Tech Problem Aggregator

Vundo Trojon infected a critical file?

Q: Vundo Trojon infected a critical file?

The file is menoyiju.dll, found in the system 32 file. AVG says it is a trojan horse Vundo.hj. when i ask it to heal it seems to do nothing, but when I force remove, my computer blue screens after freaking out. It detects it on open, when I open any program, even HJT, and MalwareBytes

Obviously something is wrong. Malwarebytes continually finds the same two problems as well.

I have a recent HJT log, and will also post a MWB log, along with anything else you need.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:27 PM, on 9/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\powerstrip\pstrip.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Documents and Settings\Owner\Desktop\Misc\ZoneTick\zonetick.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = google.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7f0652c5-07cd-47fd-9143-0d85ccd919c3} - rahewaro.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ZoneTick] C:\Documents and Settings\Owner\Desktop\Misc\ZoneTick\zonetick.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL menoyiju.dll c:\windows\system32\ c:\windows\system32\
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: nikasipoj - {ebb3eb03-5ab9-4d4d-988e-fb98ca226807} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca0b1089f82a08) (gupdate1ca0b1089f82a08) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9165 bytes

A: Vundo Trojon infected a critical file?

Malwarebytes' Anti-Malware 1.41
Database version: 2839
Windows 5.1.2600 Service Pack 2

9/22/2009 12:08:08 AM
mbam-log-2009-09-22 (00-08-08).txt

Scan type: Quick Scan
Objects scanned: 123862
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Thats odd, it didn't find anything this time ???

1 more replies
Answer Match 86.94%

Hi My system is ifected with spyware ,windows xp,sp2Intially i was unable to search google and yahoo then i installed auperantispyware,then Mcafee after i restated after installing both ,the desktop items and task bar disappeared,then i installed the malware anti bytes ,then i gor desktop and icons back but i got an error dll is missing,when i restated again i didnt get error,but pops increasedi have installed superantispyware,Malware antibytes,hijackthisPlease find the logsSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/18/2008 at 07:37 PMApplication Version : 4.15.1000Core Rules Database Version : 3483Trace Rules Database Version: 1474Scan type : Complete ScanTotal Scan Time : 00:31:29Memory items scanned : 466Memory threats detected : 1Registry items scanned : 6572Registry threats detected : 6File items scanned : 19162File threats detected : 34Adware.Vundo Variant/ResidentC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLTrojan.Vundo-Variant/Small-GENHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32#ThreadingModelAdware.Tracking CookieC:\Documents and Settings\kiran\Cookies\k... Read more

A:Please Help Infected With Adware.vundo Rel/variant And Trojon.vundo

Hello newmember123 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Addi... Read more

10 more replies
Answer Match 79.38%

Please can anyone help. whenever i run norton it finds and resolves trojon.metajuan and trojon.vundo but it does that everytime i start it. i dont no what to do to restore default settings or go back to the date it all started. its really annoying, the only programs im able to run is internet explorer and programs on my desktop. if i try to go to my documents, my computer, control panel etc it opens for a few seconds then closes and the desktop shortcuts and the tool bar disappear then reappear after a few seconds. this also happens when i open new pages on the internet though the window im working on doesnt disappear.

when i start up my computer a box pops up saying C:\Users\Joanne\AppData\Local\Temp\lxtoojmm.dll Missing entry:run

does anyone have any idea how to help? im no technical whiz so im afaid ill need step by step help
thanks in advance, joanne x
 

A:trojon.metajuan and trojon.vundo, please help

hello? please help if u can
 

1 more replies
Answer Match 68.04%

Norton keeps complaining it has blocked Vundo.
I do see 2 dlls in system32 that i can't delete that I know for sure belong to the trojan. I delete some .ddl and exe files manually which I knew fore sure were a problem.

VundoFix didnt find anything

Please help.
---------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:29 PM, on 10/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google... Read more

A:Trojon.Vundo

I thought someone would help me asap....anyways..will wait a little more..
 

1 more replies
Answer Match 63.84%

Hardrive Sounds Horrible/Apps not Responding/Monitor going Black to name a few of the things going on. I don't know if my harddrive is dying on my three year old desktop or this is all virus and malware related. I run TrendMicro Internet Security 2008 on my computer. I've run the latest versions of malwarebytes and hijack this. I haven't deleted anything because I'm concerned about deleting important files - especially in the Registry Keys. I'm pasting below the DDS.txt as well as the Malwarebytes log - again, I haven't deleted what Malwarebytes found yet.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Marc at 13:55:48.87 on Sat 02/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.336 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files... Read more

A:Adware.BHO/Trojon.Vundo/Backdoor.Bot/Trojan.Agent/Malware.Trace

Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will on... Read more

15 more replies
Answer Match 62.58%

About a month ago I noticed my computer was starting to slow down, particularly when using internet explorer. My Husband had also downloaded 'Steam' an online gaming programme and bought Day of Defeat - a completely online game played on servers..... however i dont think this was the problem - however one of the above infections had started to interefere with the platform and engine and now it is unplayable. I was alerted via Norton internet Security that I reapetdly was being infected with 'W32 Tratsinf!' and this was happening every 2-3 minutes, then it would be 'Downloader, Trojan Vundo and Metajuan. I dont know how these all got into my computer but they did despite me have Norton Internet security. I became confused from there....and still am. I have looked at the regisrty keys, where Values had been added etc and - but to be honest deleted a value that was added - System32/Vundo.exe but only went as far as that. i have deleted files that appear to be infected aswell.I was getting pop ups, alerts my system was unstable tempting me to try products to fix the problem and other error messages and i think it.they infected by AV as it has not been picking some infections other programmes have.I have followed your advice and run all the AV, AdAwareprograms, and i must admit my computer has really stabilised from there. could someone please look at the HJT Log to see if i have eradicated the problems, made them worse......Logfile of Trend Micro HijackThis v2.0.2Scan saved a... Read more

A:Help! Trojan Vundo, Trojon Metajuan, W32 Tratsinf!, Virtumonde And Downloader Is Slowly Destroying My Computer.

Hello Michellebro and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

14 more replies
Answer Match 62.58%

How I think I received the infectionI was searching for a site where I could watch a program I missed on TV.From what I know, I never clicked anything consisting of ''download'' or ''run'',I think I simply got it by surfing through potentially malicious websites. ________________________________________________________________________________________________The virusI first encountered the virus by having an AVG window pop up telling me that I've been infected (I rolled my mouse over the buttons of the popup to check that it was legit)The AVG-antivirus detection name of the virus is Trojan Horse Dropper.generic_c.MMIThe object name is C:\Windows\System32\services.exeAVG couldn't remove it because it's inside of a critical system file_________________________________________________________________________________________________How I have tried to deal with itI searched the virus on google and came across a forum post relating to this virus specifically. Someone had been infected by it and was asking for help. In the end of the forum post someone had been able to remove it through the use offileASSASSIN, a tool inside of Malwarebytes anti-malware. I downloaded Malwarebytes and did a normal scan with it to test my luck. Malwarebytes did find the viruses. Malwarebytes ''removed'' the viruses and told me to restart the computer, but everytime I've restarted it and started a new scan the viruses are st... Read more

A:Infected with Trojan, critical system file.

Hello Jrav,Welcome to the forum.For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 ... Read more

48 more replies
Answer Match 60.9%

whilst downloading today, i noticed a pop up informing me that i have a Trojan-downlaoder.win32.Agent.bq and also a Trojan-spy.win32.HTML.bankfraud.dq
and i do not know what to do.
I am not sure how harmfull it is
this popo up comes on the screen periodicaly and is trying to get me to download and or buy a fake visus/spyware detecting software.
What should i do and can i get rid of it myself or should i inform a computer specialist?!
all help would be most grateful
thankyou

A:Trojon-Spy.Win32.Agent.bq ...my pc is infected

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that ev... Read more

1 more replies
Answer Match 56.7%

Am running XP, was infected with Vundo virus on Jan. 18th. Ran the patch from Symantec, but the .dll file

c:\WINDOWS\system32\mljgd.dll

will not go away. I've read other threads here with people having the same problem. On bootup, NAV says this file is infected, but when I scan it says there's no virus. Notice will not leave the desktop.

I have downloaded and ran Ewido and Cleanup per another thread by D_Trojanator, but that has not worked either. Here is my latest HJT log, thanks in advance for any tips.

