Tech Problem Aggregator

# Vundo Trojon infected a critical file?

Q: Vundo Trojon infected a critical file?

The file is menoyiju.dll, found in the system 32 file. AVG says it is a trojan horse Vundo.hj. when i ask it to heal it seems to do nothing, but when I force remove, my computer blue screens after freaking out. It detects it on open, when I open any program, even HJT, and MalwareBytes

Obviously something is wrong. Malwarebytes continually finds the same two problems as well.

I have a recent HJT log, and will also post a MWB log, along with anything else you need.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:27 PM, on 9/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\powerstrip\pstrip.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\Desktop\Misc\ZoneTick\zonetick.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = google.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7f0652c5-07cd-47fd-9143-0d85ccd919c3} - rahewaro.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ZoneTick] C:\Documents and Settings\Owner\Desktop\Misc\ZoneTick\zonetick.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O21 - SSODL: nikasipoj - {ebb3eb03-5ab9-4d4d-988e-fb98ca226807} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9165 bytes

A: Vundo Trojon infected a critical file?

Malwarebytes' Anti-Malware 1.41
Database version: 2839
Windows 5.1.2600 Service Pack 2

9/22/2009 12:08:08 AM
mbam-log-2009-09-22 (00-08-08).txt

Scan type: Quick Scan
Objects scanned: 123862
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Thats odd, it didn't find anything this time ???

1 more replies

Hi My system is ifected with spyware ,windows xp,sp2Intially i was unable to search google and yahoo then i installed auperantispyware,then Mcafee after i restated after installing both ,the desktop items and task bar disappeared,then i installed the malware anti bytes ,then i gor desktop and icons back but i got an error dll is missing,when i restated again i didnt get error,but pops increasedi have installed superantispyware,Malware antibytes,hijackthisPlease find the logsSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/18/2008 at 07:37 PMApplication Version : 4.15.1000Core Rules Database Version : 3483Trace Rules Database Version: 1474Scan type : Complete ScanTotal Scan Time : 00:31:29Memory items scanned : 466Memory threats detected : 1Registry items scanned : 6572Registry threats detected : 6File items scanned : 19162File threats detected : 34Adware.Vundo Variant/ResidentC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLTrojan.Vundo-Variant/Small-GENHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32#ThreadingModelAdware.Tracking CookieC:\Documents and Settings\kiran\Cookies\k... Read more

In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck

10 more replies

Please can anyone help. whenever i run norton it finds and resolves trojon.metajuan and trojon.vundo but it does that everytime i start it. i dont no what to do to restore default settings or go back to the date it all started. its really annoying, the only programs im able to run is internet explorer and programs on my desktop. if i try to go to my documents, my computer, control panel etc it opens for a few seconds then closes and the desktop shortcuts and the tool bar disappear then reappear after a few seconds. this also happens when i open new pages on the internet though the window im working on doesnt disappear.

when i start up my computer a box pops up saying C:\Users\Joanne\AppData\Local\Temp\lxtoojmm.dll Missing entry:run

does anyone have any idea how to help? im no technical whiz so im afaid ill need step by step help

1 more replies

Norton keeps complaining it has blocked Vundo.
I do see 2 dlls in system32 that i can't delete that I know for sure belong to the trojan. I delete some .ddl and exe files manually which I knew fore sure were a problem.

VundoFix didnt find anything

---------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:29 PM, on 10/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe

A:Trojon.Vundo

I thought someone would help me asap....anyways..will wait a little more..

1 more replies

Hardrive Sounds Horrible/Apps not Responding/Monitor going Black to name a few of the things going on. I don't know if my harddrive is dying on my three year old desktop or this is all virus and malware related. I run TrendMicro Internet Security 2008 on my computer. I've run the latest versions of malwarebytes and hijack this. I haven't deleted anything because I'm concerned about deleting important files - especially in the Registry Keys. I'm pasting below the DDS.txt as well as the Malwarebytes log - again, I haven't deleted what Malwarebytes found yet.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Marc at 13:55:48.87 on Sat 02/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.336 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

15 more replies

A:Help! Trojan Vundo, Trojon Metajuan, W32 Tratsinf!, Virtumonde And Downloader Is Slowly Destroying My Computer.

