:Infected with Generic.dx (on WinXP)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

15 more replies