Logfile of HijackThis v1.99.1
Scan saved at 12:21:52 AM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Pro... Read more

A:Vundo infected .dll file not deleting

7 more replies
Answer Match 55.44%

My computer is infected with vundo,downloader and adware.puritys (wowexec.exe) virus.I really need to clean it up.Please help me.I read other forums and downloaded Hijackthis and have posted the log file contents below.Please someone tell me what should I do next

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:09 AM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\oracle\product\10.1.0\Db_4\bin\ocssd.exe
D:\oracle\product\10.1.0\Db_4\bin\isqlplussvc.exe
D:\oracle\product\10.1.0\Db_4\jdk\bin\java.exe
d:\oracle\product\10.1.0\db_4\bin\ORACLE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\WINDOWS\... Read more

A:PC infected with vundo and downloader,log file of Hijackthis posted,please help me

Being helped here

http://forums.techguy.org/malware-removal-hijackthis-logs/603522-how-remove-trojan-vundo-virus.html
 

1 more replies
Answer Match 54.6%

Hi, this is my first time and I am a novice at this, but I just can't ignore what my TrendMicro OfficeScan software told me it found a WinAntiSpyware2007 spyware and then I scanned my computer with SpyHunter v2.9 and it found a Trojan.vundo file in the registry. Can anyone help! Thanks so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:13 PM, on 8/16/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32... Read more

A:Solved: Help! Infected by WinAntiSpyware2007 and Trojan.vundo! HiJackThis file included.

Apparently my OfficeScan software actually was able to get rid of the spyware after I closed out my Internet explorer session but it just did not remove it from my computer regsitry, but I have been informed that it probably can't hurt anything. My computer has not started acting up on me or anything, so this is all that I can assume.
 

1 more replies
Answer Match 53.34%

Quietman7 sent me here after he helped me remove all the adware and trojans from my computer.... I recieve a message box that states:Windows can not open this file:File: (name of file ) To open this file Windows needs to know what program created it. Windows can go online and look for it automatically, or you can manually select from a list of programs on your computer. What do you want to do?Use a web service to find an appropriate programSelect from a listThis box pops up after every program I click on except IE, AOL, Recycle Bin, & My Computer I think that my automatic updates have started again because earlier I saw the the Yellow diamond in my task bar. But its not there now. I had to fiddle around in my : My computer folder to find the appropriate file to open programs on my desk top ... The pics from the icons on my desktop are changed to that little white box with red and blue lil dialog box..Please help me!!!!!!!!!!Deckard's System Scanner v20071014.68Run by Owner on 2008-06-22 16:45:02Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --50: 2008-06-22 20:45:37 UTC - RP1784 - Deckard's System Scanner Restore Point49: 2008-06-22 18:09:37 UTC - RP1783 - System Checkpoint48: 2008-06-21 17:19:33 UTC - RP... Read more

A:Was Infected With Vundo And Boaxe.dll Now Windows Can Not File Programs To Open Files On My Desktop (dss Included)

Hello anetrev and welcome to BC. It looks like vundo is still in there along with some other fun little things. Let's see what else we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes i... Read more

12 more replies
Answer Match 49.14%

Hi all at BleepingCounter,I have recently got infected with several nasty virus / worms and trojans from my school computers. I have since went to reformat my notebook along with my external hard disk (HDD).But when I did a virus scan with AVG, I found several infections, whereby I immediately google the possible solution to getting rid of these pesky troubles.From the SUPER Anti Spyware thorough scan, I have been infected with the Adware. tracking cookie and Adware. Vundo Varient/Rel. I have tried to delete it several times, but it refused to be deleted with SAS.Then I found this website offering great solutions, so I immediately downloaded the Malwarebyte's Anti-Malware which showed that the vendors were Trojan Vundo, Trojan Agent and Malware trace from the quick scan.And I also saved the logfile of the Trend Micro scan..My operating system is Windows XP, it was downgraded from Windows Vista Business. And I currently have AVG 7.5, Avast! Home Edition 4.0, SAS AND Malwarbyte's Anti-Malware.I am really quite new and ignorant of these viruses and programs, but I am doing whatever I can on my part to save my notebook and I hope that you guys might be able to save my notebook too, it is at present only 3 days old before I received all these nasty viruses!So I copied and pasted the Hijack file file below... And then I also copied and pasted the log from after I clicked removed selected during the Malwarebyte's scan..Am I being paranoid or do I have more viruses?Logfile of... Read more

A:Infected With Trojan.vundo / Adware Vundo Varient/rel

Hello Jacintha and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

10 more replies
Answer Match 48.72%

Deckard's System Scanner v20071014.68Run by korisnik on 2008-05-28 00:31:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-05-27 22:32:05 UTC - RP1 - Kontrolna točka sustavaBacked up registry hives.Performed disk cleanup.-- HijackThis (run as korisnik.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 0:32:58, on 28.5.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\nvsv... Read more

A:Infected With Vundo,vundo B,vundo.dll.,virtumonde

Hello dujma and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not cha... Read more

2 more replies
Answer Match 48.3%

Hallo there,as you can see from the topic i have three trojans in my pc which i can't remove. I folowed the "Preparation Guide For Use Before Posting A Hijackthis Log" and i'm posting the log file.Any help appreciated!!!!Dimitris********************************************************************************Logfile of HijackThis v1.99.1Scan saved at 2:19:19 PM, on 5/4/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\lkcitdl.exeC:\WINDOWS\System32\lkads.exeC:\WINDOWS\System32\lktsrv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Fil... Read more

A:Infected With Vundo Dlm 13, Vundo Gen, Crypt Xpack Gen

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Dim Download SDFix and save it to your desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.zipPlease then reboot your computer into Safe Mode by doing the following :* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode, right click the SDFix.zip folder and choose Extract All,* Open the extracted folder and double click RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.****************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop C... Read more

9 more replies
Answer Match 47.46%

Hi!

My critical files (eg. Program File Folder, Window Folder etc..) have been infected by an Win32/Worm all of my folders has an .scr extension. I run a ESET NOD32 Anti-Virus but it will only quarantine these folders. How can I restore or repair without deleting it . My operating system is Windows XP..
Please help me..
 

A:Critical Files Infected

Hi killprey, and welcome to TSG.

You might be best to have this looked at by the security staff here. They are qualified and experienced with most forms of malware, and would be best equipped to assist you with this problem. Just click 'Report' at the bottom of this post, and ask to have the thread moved to the Malware Removal forums.

To assist in your problem, we need you to download HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe). Install the program (it will save to C:\Program Files\Trend Micro\HijackThis), run it, and select 'Scan'. Do not fix anything yet, just select 'Save log', and copy the contents of the log to your next post. A security expert will be along to check the log. Please be patient.
 

1 more replies
Answer Match 47.04%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

More replies
Answer Match 47.04%

hallomine name is lizaura and I am 35 years hold. I live in Holland and I have 2 children. I have a 17 year old daughter and a 13 year old son.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:32:57 PM, on 12/17/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\SurfRight\Caretaker\Notifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Users\lizaura\Program Files\BitTorrent_DNA\dna.exeC:... Read more

A:Infected Critical System Error

Hello lizaura, I am SifuMike and I will be helping you. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ***************************** Reconfigure Windows Vista to show hidden files: To enable the viewing of Hidden files follow these steps: Close all programs so that you are at your desktop. Access Control Panel. Click Folder Options. After the new window appears select the View tab. Put a checkmark in the checkbox labeled Display the contents of system folders. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Remove the checkmark from the checkbox labeled Hide protected operating system files. Press the Apply button and then the OK button and shutdown My Computer. Now your computer is configured to show all hidden files.... Read more

2 more replies
Answer Match 46.62%

Logfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-12-06 15:52:50Microsoft Windows XP Home Edition Service Pack 3System drive C: has 39 GB (54%) free of 72 GBTotal RAM: 990 MB (40% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:53:06 PM, on 12/6/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Lexmark 3400 Series\ezprint.exeC:\Program Fi... Read more

A:Infected with Vundo.H and other Vundo components

Hello Matt0852 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

5 more replies
Answer Match 46.62%

Hello.Could you please help me? A couple days ago, I got hit with a TON of trojans while at Kings of Chaos. McAfee sent up notice after notice that it had caught and "removed" this trojan and that trojan and I don't know how many FakeAlert thingies.A McAfee scan turns up nothing. Spybot Search & Destroy shows a Firewall Bypass and Malwarebytes' Anti-Malware shows two instances of Trojan.Vundo, eight of Trojan.Vundo.H, two Trojan.FakeAlerts, three Fake.SystemTools & one Disabled.SecurityCenter. Since yesterday I've been getting VUNDO.gen.bp "caught and removed" notices from McAfee.I "remove" these with Spybot & Malwarebytes and they keep coming back. They mainly seem to be opening new windows, opening up IE and just causing a pretty heavy lag. I'm getting fake virus removal programs popping up too. Oh, and "Are you sure you want to navigate away from this page?" stuff but that only seems to be happening at Facebook so that could be them I suppose.Thanks for any help you can provide.