Hello Michellebro and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

14 more replies

How I think I received the infectionI was searching for a site where I could watch a program I missed on TV.From what I know, I never clicked anything consisting of ''download'' or ''run'',I think I simply got it by surfing through potentially malicious websites. ________________________________________________________________________________________________The virusI first encountered the virus by having an AVG window pop up telling me that I've been infected (I rolled my mouse over the buttons of the popup to check that it was legit)The AVG-antivirus detection name of the virus is Trojan Horse Dropper.generic_c.MMIThe object name is C:\Windows\System32\services.exeAVG couldn't remove it because it's inside of a critical system file_________________________________________________________________________________________________How I have tried to deal with itI searched the virus on google and came across a forum post relating to this virus specifically. Someone had been infected by it and was asking for help. In the end of the forum post someone had been able to remove it through the use offileASSASSIN, a tool inside of Malwarebytes anti-malware. I downloaded Malwarebytes and did a normal scan with it to test my luck. Malwarebytes did find the viruses. Malwarebytes ''removed'' the viruses and told me to restart the computer, but everytime I've restarted it and started a new scan the viruses are st... Read more

A:Infected with Trojan, critical system file.

48 more replies

whilst downloading today, i noticed a pop up informing me that i have a Trojan-downlaoder.win32.Agent.bq and also a Trojan-spy.win32.HTML.bankfraud.dq
and i do not know what to do.
I am not sure how harmfull it is
this popo up comes on the screen periodicaly and is trying to get me to download and or buy a fake visus/spyware detecting software.
What should i do and can i get rid of it myself or should i inform a computer specialist?!
all help would be most grateful
thankyou

A:Trojon-Spy.Win32.Agent.bq ...my pc is infected

1 more replies

Am running XP, was infected with Vundo virus on Jan. 18th. Ran the patch from Symantec, but the .dll file

c:\WINDOWS\system32\mljgd.dll

will not go away. I've read other threads here with people having the same problem. On bootup, NAV says this file is infected, but when I scan it says there's no virus. Notice will not leave the desktop.

I have downloaded and ran Ewido and Cleanup per another thread by D_Trojanator, but that has not worked either. Here is my latest HJT log, thanks in advance for any tips.

Logfile of HijackThis v1.99.1
Scan saved at 12:21:52 AM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe

A:Vundo infected .dll file not deleting

7 more replies

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:09 AM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\oracle\product\10.1.0\Db_4\bin\ocssd.exe
D:\oracle\product\10.1.0\Db_4\bin\isqlplussvc.exe
D:\oracle\product\10.1.0\Db_4\jdk\bin\java.exe
d:\oracle\product\10.1.0\db_4\bin\ORACLE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\IDU\iptray.exe

Being helped here

http://forums.techguy.org/malware-removal-hijackthis-logs/603522-how-remove-trojan-vundo-virus.html

1 more replies

Hi, this is my first time and I am a novice at this, but I just can't ignore what my TrendMicro OfficeScan software told me it found a WinAntiSpyware2007 spyware and then I scanned my computer with SpyHunter v2.9 and it found a Trojan.vundo file in the registry. Can anyone help! Thanks so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:13 PM, on 8/16/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe

A:Solved: Help! Infected by WinAntiSpyware2007 and Trojan.vundo! HiJackThis file included.

Apparently my OfficeScan software actually was able to get rid of the spyware after I closed out my Internet explorer session but it just did not remove it from my computer regsitry, but I have been informed that it probably can't hurt anything. My computer has not started acting up on me or anything, so this is all that I can assume.

1 more replies

Quietman7 sent me here after he helped me remove all the adware and trojans from my computer.... I recieve a message box that states:Windows can not open this file:File: (name of file ) To open this file Windows needs to know what program created it. Windows can go online and look for it automatically, or you can manually select from a list of programs on your computer. What do you want to do?Use a web service to find an appropriate programSelect from a listThis box pops up after every program I click on except IE, AOL, Recycle Bin, & My Computer I think that my automatic updates have started again because earlier I saw the the Yellow diamond in my task bar. But its not there now. I had to fiddle around in my : My computer folder to find the appropriate file to open programs on my desk top ... The pics from the icons on my desktop are changed to that little white box with red and blue lil dialog box..Please help me!!!!!!!!!!Deckard's System Scanner v20071014.68Run by Owner on 2008-06-22 16:45:02Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --50: 2008-06-22 20:45:37 UTC - RP1784 - Deckard's System Scanner Restore Point49: 2008-06-22 18:09:37 UTC - RP1783 - System Checkpoint48: 2008-06-21 17:19:33 UTC - RP... Read more