A:Infected with Vundo, Vundo.H and FakeAlerts

Hello and welcome.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyRerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install a... Read more

19 more replies
Answer Match 46.2%

Hello,

I apologize if this topic has been covered.

I am infected with a "Critical hard drive error" virus.

When my computer loads, it brings up a string of 15 or so error windows. It also brings up a pop up window which is saying it is scanning my computer, and then subsequently finds a myriad of different "problems" and asks me to click to activate the full version.

Networking works, however within a couple of minutes of activity a blue screen pops up and I am rebooted.

I cannot see any of my icons in the start menu, and I have tried to do a system restore through the F8 button and through the desktop without success. When I try to use F8 and then Repair my computer, it brings me to a login screen where I am forced to log in as "other user".

When I load with safe mode, the error windows do not pop up, nor does the fake scan run, however all my icons are still missing from my Start Menu and many are missing from the "My computer" tab (which doesn't exist either, accessing indirectly through some start icons that are still there).

I attempted to run system restore through the windows help and support that pops up in Safe mode, but it tells me it is already running.

I am posting this from my laptop, though it appears I can network in Safe Mode without issue.

Any advice on how to proceed would be greatly appreciated. Thank you in advance for your help.

Chris

EDIT: System restore has popped up in safe mode. I am restori... Read more

A:Infected with "Critical hard drive" error

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 46.2%

My internet stopped working tonight, so I restarted it. When it restart it went directly to Startup Repair, it wasn't able to automatically fix anything. I've tried restarting it and even removed the hardrive and it does the same thing. I can't get past the startup repair screen. It is more or less shutdown and restart, contact the administrator or your computer provider. The "root cause" seems to be the following:

Boot critical file C:\Windows\System32\Drivers\uolbyzn.sys is corrupt

Any thoughts would be greatly appreciated. I am running on Vista Home Basic

A:Need Help:Boot Critical File C

Hello,

This is very strange. Normally from this position we would insert the Windows CD, boot to the Recovery Console and we would send you a list of commands to copy back the file from your Vista DVD. However, I do not have this file on my working Vista Home Premium, and searching Google comes up with not a single hit. It is a bit strange for a virus, but I suppose it could be. It is not any normal System file, or any normal file of any program. It is not even showing up in manual virus removal websites. Also, have you tried Safe Mode and Last Known Good Configuration?

Richard

10 more replies
Answer Match 46.2%

It seem I have the same problem as GW7777 C;\CI.dll Corrupt if any one could help I would really appreciate it. I have a Asus 64 bit laptop. When I tried Sfc/ scannow it kept telling me one is pending. I tried the dvds that came with the laptop but they wont even open up please help

A:Boot Critical File

Will anyone help me here?

9 more replies
Answer Match 46.2%

I have a system that I am tring to load Windows XP Pro on. Now I am running Windows 2000 Professional. I have the full blown XP Pro disk, but I am just trying to ungrade so I don't lose my data. I keep getting an error message.

Setup was unable to create, locate, or modify a critical file (C:\boot.ini) needed to start Windows XP. The parametrer is incorrect.
 

More replies
Answer Match 45.78%

Have "Critical System Errors! pop up message in my Task Bar system tray(next to clock) according to forum this is "VirusBurst Fake alert". I tried the Automated Removal Instructions to remove, but did not work. I have also completed "Preparation Guide for use before posting a HijackThis Log" and HijackThis log follows. Thank You Logfile of HijackThis v1.99.1Scan saved at 8:04:25 PM, on 10/31/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Sony\Giga Pocket\shwserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeac... Read more

A:Infected W/ -critical System Errors!- Pop Up In Task Bar Next To Clock

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is... Read more

10 more replies
Answer Match 45.78%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new ... Read more

More replies
Answer Match 45.78%

My PC was infected w/ VirusBurst or VirusBursters... fake "Critical System Errors" alert pops up from lower right side of taskbar; program took over IE home page & directed browser to "Internet Security" page. Apparently also caused infection with Trojan.Emcodec, perhaps others.I've run Norton Antivirus, Trend Micro Anti-Spyware, Ad-Aware SE, SpyBot Search & Destroy, Trend Micro HouseCall, and Bit Defender. (I ran each twice, except Bit Defender only once.) I ran McAfee Stinger. Installed Zone Alarm firewall. Win XP SP2 has had autoupdate activated for some time, and is up-to-date. IE now starts up at my default home page (i.e., it does not go to the phony site). All the various scans are now clean. I think the viruses and spyware are gone, EXCEPT that the icon in the right hand side of taskbar is still present. This icon switches between a yellow "X" and a yellow "?". Periodically, a warning alert pops up with title "Critical System Errors" and message "System detected virus activities. They may cause critical system failure..." If you click on this Alert message balloon it opens IE browser to web page for "Internet Security" which purports to sell antimalware software.I don't know how to remove the task tray icon and its alerts, and I don't know if there is any spyware or malware still present (altho scans seem to indicate they're gone).Following is my HijackThis log.Thank you for your hel... Read more

A:Virusbursters? Infected With Fake "critical System Errors"

Hello PTGuy,Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

12 more replies
Answer Match 45.78%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new W... Read more

More replies
Answer Match 45.78%

Thanks in advance!I downloaded a video codec (or so I thought) and since have been dealing with this. I'm comfortable with regedit, and would appreciate any guidance in getting rid of this thing!Here's my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:35:59 PM, on 12/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\... Read more

A:Critical Systems Error! Your Computer Was Infected By Trojan.

Hello herrgan, I am SifuMike and I will be helping you. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ***************************** Reconfigure Windows XP to show hidden files: Go to My Computer and double-click C. Go to the Tools menu and select 'Folder Options'. On the 'View' tab select 'show hidden files and folders' and deselect (uncheck) 'hide protected operating system files (recommended)'. Now your computer is configured to show all hidden files. ***************************** I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. How to disable TeaTimer during HijackThis CleanupWhen everything is done and your log is clean again, you can enable it again.Then, Download Reset... Read more

6 more replies
Answer Match 45.78%

Attn: BleepingCom Tech:Appreciate ANY help you guys can provide in ridding my computer of this program, don't know what to call it, but a scam to fleece individuals out of $19.95, by trespassing on my privacy. Please provide ANY information about how I may track-down these criminals, so as, my son and his law firm can bring them to justice via a class-action suit, even by those who PAID their ransoms and purchased this scam program titled: Windows Critical Scanner! Be advised I still have the e-mail with the hot-link I clicked-on and can provide "IF" it may help locate these bast**ds!Also, please accept my apologies for including the hot-link in my initial contact, thinking it might help to solve the problem? Obviously, it was the wrong thing to do, but have NO previous experience with these issues.Sincerely,Curt ButlerXXXXXXXXXXXXXXXXXBELOW THE REQUESTED .TXT (ITEMS 6-9) FROM THE PREPARATION GUIDE; ANY ADDITL. HELP REQUIRED, PLEASE ASK!

A:Infected by program titled: Windows Critical Scanner

appears the ark.txt file didn't attach to my previous e-mail? Will attach to this reply (below). Also, be advised the GMER file which you advised may take some time to complete, be advised it took hours to complete? And noticed nothing was added to the ark.txt list after the first minute (or, two)?? Also, noticed the program ran through many .temp files and believe even programs that have long since been deleted from my HDD?? Is this normal?? And, would like to remove ALL .temp files from my computer, any directions please provide, or where I might locate online??Thanks,Curt ButlerXXXXXXXXXXXXXXXXXXXX-END-[Moderator edit: E-mail address removed to prevent spambot harvesting. jgw]

15 more replies
Answer Match 45.78%

Quick background: I've been an IT admin for a major university for the past 12 years managing 300+ Windows and Mac user machines. So, this likely isn't your average network connectivity/name resolution/permissions/firewall issue.

I have an important user's Windows 7 Enterprise (32 bit) machine that cannot connect to any windows file shares (Known good ones on multiple servers). At this point I would have normally just wiped the Windows install out and reinstalled but the user apparently has had this issue for many months (Possibly since May) and hadn't noticed. This resulted in his home directory being stuck in an offline state and all of his modifications are "stuck" on this laptop.

To further complicate things, before I knew the extent of the problem, I removed it from our domain and whatever issue is plaguing this windows install also is preventing me from being able to re-add it to the domain. Therefore I cannot login as the user with the cached offline files at the moment.

Here's what works:
-DNS name resolution
-NetBIOS/WINS name resolution
-Pinging the machines with the shared volumes
-Web access

Here's what doesn't work:
-Accessing any file shares. After about 30 seconds the error says "Windows cannot access \\servername\share"
-Accessing local file shares (i.e. \\127.0.0.1\c$ ...\temp, etc.). I get the same error here.
-The network troubleshooter doesn't find any problems.

The above behavior is the same whether conne... Read more

A:Critical file sharing issue

Well, couldn't get the file share access thing worked out but I did some experimenting on another Win7 machine and figured out how to get another user's offline files back (Assuming you have admin rights).

Here's what I did:
-Disable offline files
-Navigate to c:\windows\csc
-Take ownership of the directory and all sub directories
-Assign your account full control permissions
-Copy the files you want out of there

This sounds relatively simple but I was very paranoid about messing up the files in the process. Windows XP used to keep offline files in some sort of convaluted/compressed format that was not really usable on its own. Apparently they changed this is Win 7 and that's a good thing.

1 more replies
Answer Match 45.78%

In a stupid moment I ran an exe which probaly contained malware... I saw MSE popping-up a warning that it detected 2 virus infections but before I had the chance to click "Remove it" the PC rebooted. It got into an endless loop of failing to repair startup issues. Within the log file, there was a bit of helpful information, ?Boot Critical File d:\ci.dll Corrupted?. Searching Google I found it is probably a rootkit or something like that.

From the recovery console i tried following things:
I tried restoring to the previous system restore point.
I tried restoring the ci.dll with sfc /scanfile=d:\ci.dll but that fails with the message: "There is a system repair pending which requires reboot to complete..."
Then I tried restoring the master boot record using bootsect /nt60 d: but that failes with the message "... The update may be unreliable since volume could not be locked during the update: Access is denied".
I also tried running FRST64.Exe but that crashes during the scan: "Line 3294 (File F:/FRST64.exe) Error: Error in expression"

Anybody who can help resolve this or is the only way out a clean install and does that guarantee that the rootkit is removed?

A:Boot Critical File c:\\ci.dll Corrupted

Well, the problem is resolved. I stumbled right after writing this message on the following article:http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspxSo the fix was as easy as running bootrec.exe /fixmbr

1 more replies
Answer Match 45.78%

Hi my inspiron 1525 dell laptop keeps on shutting down . When restart repairs scans it comes up with the following errors

Root cause
Bugcheck C000021A
Boot Critical file is corrupt
Repair action :file repair
Result Failed error code=0x2

My Norton security is now not working due to the error

Can anyone help me

cheers cait

A:my boot critical file is corrupt

hi i did a restart scan and everything is ok now ... thank god

2 more replies
Answer Match 45.78%

Hi,
I've got a Toshiba Satellite under Vista with blue screen problems.
It doesn't work under normal mode, Error = STOP : 0x0000007F
only works under safe mode.

I've tried quite a few things but they didn't work. Ultimately, it seems that :
the critical startup file C:\windows\system32\drivers\axeth.sys is damaged.

what can I do?
thank you in advance for your help.

----
see attached file also

I couldn't run the system health report. Apparently RACAgent is "disabled" (I'm trying to translate from French) and so non data and no reports possible.

For the rest:
Vista . . .
- x86 (32-bit)
- the original installed OS on the system : yes
- an OEM
- OEM = came pre-installed on system

- What is the age of system (hardware)? 3 yrs
- What is the age of OS installation (have you re-installed the OS?) same age / no

A:critical setup file damaged

Follow instructions and you will be helped.
Blue Screen of Death (BSOD) Posting Instructions

9 more replies
Answer Match 45.78%

Hello, I was downloading what appeared to be an update for Java but about halfway through the download my computer shut down and restarted.

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I suspect I have the exact same problem as referenced by Jan Soall and solved by m0le and farbar (http://www.bleepingcomputer.com/forums/topic396014.html). My computer is also a Toshiba and does not come with a disk to re-install Windows. I've picked up right where farbar started assisting on the thread and have downloaded and run frst64.exe. The resulting log is below.

Thank you SO MUCH for helping me with this.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1
Ran by SYSTEM at 2011-06-27 09:22:06
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: []
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-05-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 201... Read more

A:Boot critical file c:\ci.dll is corrupt

Hi Adam Liebman,Welcome to this forum and apologies for the delay.Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Also restart and let the computer boot normally and tell me how it went.

6 more replies
Answer Match 45.78%

i!

I have tried to solve this problem by myself but I dont get anywhere, so I need experts help. Recently my computer have blue screened a couple of
times: Usually when I run Pro Tools (music program) for some reason and used Internet at the same time. And yesterday it
went blue for the last time. Now when I try to restart the computer says it will try to fix the problems but it cant. My
computer only starts normally when use the last option (dont remember what it is called) in the boot option menu. So ive
downloaded the farbar recovery tool and it ran perfect. I will post the file here.
And also i should add, I?ve tried to run ESET online and it found a kryptik.PMR trojan!
So here is the post from farbar tool:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1
Ran by SYSTEM at 2011-06-27 08:48:55
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-24] (ECAREME)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-11] (AlcorMicro Co., Ltd.)
HKLM\...\... Read more

A:boot critical file c:ci.dll is corrupt

Hi,Welcome and I will be assisting you with this issue.Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
Folder: C:\Users\All Users\oB28601HbLnM28601
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Also restart and let the computer boot normally and tell me how it went.

2 more replies
Answer Match 45.78%

A computer of a family member of mine has recently started showing the following message :
_____________________________________

Boot critical file is corrupt.
Repair action. File Repair

Result failed. Error code = 0x2
_____________________________________

I can still use windows fine, however this is a big nuisance, and i can think of no explanation of why this is happening. I have installed no new apps or hardware of any sort in the recent months either.

It is running Windows Vista Premium [ No service pack ]

I was wondering if anyone has had this problem, or if anyone knows how to fix this problem ?

Thank you in advance

Oliver

[ apologies if this thread is in the wrong area ]

A:Boot critical file is corrupt

Try startup repair and SFC. And install SP1.

Startup Repair
System Files - SFC Command
http://www.vistax64.com/software-too...heck-tool.html

1 more replies
Answer Match 45.78%

Hi,
So today my laptop restarted after installing windows updates.Now it gives this BLUE SCREEN OF DEATH. I cant even log in using SAFE MODE because it gives an error.Any help would be appreciated.

More replies
Answer Match 45.78%

I was downloading a file from the internet, about half way through the download the computer shutdown and restarted.

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I suspect that I am infected and would appreciate your help and guidance on this.

Thank you.

Jan Soall

A:Boot critical file c:\ci.dll is corrupt

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

34 more replies
Answer Match 45.78%

i need help to remove softwrap file error 1 from my pc,

A:critical softwrap file error 1

Ok ... Have you tried uninstalling Softwrap? If so, what happens?

1 more replies
Answer Match 45.78%

Sup guys, every time i turn on my PC or restart it jumps to Windows is loading file and then starts doing start up repair and later on it would show me error log:

Root cause found:
Boot critical file C:\\ci.dll is corrupt

And then it would say:

Repair action:
Repair the file

What should i do?

A:Boot Critical File c:\\ci.dll Corrupted - HELP!

Another one?

There have been a few of these lately.

CI checks for unsigned drivers and checks that various system files haven’t been mucked about with by any nasties.

Suggest you try running sfc SFC /SCANNOW : Run in Command Prompt at Boot

Try a malware scan from a bootable a/v Avira AntiVir Rescue System - Download

If necessary replace ci.dll from another source e.g installation dvd.

9 more replies
Answer Match 45.78%

The problems started yesterday when my computer went to blue screen and automatically shut down and restarted. This happened twice, then I did an AVG scan in Safe Mode. It placed several infections and a few malwares into the virus vault. However, it "did not test" dozens of files because they were "locked". There were Boot directeries that were listed among the locked files.