A:Was Infected With Vundo And Boaxe.dll Now Windows Can Not File Programs To Open Files On My Desktop (dss Included)

In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes i... Read more

12 more replies

Hi all at BleepingCounter,I have recently got infected with several nasty virus / worms and trojans from my school computers. I have since went to reformat my notebook along with my external hard disk (HDD).But when I did a virus scan with AVG, I found several infections, whereby I immediately google the possible solution to getting rid of these pesky troubles.From the SUPER Anti Spyware thorough scan, I have been infected with the Adware. tracking cookie and Adware. Vundo Varient/Rel. I have tried to delete it several times, but it refused to be deleted with SAS.Then I found this website offering great solutions, so I immediately downloaded the Malwarebyte's Anti-Malware which showed that the vendors were Trojan Vundo, Trojan Agent and Malware trace from the quick scan.And I also saved the logfile of the Trend Micro scan..My operating system is Windows XP, it was downgraded from Windows Vista Business. And I currently have AVG 7.5, Avast! Home Edition 4.0, SAS AND Malwarbyte's Anti-Malware.I am really quite new and ignorant of these viruses and programs, but I am doing whatever I can on my part to save my notebook and I hope that you guys might be able to save my notebook too, it is at present only 3 days old before I received all these nasty viruses!So I copied and pasted the Hijack file file below... And then I also copied and pasted the log from after I clicked removed selected during the Malwarebyte's scan..Am I being paranoid or do I have more viruses?Logfile of... Read more

A:Infected With Trojan.vundo / Adware Vundo Varient/rel

10 more replies

Deckard's System Scanner v20071014.68Run by korisnik on 2008-05-28 00:31:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-05-27 22:32:05 UTC - RP1 - Kontrolna točka sustavaBacked up registry hives.Performed disk cleanup.-- HijackThis (run as korisnik.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 0:32:58, on 28.5.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\nvsv... Read more

A:Infected With Vundo,vundo B,vundo.dll.,virtumonde

2 more replies

Hallo there,as you can see from the topic i have three trojans in my pc which i can't remove. I folowed the "Preparation Guide For Use Before Posting A Hijackthis Log" and i'm posting the log file.Any help appreciated!!!!Dimitris********************************************************************************Logfile of HijackThis v1.99.1Scan saved at 2:19:19 PM, on 5/4/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\lkcitdl.exeC:\WINDOWS\System32\lkads.exeC:\WINDOWS\System32\lktsrv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Fil... Read more

A:Infected With Vundo Dlm 13, Vundo Gen, Crypt Xpack Gen

9 more replies

Hi!

My critical files (eg. Program File Folder, Window Folder etc..) have been infected by an Win32/Worm all of my folders has an .scr extension. I run a ESET NOD32 Anti-Virus but it will only quarantine these folders. How can I restore or repair without deleting it . My operating system is Windows XP..

A:Critical Files Infected

Hi killprey, and welcome to TSG.

You might be best to have this looked at by the security staff here. They are qualified and experienced with most forms of malware, and would be best equipped to assist you with this problem. Just click 'Report' at the bottom of this post, and ask to have the thread moved to the Malware Removal forums.

To assist in your problem, we need you to download HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe). Install the program (it will save to C:\Program Files\Trend Micro\HijackThis), run it, and select 'Scan'. Do not fix anything yet, just select 'Save log', and copy the contents of the log to your next post. A security expert will be along to check the log. Please be patient.

1 more replies

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

More replies

hallomine name is lizaura and I am 35 years hold. I live in Holland and I have 2 children. I have a 17 year old daughter and a 13 year old son.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:32:57 PM, on 12/17/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\SurfRight\Caretaker\Notifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Users\lizaura\Program Files\BitTorrent_DNA\dna.exeC:... Read more

A:Infected Critical System Error

2 more replies

Logfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-12-06 15:52:50Microsoft Windows XP Home Edition Service Pack 3System drive C: has 39 GB (54%) free of 72 GBTotal RAM: 990 MB (40% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:53:06 PM, on 12/6/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Lexmark 3400 Series\ezprint.exeC:\Program Fi... Read more

A:Infected with Vundo.H and other Vundo components

5 more replies

A:Infected with Vundo, Vundo.H and FakeAlerts

Hello and welcome.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyRerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install a... Read more

19 more replies

Hello,

I apologize if this topic has been covered.

I am infected with a "Critical hard drive error" virus.