I restarted in Normal Mode, and got a message that Windows found a malicious file and "partially removed" it. When I clicked on the message to find details about the file, this webpage popped up: Encyclopedia entry: TrojanOS/Alureon.A - Learn more about malware - Microsoft Malware Protection Center
So the infection was TrojanOS/Alureon.A (edited to add: the smiley face appears where : D [without the space] is in the trojan filename)

About an hour later, the computer crashed and restarted again, then again a few minutes later. I did another scan and no malicious files were found.

When I turned the computer on 20 minutes ago, I got a screen telling me that the computer was unable to start, and Windows was searching for solutions. It apparently worked because I'm using the computer now. However, when I clicked to see the details of what happened, I saw this: "Boot critical file c:\windows\system32\kdcom.dll is corrupt".

So I don't know if it fixed the file or if it's still corrupt. I'm concerned my computer will have trouble rebooting. Thanks for any help in... Read more

A:Boot critical file is corrupt

Yes, use bootable Defender. I would later replace AVG crapware with Microsoft Security Essentials.

Work through Troubleshooting Windows 7 Failure to Boot.

If the infection doesn't clean up then post it up in our Security forum for expert help with specialized scans.

9 more replies
Answer Match 45.78%

Hi,

PC spec - Windows 7 Pro (32-bit) Intel Core 2 Duo, 4GB Ram, 2x 250GB HDD

I think I have succesfully removed a Root Kit virus using Kaspersky TDSS Killler but would just like to make sure no other malware etc remains. I'll explain from the beginning.

1. PC was running fine then Windows start-up repair appeared. In the diagnostic & repair details it spotted an error - Boot Critical File E:\CI.dll is corrupt

2. could not repair, restarted, PC would'nt boot up

2. I searched online and found a thread recommending to use Kaspersky TDSS Killer.

3. the thread advised to boot-up with signature verification disabled (F10) - This worked but before I could use the TDSSKiller, the PC crashed. There was also several Trojans and worms being detected, eg: W32/Blaster.worm by what looked like windows defender, but not sure - having searched google about these, it may be a fake Anti Virus software running. I read W32/Blaster.worm does not affect windows 7? and nothing is being found on scans.

The signature verification option did'nt work after that PC crashed

4 Instead I created a windows recovery CD using a different PC - this allowed me to start the PC into Command Prompt MS DOS.

5 I ran the TDSS Killer Software directly from the a CD - after scan finished it said something about MBR, and use standard boot option, (sorry can't remember exact line) I clicked on yes to use standard.

6 PC restarted again as normal and everything seems to be running fine.

... Read more

More replies
Answer Match 45.36%

On Monday, I came home and husband had done a System RECOVERY - he got brave.
It has been doing Windows Update all week.
I began receiving a pop up intermediately that says:
 
Windows Security has found critical process activity on your system and then states it will scan with buttons to start the scan.
 
I could not X out so I immediately did Task Manager to stop the process every time it pops up. 
 
I ran Malware Bytes full scan a few minutes ago and it found no malware.
 
I am not sure if I am infected. 
 
Win7  64bit
Internet Explorer 9
Microsoft Security Essentials
 
Thank you.

A:I may be infected with Windows Security has found critical process activity

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

23 more replies
Answer Match 45.36%

I was surfing the net with Firefox just after an update. When suddenly my laptop restarted and started a Startup Repair. I let it run but it still repeated so i tried to do a system restore, but that didn't work either, I even tried to run sfc /scannow which told me to restart my computer. Right now, I'm using my friend's computer looking for solutions when i came upon another thread on this site with the same issue. And feel that I might have the same problem.I read through the thread and followed it up to the getting a scan with the Farbar Recovery Scan Tool x64, but stopped their.Here's what I received:-----------Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1Ran by SYSTEM at 2011-06-25 00:09:17Running from G:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry ==========================HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [IgfxTray] C:\Windows�... Read more

A:Error: Boot Critical File c:\ci.dll is corrupt

Hi,Welcome to this forum.Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsOpen notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
2011-06-23 09:34 - 2011-06-23 09:34 - 0000000 ____D C:\Users\Steven\Desktop\ESO_v375
2011-06-22 21:49 - 2011-06-22 23:07 - 2726873889 ____A C:\Users\Steven\Desktop\ESO_v375.rar
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on ... Read more

11 more replies
Answer Match 45.36%

Hiya,

The missus has a mini notebook (ee) that has Windows 7 starter on it. Whilst using it last night, there were some updates from Microsoft available, and I set the updates in motion.

One of them was to install Explorer 9, and I declined that, as this is the wifes computer and she uses it for work, didn't want to stuff anything up.

Delayed doing the restart for a while as i was still doing some minoer work on a Word doc.

When it went to restart, it went into a screen trying to auto fix and issue. After much time and multiple attempts, it could not do it, and any restart went into the same mode.

In the end, it could not fix the issue.

From the error report, the following message comes up ;

Boot critical file
c:\windows\system\system32\ntkrnlpa.exe is corrupt
Error code 0xa

As this is a mini notebook, it doesn't have any floppy disc etc, and I can't even get it to start in safe mode to try and fix.

Help !!!

Thanks

Michael

A:Boot critical file corrupt - Win 7 starter

Quote:





Originally Posted by bacchy



Boot critical file
c:\windows\system\system32\ntkrnlpa.exe is corrupt
Error code 0xa




That is the Windows NT Kernel.

Try and boot using the HDD recovery partition - try system repair from there.

While the timing with the Windows Updates may make hardware failure seem unlikely - it is a possibility.

0xa = driver referenced invalid or bad memory. It could be either software or hardware (specifically RAM) related.

Regards. . .

jcgriff2

`

1 more replies
Answer Match 45.36%

I was downloading a file from the internet, about half way through the download the computer shutdown and restarted.

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I would appreciate some help and guidance on this. Thank you.

A:[SOLVED] Boot critical file c:/ci.dll is corrupt

This error has been known to be caused by Windows Updates. Every reference I've read on that issue required a re-install of Windows 7 since nothing else worked.

Provided you've taken the sensible precaution of backing up your files before that happened, re-installing will not involve losing anything. Better still, if you've created a "System Image" which Windows 7 allows you to do (& which everyone should do as soon as possible after installation), restoring Windows will be even easier.

14 more replies
Answer Match 45.36%

Received a rather alarming error message when I tried to boot up my laptop earlier, after the first restart post-antimalware doctor removal.

Error message reads as follows: "Boot critical file c:\windows\system32\drivers\grpwcyi.sys is corrupt"

I have no Vista install disk, as it came pre-installed on my HP hard drive. Am I completely screwed, or is there some way to fix this that I haven't thought of yet? Any help whatsoever is appreciated.

A:Boot Critical File for Vista 32x is Corrupt!

grpwcyi.sys is not a legit file, so you're still infected.With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

1 more replies
Answer Match 44.94%

I did a virus scan with Norman software on my hp Pavilion zd8000.
It came up with 2 viruses in the temporary internet files
sysnetsvc32_XP[1].cab : sysnetsvc32.dll Trojon.W2/Dialer.YW
egaccess4_1063_XP[1].cab : egaccess_1063.dll Trojon.We/Dialer.ABOR

I tried Deleting the temp Files & Cookies but it still comes up.
If I try to delete the files it says accesss denied. Please help me.
 

A:Help with Trojon

Hi and welcome to TSG,

Please do this:

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

3 more replies
Answer Match 44.94%
Q: Trojon

Please Advise how to remove the trojon frommy Pc. I am using Avira antivirus

Avira AntiVir Personal
Report file date: Wednesday, October 01, 2008 08:19

Scanning for 1651830 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: RAMON

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 08:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 07:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 07:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 07:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 09:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 08:29:44
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 9/26/2008 07:52:38
ANTIVIR3.VDF : 7.0.6.231 92672 Bytes 9/30/2008 05:17:25
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 08:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 9/19/2008 09:36:03
AESCN.DLL : 8.1.0.23 119156 Bytes 7/29/2008 08:30:24
AERDL.DLL : 8.1.1.2 438644 Bytes 9/19/2008 09:35:58
AEPACK.DLL : 8.1.2.3 364918 Bytes 9/26/2008 07:46:09
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 9/19/2008 09:35:46
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 9/19/2008 09:35:42
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/29/2008 08:30:13
AEGEN.DLL : 8.1.0.36 315764 Bytes 8/23/2008 09:33:38
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/1/2008 08... Read more

More replies
Answer Match 44.94%
Q: trojon

how do i get rid of rustok-n

A:trojon

Hi rabbit13, Welcome to the Bleeping Computer help forum.Go over "Here" and post your question, along with whatever information that you have that makes you think that you're infected.Good LuckWendy

2 more replies
Answer Match 44.94%

I have obtained a trojon can someone please help whats my first step?????

A:Have Trojon need help

Hello, 
 
Why do you think your computer is infected with a Trojan? 
What alerted you to this? 
 
Is your computer experiencing any issues or symptoms of malware? Eg. Slow performance, browser/Internet issues, etc. 

13 more replies
Answer Match 44.94%

I have a previous post to which no one has responded, it has my hijack this log there. I have spent 3 days running various spyware and virus scanners and they dont pick up on the problem. I have annoying popups, critical error messages and a yellow exclamation mark that tells me that my computer is infected with the latest trojans and malware. I am a student I am taking online corses and I have a paper that is due..my computer wont even stay on long enough to finish it!! I just need some help getting my computer back in order! Please please please Help!
 

More replies
Answer Match 44.94%

Evening all,
 
I have a client that has somehow been infected with a botnet and it has completely blocked up their exchange (2003). It is currently sat with 10000 queues, they are now on pretty much every blacklist and we cannot get them removed until we fix this spam issue. The company only trades via email so it is very important I get this fixed ASAP but I'm at the end of my tether and need some assistance. Here's what I have done so far.
Scanned all client machines and shut them off to elimate any of them having the bot. Results were clear and the queue continues to grow while there are no machies turned on
Ran a scan using their antivirus (Vipre business) updated to latest version - no results found
Installed and scanned RUBotted - no results found
Installed and scanned using Spybot S&D - no results found
Installed and scanned using Microsoft Malicious Software Removal Tool - no results found
Installed and scanned using Malware Bytes - no results found
Ran DDS - Incompatible with Server 2003
Hijack This log:
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:40:20, on 28/07/2014
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 
 
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\P... Read more

A:Urgent & Business Critical - Server 2003 infected with undetectable botnet

Nevermind folks - it turned out to be from something spoofing a company address. Thousands of spam emails were sent out from a spoof address and they all bounced back to an address that didn't exist on our servers, our Exchange server then sent an NDR out again to those addresses and we were stuck in a loop. All sorted now though.

3 more replies
Answer Match 44.94%

Hello, i am infected with a virus and it has taken control of my browser and computer. I have popups all over the place from virus remover 2008 and windows security center and antispyware pro xp. they have hijacked my browser and i cannot go anywhere without getting redirected.

Please help as my computer has become useless.

I have attatched the appropriate requested logs:

thanx

A:[SOLVED] critical system warning, virus remover 2008 infected

Hi and welcome to the TSF Security Forum

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When com... Read more

7 more replies
Answer Match 44.94%

Original word file named curriculum plan key stage 1 was 13pp. This was open.Another file called observation was also open. Tried to save observation on memory stick
question came up ' like to save.' in field up came other file name curriculum. this was accepted in error, warning of existing file open came up. Would you like to replace This was answered affirmative!
So currculum was overwritten by the other file that had been renamed,
How do we get back original file of 13pp? that used to be called curriculum plan key stage 1? help hope this is understood.
 

A:word file name replaced which overwrote a critical document

do you still have currculum open just save again from this file
 

3 more replies
Answer Match 44.94%

I am getting the blue screen after start up. I reach the desk top but if I try to click on anything I get the blue screen. It flashed fast but I think it says something about missing a critical file. I can get to safe mode and safe mode with internet. I tried startup repair no luck. Chk dsk hangs in stage 4.

A:blue screen after startup, missing critical file

Correction. I CANNOT get to safe mode or safe mode with internet.

5 more replies
Answer Match 44.94%

Hi,

I'm an intern with an NGO organization where one of the desktop computers started having problems about a week ago. The computer is a Dell running Windows 7. Every morning, the first person to turn it on sees a whole bunch of updates being installed. The boot screen is irregular, it doesn't include the F2 or F12 options for changing the setup, and it never goes to the log screen. Instead, it goes to a "Startup Repair" window, runs a "scan" that can't be canceled, and then reports that Windows was unable to fix the problem and offers an option to restart. If I click to see the full diagnostic, everything checks out except the last item, which says that "critical boot file ci.dll is corrupt." If I go to "Advanced Diagnostic Tools," it doesn't allow to me do a system restore or much of anything else besides open the command prompt, and I can do only limited diagnostic tasks from there. If I restart, though, it restarts and functions perfectly normally. I installed Avast on there when I started working with it and the full virus scan finds no problems. The computer functions normally for the rest of the day; however, when I go to shut it down after 5 oclock, it says that it's installing 67 updates, every single day.

I can't figure out whether this is some bizarre virus that just makes it take a little longer to use the computer every morning, or a much more malicious virus whose effects simply haven't mani... Read more

A:Once-a-day startup problems, saying "boot critical file c:\ci.dll is corrupt"

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwareNOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program bef... Read more

2 more replies
Answer Match 44.94%

About a year ago I installed a cyber sitter called "iProtectyou" on my son's computer. I decided to uninstall it for him recently because it didn't work, and it only seemed to give him a hassle when he tried to use the internet or play games. When I tried to reinstall it, it would not take the password I used (I could of forgotten it, but I had it written down).

After hours of trying to uninstall it, I went to the internet and Googled how to get rid of cyber sitter's with a forgotten password. Luckily there were several people with the same problem. I downloaded the applications they gave out on the site, and eventually got rid of it. They also had me go to the "Registry Editor" (run: regedit) and screw around in there. The program still shows up in "Programs and Features" but theirs no publisher now, and I still cannot install it. Except now, instead of asking for a password, it just says that their was an error with database.

Now when ever we open up anything, we are swarmed with windows telling us "Crictical Error Occured While Opening Database."

Any help would be great.

A:Critical Error Occurred While Opening the Database File

Have you tried this: http://www.securitystronghold.com/gates/iprotectyou.html?

6 more replies
Answer Match 44.52%

i ran spybot and it pick something up called smithfraudc.coreserivce that it can't get rid of
also avg didn't pick it up either

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:45 AM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Soft... Read more

A:Got a problen with a trojon

Hi, Welcome to TSG!!
Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

3 more replies
Answer Match 44.52%

Had trojan virus in the computer. Now everytime in go to a site. It runs a sprip that slows down the computer.
Antivirus found 8 infected files.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:00 PM, on 7/6/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yontoo\Y2Desktop.Updater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\CallWaiting.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\SUPERAntiSpyware\3b470dd1-dfeb-496e-aa... Read more

More replies
Answer Match 44.52%

Hello Team ,


Please Help me In Rectifying My PC .

I Have Windows SP! Installed on My System .

Few Days back I got a Message that an antivirus Has Been Detected .
So When I Scanned the System I Found Two Trojon Horse Files .
I Deleted Them , Unfortunately I did not make a Note of the File names.

However Now I am unable to Open Regedit, gpedit , msconfig and Task manager .

Yesterday I Was even Not able to Send a Mail .


So I am New To this Forum , Please Help Me Before My System Goes DOwn Completely .

A:Help With Trojon Virus

Please follow MicroBell's 5 Step process - http://www.techsupportforum.com/secu...sting-log.html.

You shall have a proper set of logs for us after that. Someone will be along shortly

19 more replies
Answer Match 44.52%

I have posted the logs from each guide on the site. Also have a DDS one too. I don't know whats going on. there are 2 users when im in Safe mode. Myself and Administrator. I even tried to do a full system restore to orginal settings losing everything i had and just to find out it didn't fix it =( please help thank you -Mike-I been trying to upload the ark.txt but it says this Select a file Attachment space used 40.58k of 512kMerged posts. ~ OB

A:Please help! I have a virus or trojon i can't get rid of

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 44.52%

hey all,my system seems to hve been infected with the trojob winlogon.exe. I tried using my mcafee anitivirus, it detects it but is unable to terminate it. Below is the hijackthis log. It would be great if you guys could help me outLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:22:44 PM, on 6/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:... Read more

A:trojon winlogon.exe

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

2 more replies
Answer Match 44.52%

Well hi everyone I'm new here and need a little help and have some advice for some of you . the advice is , DYNEX CD - R I was trying to burn a cd and opened a new 50 pack of these CD's Put 1 in the burner and all of the sudden it started making this weird noise and would not stop, took it out and tried another same thing after about 5 tries figured the burner went bye bye , took the Sony Vaio to best buy ( Warranty work ) put in 1 of their disc and it was the same brand I was using and then nothing not a peep so they did the diagnostic check ( found I have this Trojan called PHISHER_BZUB so I bring the sony home stick a new disc in the burner and we have the noise and it wont work . so I try a sony disc and a magnovox disc no noise it was a bad batch of CD's so if you have trouble like this try using a different disc from a different bunch ok .