When my computer loads, it brings up a string of 15 or so error windows. It also brings up a pop up window which is saying it is scanning my computer, and then subsequently finds a myriad of different "problems" and asks me to click to activate the full version.

Networking works, however within a couple of minutes of activity a blue screen pops up and I am rebooted.

I cannot see any of my icons in the start menu, and I have tried to do a system restore through the F8 button and through the desktop without success. When I try to use F8 and then Repair my computer, it brings me to a login screen where I am forced to log in as "other user".

When I load with safe mode, the error windows do not pop up, nor does the fake scan run, however all my icons are still missing from my Start Menu and many are missing from the "My computer" tab (which doesn't exist either, accessing indirectly through some start icons that are still there).

I attempted to run system restore through the windows help and support that pops up in Safe mode, but it tells me it is already running.

I am posting this from my laptop, though it appears I can network in Safe Mode without issue.

Any advice on how to proceed would be greatly appreciated. Thank you in advance for your help.

Chris

EDIT: System restore has popped up in safe mode. I am restori... Read more

A:Infected with "Critical hard drive" error

3 more replies

My internet stopped working tonight, so I restarted it. When it restart it went directly to Startup Repair, it wasn't able to automatically fix anything. I've tried restarting it and even removed the hardrive and it does the same thing. I can't get past the startup repair screen. It is more or less shutdown and restart, contact the administrator or your computer provider. The "root cause" seems to be the following:

Boot critical file C:\Windows\System32\Drivers\uolbyzn.sys is corrupt

Any thoughts would be greatly appreciated. I am running on Vista Home Basic

A:Need Help:Boot Critical File C

Hello,

This is very strange. Normally from this position we would insert the Windows CD, boot to the Recovery Console and we would send you a list of commands to copy back the file from your Vista DVD. However, I do not have this file on my working Vista Home Premium, and searching Google comes up with not a single hit. It is a bit strange for a virus, but I suppose it could be. It is not any normal System file, or any normal file of any program. It is not even showing up in manual virus removal websites. Also, have you tried Safe Mode and Last Known Good Configuration?

Richard

10 more replies

It seem I have the same problem as GW7777 C;\CI.dll Corrupt if any one could help I would really appreciate it. I have a Asus 64 bit laptop. When I tried Sfc/ scannow it kept telling me one is pending. I tried the dvds that came with the laptop but they wont even open up please help

A:Boot Critical File

Will anyone help me here?

9 more replies

I have a system that I am tring to load Windows XP Pro on. Now I am running Windows 2000 Professional. I have the full blown XP Pro disk, but I am just trying to ungrade so I don't lose my data. I keep getting an error message.

Setup was unable to create, locate, or modify a critical file (C:\boot.ini) needed to start Windows XP. The parametrer is incorrect.

More replies

Have "Critical System Errors! pop up message in my Task Bar system tray(next to clock) according to forum this is "VirusBurst Fake alert". I tried the Automated Removal Instructions to remove, but did not work. I have also completed "Preparation Guide for use before posting a HijackThis Log" and HijackThis log follows. Thank You Logfile of HijackThis v1.99.1Scan saved at 8:04:25 PM, on 10/31/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Sony\Giga Pocket\shwserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeac... Read more

A:Infected W/ -critical System Errors!- Pop Up In Task Bar Next To Clock

10 more replies

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new ... Read more

More replies

A:Virusbursters? Infected With Fake "critical System Errors"

Hello PTGuy,Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

12 more replies

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new W... Read more

More replies

Thanks in advance!I downloaded a video codec (or so I thought) and since have been dealing with this. I'm comfortable with regedit, and would appreciate any guidance in getting rid of this thing!Here's my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:35:59 PM, on 12/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\... Read more

A:Critical Systems Error! Your Computer Was Infected By Trojan.

6 more replies

Attn: BleepingCom Tech:Appreciate ANY help you guys can provide in ridding my computer of this program, don't know what to call it, but a scam to fleece individuals out of $19.95, by trespassing on my privacy. Please provide ANY information about how I may track-down these criminals, so as, my son and his law firm can bring them to justice via a class-action suit, even by those who PAID their ransoms and purchased this scam program titled: Windows Critical Scanner! Be advised I still have the e-mail with the hot-link I clicked-on and can provide "IF" it may help locate these bast**ds!Also, please accept my apologies for including the hot-link in my initial contact, thinking it might help to solve the problem? Obviously, it was the wrong thing to do, but have NO previous experience with these issues.Sincerely,Curt ButlerXXXXXXXXXXXXXXXXXBELOW THE REQUESTED .TXT (ITEMS 6-9) FROM THE PREPARATION GUIDE; ANY ADDITL. HELP REQUIRED, PLEASE ASK! A:Infected by program titled: Windows Critical Scanner appears the ark.txt file didn't attach to my previous e-mail? Will attach to this reply (below). Also, be advised the GMER file which you advised may take some time to complete, be advised it took hours to complete? And noticed nothing was added to the ark.txt list after the first minute (or, two)?? Also, noticed the program ran through many .temp files and believe even programs that have long since been deleted from my HDD?? Is this normal?? And, would like to remove ALL .temp files from my computer, any directions please provide, or where I might locate online??Thanks,Curt ButlerXXXXXXXXXXXXXXXXXXXX-END-[Moderator edit: E-mail address removed to prevent spambot harvesting. jgw] 15 more replies Answer Match 45.78% Quick background: I've been an IT admin for a major university for the past 12 years managing 300+ Windows and Mac user machines. So, this likely isn't your average network connectivity/name resolution/permissions/firewall issue. I have an important user's Windows 7 Enterprise (32 bit) machine that cannot connect to any windows file shares (Known good ones on multiple servers). At this point I would have normally just wiped the Windows install out and reinstalled but the user apparently has had this issue for many months (Possibly since May) and hadn't noticed. This resulted in his home directory being stuck in an offline state and all of his modifications are "stuck" on this laptop. To further complicate things, before I knew the extent of the problem, I removed it from our domain and whatever issue is plaguing this windows install also is preventing me from being able to re-add it to the domain. Therefore I cannot login as the user with the cached offline files at the moment. Here's what works: -DNS name resolution -NetBIOS/WINS name resolution -Pinging the machines with the shared volumes -Web access Here's what doesn't work: -Accessing any file shares. After about 30 seconds the error says "Windows cannot access \\servername\share" -Accessing local file shares (i.e. \\127.0.0.1\c$ ...\temp, etc.). I get the same error here.
-The network troubleshooter doesn't find any problems.

The above behavior is the same whether conne... Read more

A:Critical file sharing issue

Well, couldn't get the file share access thing worked out but I did some experimenting on another Win7 machine and figured out how to get another user's offline files back (Assuming you have admin rights).

Here's what I did:
-Disable offline files
-Navigate to c:\windows\csc
-Take ownership of the directory and all sub directories
-Assign your account full control permissions
-Copy the files you want out of there

This sounds relatively simple but I was very paranoid about messing up the files in the process. Windows XP used to keep offline files in some sort of convaluted/compressed format that was not really usable on its own. Apparently they changed this is Win 7 and that's a good thing.

1 more replies

In a stupid moment I ran an exe which probaly contained malware... I saw MSE popping-up a warning that it detected 2 virus infections but before I had the chance to click "Remove it" the PC rebooted. It got into an endless loop of failing to repair startup issues. Within the log file, there was a bit of helpful information, ?Boot Critical File d:\ci.dll Corrupted?. Searching Google I found it is probably a rootkit or something like that.

From the recovery console i tried following things:
I tried restoring to the previous system restore point.
I tried restoring the ci.dll with sfc /scanfile=d:\ci.dll but that fails with the message: "There is a system repair pending which requires reboot to complete..."
Then I tried restoring the master boot record using bootsect /nt60 d: but that failes with the message "... The update may be unreliable since volume could not be locked during the update: Access is denied".
I also tried running FRST64.Exe but that crashes during the scan: "Line 3294 (File F:/FRST64.exe) Error: Error in expression"

Anybody who can help resolve this or is the only way out a clean install and does that guarantee that the rootkit is removed?

A:Boot Critical File c:\\ci.dll Corrupted

Well, the problem is resolved. I stumbled right after writing this message on the following article:http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspxSo the fix was as easy as running bootrec.exe /fixmbr

1 more replies

Hi my inspiron 1525 dell laptop keeps on shutting down . When restart repairs scans it comes up with the following errors

Root cause
Bugcheck C000021A
Boot Critical file is corrupt
Repair action :file repair
Result Failed error code=0x2

My Norton security is now not working due to the error

Can anyone help me

cheers cait

A:my boot critical file is corrupt

hi i did a restart scan and everything is ok now ... thank god

2 more replies

Hi,
I've got a Toshiba Satellite under Vista with blue screen problems.
It doesn't work under normal mode, Error = STOP : 0x0000007F
only works under safe mode.