Now I still have the trojan anyone know how to get rid of it ???????
 

More replies
Answer Match 44.52%

I keep on getting a balloon saying
System Alert: [email protected]
Type: Spyware/Trojan
Vulnerable: Windows
Description: Spyware program that sends confidential information to a remote attacker
Protection: Click this balloon to download official security software

I have run Ad Aware and Spybot Search and Destroy but still keeps coming up.

Please help
 

A:can't remove trojon

11 more replies
Answer Match 44.52%

I have norton 2005 on my xp pro.the virus dector says I have a trojon horse in C windows\winsocks5exe,but can't fix it.I can't use my computer because this notice keeps poping up and freezes my browser. I had to delete norton in to order get on the web to send this.

Any one know how to get rid of this horse???

A:trojon horse

since you deleted norton, try using a better anti-virus to get rid of the trojan. click on AVG on my sig and download the program. install it on your computer and then update AVG. afterwards, run AVG and see if the program gets rid of the virus.

good luck and post back if you have more trouble.

2 more replies
Answer Match 44.52%

unable to update windows will not allow download o spywhee to remove it my spy antivirus will not ind it

A:trojon rustok-n

HI rabbit13,

When you do what I told you to do in your other topic just include this information in it too. And don't post more than ONE topic for the same problem.

Wendy

2 more replies
Answer Match 44.52%

how can i remove threats found ,when  i scan my computer with 360 total security antivirus,if i will resolve all the threats . will any data will loose.

More replies
Answer Match 44.52%

Hello there

My computer has mcafee installed and it keeps coming up with trojan detected. It says it's called zeroaccess.hi and is quarantined from C:\windows\assembly\GAC_64|desktop.ini

It says it cannot remove it while it is in use and that i should restart my computer so mcafee can fix it.

I press restart now and it restarts but just logs in as usual and the same trojan detected message pops up after a minute or 2

I'm assuming it wants to launch a scan during startup but the virus is stopping it somehow.

Ive scanned in safe mode but mcafee still doesnt fix it

is there a fix tool for this or a better program to use? I've tried a few things but nothing seems to work.

It's a DELL XPS8500 desktop
Windows 7 home premium, SP1 64bit
If you want a hijack this log I will post one.
Any help would be greatly appreciated

Cheers

Pete
 

A:Trojon: Zeroaccess.hi

14 more replies
Answer Match 44.1%

Hi, Ive got a Trojan horse Dropper.Generic_c.MMI in a system critical/white listed file according to AVG, and it can't to anything about it. Can I please get some help in removing it

I was also wondering whether it was advisable to use a USB flash drive to back up any data and whether its advisable to use sites with logins?

I hae also attatched the file

Thanks very much
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:08, on 15/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\mohammed\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Users\mohammed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14... Read more

A:Have got Trojan horse Dropper.Generic_c.MMI in a system critical file, please help

16 more replies
Answer Match 44.1%

Please help me with this issue. My son was running with an antivirus program not up to date.His lap top started to have problems at first he had the blue screen come up saying it was dumping virtual memory.

I tried to install webroot and update his anti-virus but no luck. next i went to safe mode with no results. Now when we start computer the start up repair comes on and runs we get the following message:

boot critical file c:/windows/system32/drivers/sshrmd.sys

My son has all his pictures on this computer {i know silly not to back up}

Could anyone tell me how to fix this problem?

More replies
Answer Match 44.1%

Laptop - Dell Inspiron 1525 
Windows Vista
 
Been getting this message on failed start up repair since yesterday. System restore runs and says its completed successfully but then it just boots up doing the system repair again. I can't even get into the computer via safe mode (to see if there are any files on there that I really need)
 
Is there anyway to get into the computer to get my files that I might need off or fix this problem? 
 
Someone told me that I'd need the Windows DVD version of my version of Windows to fix this and a repair install doing? I have no idea what that means and the only DVD I have is a recovery one I made via the laptop a month or so ago, which someone told me if I use could wipe all my data and I really don't want that to happen. 
 

 
 
Thank you for reading. 

A:boot critical file c\windows\system32\drivers\ksedd.sys

Try performing a repair installation.  This will require the installation disc, if you do not have one you can download a ISO image and burn it to a disc to create one in the instruction as Window Vista Forums.

1 more replies
Answer Match 44.1%

Windows 7 x64 Professional

Hardware less than 2 months.

OS re installed after MS updates failures.

perfmon named failure.

A:BSODs Memory Management, Edit of a critical system file, etc

Hi.
In this order,

Run SFC /SCANNOW Command - System File Checker
You may need to run it 2-3 times to "fix" everything.

Run RAM - Test with Memtest86+
Let it run until at least 9 passes are completed, or errors are found (whichever comes first). The longer you run it, the better.


Finish with the above steps and post back with results\news.

5 more replies
Answer Match 44.1%

Hi there, can anyone please help me?I am totally new to computers, have vista home basic. When I start my computer in the morning it comes up saying boot critical file corrupt. I go throught the motions of searching for a solution and it says the following:

Bugcheck c000021a
Parameters = 0x8c40140, 0x0
0xc0000001, 0x1004c8.
Boot critical file corrupt.

Repair action: File repair
Result: Failed, error code - 0x34
Timetaken = 3588 ms

Repair action: Sysyem restore
Result: Failed, error code = 0xe
Time taken = 44944 ms

Repair action: Systems File integrity check and repair
Result: Failed: Error code = 0xe
Time taken = 14102 ms

I am told to shut computer down, and when I restart everything is fine. Does anyone know what this is and how to fix it?
Any help very much appreciated1!!

A:Trouble starting computer (Boot critical file corrupt).

boot from the vista dvd
on the bottom left of the install screen
click on the repair option
run
chkdsk /r

1 more replies
Answer Match 44.1%

Every time the computer is turned on or restarted it runs Starup Repair. When i look at the diagnosis it says 'boot critical file c:\ci.dll is corrupt'. I have already tried to restore the computer but i don't have the discs where i have backed up the computer. I have also run a virus scan with Avira and it did pick up 4 viruses and i removed them but the error still occurs. If someone could help me and give me guidance it'll be much appreciated.

A:Startup Repair error : Boot critical file c:\ci.dll is corrupted

After the PC tries the start up repair, select advanced options. From there you should be able to access CMD.

Once you get CMD open run this command. sfc /scannow -This will scan the integrity of all protected system files and repairs the system files if needed.

2 more replies
Answer Match 44.1%

Hello, im in desperate need of help here! So far everything ive tried has not worked. Upon browsing today i stumbled across a website that was deemed a possible "Attack site" by Firefox, shortly after i closed the page the following error message popped up repeatedly;Windows - delayed write failedFailed to save all the components for the file \\system32\000024b5. The file is corrupted or unreadable. This error may be caused by a PC hardware problem. This message pops up literally about 30-40 times every time i restart or attempt to close them, each error has different numbers/letters following \\system32\On top of this my desktop background has gone black, system check keeps popping up and cannot be closed only paused and most importantly almost everything within my username ie music/files/folders/desktop icons has disappeared!! which is a huge problem because a lot of it isnt backed up and theres work related things i cant afford to lose on there! My hard drive is telling me the same amount of space is being used as before so im hoping they havent ACTUALLY been deleted but when i try to view the main user folder it just says its empty?!...also programs/control panel/shortcuts to my documents have disappeared from the start menu.Two random messages saying "hardrive clusters are partially damaged. Segment load failure" and "RAM memory reliability is extremely low..." occasionally pop up from the ta... Read more

A:Critical error! Failed to save all the components for the file \\system32\....