I've tried quite a few things but they didn't work. Ultimately, it seems that :
the critical startup file C:\windows\system32\drivers\axeth.sys is damaged.

what can I do?

----
see attached file also

I couldn't run the system health report. Apparently RACAgent is "disabled" (I'm trying to translate from French) and so non data and no reports possible.

For the rest:
Vista . . .
- x86 (32-bit)
- the original installed OS on the system : yes
- an OEM
- OEM = came pre-installed on system

- What is the age of system (hardware)? 3 yrs
- What is the age of OS installation (have you re-installed the OS?) same age / no

A:critical setup file damaged

Follow instructions and you will be helped.
Blue Screen of Death (BSOD) Posting Instructions

9 more replies

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I suspect I have the exact same problem as referenced by Jan Soall and solved by m0le and farbar (http://www.bleepingcomputer.com/forums/topic396014.html). My computer is also a Toshiba and does not come with a disk to re-install Windows. I've picked up right where farbar started assisting on the thread and have downloaded and run frst64.exe. The resulting log is below.

Thank you SO MUCH for helping me with this.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1
Ran by SYSTEM at 2011-06-27 09:22:06
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: []
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-05-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 201... Read more

A:Boot critical file c:\ci.dll is corrupt

Hi Adam Liebman,Welcome to this forum and apologies for the delay.Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Also restart and let the computer boot normally and tell me how it went.

6 more replies

i!

I have tried to solve this problem by myself but I dont get anywhere, so I need experts help. Recently my computer have blue screened a couple of
times: Usually when I run Pro Tools (music program) for some reason and used Internet at the same time. And yesterday it
went blue for the last time. Now when I try to restart the computer says it will try to fix the problems but it cant. My
computer only starts normally when use the last option (dont remember what it is called) in the boot option menu. So ive
downloaded the farbar recovery tool and it ran perfect. I will post the file here.
And also i should add, I?ve tried to run ESET online and it found a kryptik.PMR trojan!
So here is the post from farbar tool:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1
Ran by SYSTEM at 2011-06-27 08:48:55
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-24] (ECAREME)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-11] (AlcorMicro Co., Ltd.)

A:boot critical file c:ci.dll is corrupt

Hi,Welcome and I will be assisting you with this issue.Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
Folder: C:\Users\All Users\oB28601HbLnM28601
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Also restart and let the computer boot normally and tell me how it went.

2 more replies

A computer of a family member of mine has recently started showing the following message :
_____________________________________

Boot critical file is corrupt.
Repair action. File Repair

Result failed. Error code = 0x2
_____________________________________

I can still use windows fine, however this is a big nuisance, and i can think of no explanation of why this is happening. I have installed no new apps or hardware of any sort in the recent months either.

It is running Windows Vista Premium [ No service pack ]

I was wondering if anyone has had this problem, or if anyone knows how to fix this problem ?

Oliver

[ apologies if this thread is in the wrong area ]

A:Boot critical file is corrupt

Try startup repair and SFC. And install SP1.

Startup Repair
System Files - SFC Command
http://www.vistax64.com/software-too...heck-tool.html

1 more replies

Hi,
So today my laptop restarted after installing windows updates.Now it gives this BLUE SCREEN OF DEATH. I cant even log in using SAFE MODE because it gives an error.Any help would be appreciated.

More replies

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I suspect that I am infected and would appreciate your help and guidance on this.

Thank you.

Jan Soall

A:Boot critical file c:\ci.dll is corrupt

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

34 more replies

i need help to remove softwrap file error 1 from my pc,

A:critical softwrap file error 1

Ok ... Have you tried uninstalling Softwrap? If so, what happens?

1 more replies

Sup guys, every time i turn on my PC or restart it jumps to Windows is loading file and then starts doing start up repair and later on it would show me error log:

Root cause found:
Boot critical file C:\\ci.dll is corrupt

And then it would say:

Repair action:
Repair the file

What should i do?

A:Boot Critical File c:\\ci.dll Corrupted - HELP!

Another one?

There have been a few of these lately.

CI checks for unsigned drivers and checks that various system files haven’t been mucked about with by any nasties.

Suggest you try running sfc SFC /SCANNOW : Run in Command Prompt at Boot

Try a malware scan from a bootable a/v Avira AntiVir Rescue System - Download

If necessary replace ci.dll from another source e.g installation dvd.

9 more replies

The problems started yesterday when my computer went to blue screen and automatically shut down and restarted. This happened twice, then I did an AVG scan in Safe Mode. It placed several infections and a few malwares into the virus vault. However, it "did not test" dozens of files because they were "locked". There were Boot directeries that were listed among the locked files.

I restarted in Normal Mode, and got a message that Windows found a malicious file and "partially removed" it. When I clicked on the message to find details about the file, this webpage popped up: Encyclopedia entry: TrojanOS/Alureon.A - Learn more about malware - Microsoft Malware Protection Center
So the infection was TrojanOS/Alureon.A (edited to add: the smiley face appears where : D [without the space] is in the trojan filename)

About an hour later, the computer crashed and restarted again, then again a few minutes later. I did another scan and no malicious files were found.

When I turned the computer on 20 minutes ago, I got a screen telling me that the computer was unable to start, and Windows was searching for solutions. It apparently worked because I'm using the computer now. However, when I clicked to see the details of what happened, I saw this: "Boot critical file c:\windows\system32\kdcom.dll is corrupt".

So I don't know if it fixed the file or if it's still corrupt. I'm concerned my computer will have trouble rebooting. Thanks for any help in... Read more

A:Boot critical file is corrupt

Yes, use bootable Defender. I would later replace AVG crapware with Microsoft Security Essentials.

Work through Troubleshooting Windows 7 Failure to Boot.

If the infection doesn't clean up then post it up in our Security forum for expert help with specialized scans.

9 more replies

Hi,

PC spec - Windows 7 Pro (32-bit) Intel Core 2 Duo, 4GB Ram, 2x 250GB HDD

I think I have succesfully removed a Root Kit virus using Kaspersky TDSS Killler but would just like to make sure no other malware etc remains. I'll explain from the beginning.

1. PC was running fine then Windows start-up repair appeared. In the diagnostic & repair details it spotted an error - Boot Critical File E:\CI.dll is corrupt

2. could not repair, restarted, PC would'nt boot up

2. I searched online and found a thread recommending to use Kaspersky TDSS Killer.

3. the thread advised to boot-up with signature verification disabled (F10) - This worked but before I could use the TDSSKiller, the PC crashed. There was also several Trojans and worms being detected, eg: W32/Blaster.worm by what looked like windows defender, but not sure - having searched google about these, it may be a fake Anti Virus software running. I read W32/Blaster.worm does not affect windows 7? and nothing is being found on scans.

The signature verification option did'nt work after that PC crashed

4 Instead I created a windows recovery CD using a different PC - this allowed me to start the PC into Command Prompt MS DOS.

5 I ran the TDSS Killer Software directly from the a CD - after scan finished it said something about MBR, and use standard boot option, (sorry can't remember exact line) I clicked on yes to use standard.

6 PC restarted again as normal and everything seems to be running fine.

More replies

On Monday, I came home and husband had done a System RECOVERY - he got brave.
It has been doing Windows Update all week.
I began receiving a pop up intermediately that says:

Windows Security has found critical process activity on your system and then states it will scan with buttons to start the scan.

I could not X out so I immediately did Task Manager to stop the process every time it pops up.

I ran Malware Bytes full scan a few minutes ago and it found no malware.

I am not sure if I am infected.

Win7  64bit
Internet Explorer 9
Microsoft Security Essentials

Thank you.

A:I may be infected with Windows Security has found critical process activity

Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

23 more replies

I was surfing the net with Firefox just after an update. When suddenly my laptop restarted and started a Startup Repair. I let it run but it still repeated so i tried to do a system restore, but that didn't work either, I even tried to run sfc /scannow which told me to restart my computer. Right now, I'm using my friend's computer looking for solutions when i came upon another thread on this site with the same issue. And feel that I might have the same problem.I read through the thread and followed it up to the getting a scan with the Farbar Recovery Scan Tool x64, but stopped their.Here's what I received:-----------Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1Ran by SYSTEM at 2011-06-25 00:09:17Running from G:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001========================== Registry ==========================HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [IgfxTray] C:\Windows�... Read more

A:Error: Boot Critical File c:\ci.dll is corrupt

Hi,Welcome to this forum.Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsOpen notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
2011-06-23 09:34 - 2011-06-23 09:34 - 0000000 ____D C:\Users\Steven\Desktop\ESO_v375
2011-06-22 21:49 - 2011-06-22 23:07 - 2726873889 ____A C:\Users\Steven\Desktop\ESO_v375.rar
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on ... Read more

11 more replies

Hiya,

The missus has a mini notebook (ee) that has Windows 7 starter on it. Whilst using it last night, there were some updates from Microsoft available, and I set the updates in motion.