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

13 more replies
Answer Match 44.1%

The Malwarebytes' Anti-Malware is finding a trojon. The anti-virus isn't finding anything yet.
The name of the last one is Tojan.Banker

My log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:37 PM, on 5/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\PC\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\Se... Read more

More replies
Answer Match 44.1%

Logfile of HijackThis v1.99.0
Scan saved at 10:48:46 AM, on 1/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OmniDrive USB Pro\OmniUSBServ.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
c:\oracle\ora92\bin\omtsreco.exe
c:\winnt\system32\rcmdsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP3... Read more

A:Vx2.ZServ(Trojon) Wont go away. HELP

9 more replies
Answer Match 44.1%

have a desk top, hewlett packard, srs413wm, Windows vista premium. have avg full, spybot search and distroy, spywareblaster, malwarebites antimalware. trojan hunter free trial. spybot found a trojon in a registry key and would not remove it. trojan hunter found 30+ warnings with double extentions or what ever, I know that the double extention is bad. now we have a pop up that says ( internet Explorer security ) Windows live toolbar, Allow Dont Allow. I know that we have a problem but AVG or Malwarebites found nothing, I have combofix downloaded now but do not know where to change the nane, or ron it.?????Could I get help when some one is free.
Thank you!

A:trojon double extention????????

I hope I posted in The right place????????????? Please forgive any errors

2 more replies
Answer Match 43.68%

I was using the computer when all of a sudden it shut down. When I turn it back it on, it automatically tries to do a Startup Repair. After several minutes, I get the message: "Startup Repair cannot this repair this computer automatically." When I click on "View problem details," everything looks fine except for "Root cause found: Boot critical file D:\CI.dll is corrupt." This happens every time I try to retart the computer. I've tried System Restore and System Image Recovery to no avail.

Thanks in advance for your help.

A:Computer won't restart: "Root cause found: Boot critical file D:\CI.dl

1. Insert the Windows installation DVD into the DVD-ROM; Click Exit if the auto-menu pops up.
2. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
3. At the command prompt, type the following command, and then press ENTER:
sfc /scannow

9 more replies
Answer Match 43.68%

Hello.

I'm not sure what nasty I have. In normal mode, I get three critical error messages like below with different file numbers.

---------------
Critical Error!
Windows was unable to save all the components for the file \System32\496A8300. The file is corrupted or unreadable. The error may be caused by a PC hardware problem.
-------------

I have a black screen, can run nothing, cannot access files, cannot connect to the internet.

In safe mode, I can get the files to display and can access a CD and external hard drive, but still cannot access the internet.

I used a laptop to transfer DeFogger, DDS, and GMER. I ran Defogger, obtained DDS logs, but twice GMER caused a stop screen error: RQL_NOT_LESS_OR_EQUAL and dumped the memory - had to reboot.

Previously, I had run rkill, TDSS, and MBAM. Once, the TDSS log indicated it had stopped C:\WINDOWS\system32\grpcon.exe - I believe it was the third time I ran it. Otherwise I get zero files terminated. I cannot run MBAM. I get run-time error '53' mbamnet. I tried using randmbam.exe, but was still unsuccessful after 10 attempts.

I get locked up in safe mode and have to turn off the computer and restart the whole process. This morning, I missed the safe mode tap and when starting up in normal, Spybot popped up and stated it had terminated a file called win32.zbot.

Thank you for any help you can give me. I'm stumped on this one. I've been working with it for two days now and can&#... Read more

A:Critical Error! Failed to save components ..... file \System32\0006784

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

20 more replies
Answer Match 43.68%

anyone's help is greatly appriciated

Logfile of HijackThis v1.99.1
Scan saved at 12:53:48 PM, on 12/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explore... Read more

A:startup, shutdown, critical sytems error message: hijackthis file

6 more replies
Answer Match 43.26%

Hi and Help!!!
I have just run Kapersky av and received the following report. I have 3 varietys at least of the trojan downloader. I see Qoologic.bj, win32 Scapur and java, plus several adwares.

I would appreciate any assistance in cleaning up my computer. Thanks so much

Here is the Kapersky report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 13, 2007 3:36:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/07/2007
Kaspersky Anti-Virus database records: 362060
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 141750
Number of viruses found: 24
Number of infected objects: 55
Number of suspicious objects: 0
Duration of the scan process: 02:15:36
 

A:Trojon downloader 3 varieties. Please advise!

here is my hijack this, run immediately after the above

Logfile of HijackThis v1.99.1
Scan saved at 3:58:07 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra... Read more

1 more replies
Answer Match 43.26%

computer constantly restart and finally i know vundofix is needed i been doingit constantly but still been getting bsod and could use any help at all.
Logfile of HijackThis v1.99.1
Scan saved at 7:20:54 AM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\rotatelogs.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\rotatelogs.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
C:\Program Files\Pure Net... Read more

More replies
Answer Match 43.26%

I have Norton Internet Security 2003 and it is reporting multiple attacks a day by a computer using the backdoor subseven trojan horse. Is this normal or is there a malicious program on my computer that is causing these attacks?
 

A:backdoor subseven trojon horse

Please post the scan log from HijackThis http://www.tomcoyote.org/hjt/

Im sure some1 will help you soon
 

2 more replies
Answer Match 43.26%

Running from: c:\documents and settings\Tammy\Desktop\combofix.exeAV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\Need2Findc:\program files\Need2Find\bar\History\searchc:\windows\smdat32a.sysc:\windows\smdat32m.sysc:\windows\system32\AdCachec:\windows\system32\AdCache\B_329_0_0_106800.htmc:\windows\system32\AdCache\B_329_0_0_107400.htmc:\windows\system32\AdCache\B_329_1_0_449200.gifc:\windows\system32\AdCache\B_329_1_0_449600.gifc:\windows\system32\AdCache\B_329_1_0_454300.gifc:\windows\system32\AdCache\B_329_2_0_106800.htmc:\windows\system32\AdCache\B_329_2_0_107400.htmc:\windows\system32\AdCache\B_329_3_0_106800.htmc:\windows\system32\AdCache\B_329_3_0_107400.htmc:\windows\system32\AdCache\B_329_4_0_111600.htmc:\windows\system32\AdCache\B_329_4_0_152400.htmc:\windows\system32\AdCache\B_329_4_0_155300.htmc:\windows\system32\AdCache\B_329_4_0_164100.htmc:\windows\system32&... Read more

A:trojon.Win32.Agent.azsy

I really need someones help. I run the website for the community baseball team, i really need my computer. SOMEONE please help... They depend on me to keep it going and updated.

It all started with opening an email - it that helps!
PLEASE Help

THANK YOU ahead of time if someone can help
Your hard work is greatly appreciated!!!!!!

3 more replies
Answer Match 43.26%

Hey guys,

My avast keps flagging most of my programs as trojons under the runonce process.
Have to disable avast to work anything. Tried updating and reinstalling, avast boot scan flags all executables.

Problem started from a cracked game exe from my external harddrive. I installed the game on 11 pc's with same avast versions perfectly but when i plugged the harddrive into my college pc its mcaffe av flagged the cracked game exe and reported threat removed. From then the exe never worked(eg. windows said i wasnt an executable program)

when i plugged the harddrive into my laptop avast immediatley removed the game exe and now avast is flagging everything.

does anybody have any insight on this?

i could remove avast all together and maybe start using another av program but i like avast :P

any help would be much appreciated thanks guys.

A:Avast removing All exe's, runonce trojon

Aru you using pirated version of avast ??

7 more replies
Answer Match 43.26%

A few weeks ago I suddenly recieved a massage saying I had a trojon something or other. I am not so computer savve that I could tell you what it was. my computer was suddenly taken over and i had no idea what to do. A screen popped up said to buy antispy storm. I did so . but now my computer is really slow and other things are happening. I always receive this message when I turn on my computer. RUNDLL error loading C:\PROGRA~\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL The specfied module can not be found .here is my log. PLEASE HELP!!!!!!!!!!!!!!!!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:56:32, on 6/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.ex... Read more

A:Malware Removal And Trojon Virus

Hello phoenix1974 and welcome to BC. AntiSpy Storm is actually malware in itself and puts more malware on a system. You can try and get a refund but I doubt they would give it up. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click... Read more

1 more replies
Answer Match 43.26%

I just want things to be right. IE 7 popups come even if the program isn't open and I use E-trust AntiVirus and I keep getting errors.

Please help

Logfile of HijackThis v1.99.1
Scan saved at 5:35:19 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PhnxCDSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6B... Read more

A:Help: Misc. Popups in IE7 and Trojon Error

6 more replies
Answer Match 43.26%

My son was surfing the net and we ended with all kinds of problems this morning. Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:18:39 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvi... Read more

A:Help: Trojon virus, system slow

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

3 more replies