One of them was to install Explorer 9, and I declined that, as this is the wifes computer and she uses it for work, didn't want to stuff anything up.

Delayed doing the restart for a while as i was still doing some minoer work on a Word doc.

When it went to restart, it went into a screen trying to auto fix and issue. After much time and multiple attempts, it could not do it, and any restart went into the same mode.

In the end, it could not fix the issue.

From the error report, the following message comes up ;

Boot critical file
c:\windows\system\system32\ntkrnlpa.exe is corrupt
Error code 0xa

As this is a mini notebook, it doesn't have any floppy disc etc, and I can't even get it to start in safe mode to try and fix.

Help !!!

Thanks

Michael

A:Boot critical file corrupt - Win 7 starter

Quote:

Originally Posted by bacchy

Boot critical file
c:\windows\system\system32\ntkrnlpa.exe is corrupt
Error code 0xa

That is the Windows NT Kernel.

Try and boot using the HDD recovery partition - try system repair from there.

While the timing with the Windows Updates may make hardware failure seem unlikely - it is a possibility.

0xa = driver referenced invalid or bad memory. It could be either software or hardware (specifically RAM) related.

Regards. . .

jcgriff2

`

1 more replies

On restart, the computer stated that Windows 7 could not load and started to do a startup repair, which did not succeed.

I opened Startup Repair and Diagnostics and the report log stated:

Boot critical file c:\ci.dll is corrupt.

I have tried system restore at several points and run sfc /scannow, which told me to reboot my computer, but I kept going round in a loop from there.

I would appreciate some help and guidance on this. Thank you.

A:[SOLVED] Boot critical file c:/ci.dll is corrupt

This error has been known to be caused by Windows Updates. Every reference I've read on that issue required a re-install of Windows 7 since nothing else worked.

Provided you've taken the sensible precaution of backing up your files before that happened, re-installing will not involve losing anything. Better still, if you've created a "System Image" which Windows 7 allows you to do (& which everyone should do as soon as possible after installation), restoring Windows will be even easier.

14 more replies

Received a rather alarming error message when I tried to boot up my laptop earlier, after the first restart post-antimalware doctor removal.

Error message reads as follows: "Boot critical file c:\windows\system32\drivers\grpwcyi.sys is corrupt"

I have no Vista install disk, as it came pre-installed on my HP hard drive. Am I completely screwed, or is there some way to fix this that I haven't thought of yet? Any help whatsoever is appreciated.

A:Boot Critical File for Vista 32x is Corrupt!

grpwcyi.sys is not a legit file, so you're still infected.With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

1 more replies

I did a virus scan with Norman software on my hp Pavilion zd8000.
It came up with 2 viruses in the temporary internet files
sysnetsvc32_XP[1].cab : sysnetsvc32.dll Trojon.W2/Dialer.YW
egaccess4_1063_XP[1].cab : egaccess_1063.dll Trojon.We/Dialer.ABOR

I tried Deleting the temp Files & Cookies but it still comes up.

A:Help with Trojon

Hi and welcome to TSG,

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

3 more replies
Q: Trojon

Please Advise how to remove the trojon frommy Pc. I am using Avira antivirus

Avira AntiVir Personal
Report file date: Wednesday, October 01, 2008 08:19

Scanning for 1651830 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Computer name: RAMON

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 08:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 07:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 07:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 07:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 09:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 08:29:44
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 9/26/2008 07:52:38
ANTIVIR3.VDF : 7.0.6.231 92672 Bytes 9/30/2008 05:17:25
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 08:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 9/19/2008 09:36:03
AESCN.DLL : 8.1.0.23 119156 Bytes 7/29/2008 08:30:24
AERDL.DLL : 8.1.1.2 438644 Bytes 9/19/2008 09:35:58
AEPACK.DLL : 8.1.2.3 364918 Bytes 9/26/2008 07:46:09
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 9/19/2008 09:35:46
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 9/19/2008 09:35:42
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/29/2008 08:30:13
AEGEN.DLL : 8.1.0.36 315764 Bytes 8/23/2008 09:33:38
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/1/2008 08... Read more

More replies
Q: trojon

how do i get rid of rustok-n

A:trojon

Hi rabbit13, Welcome to the Bleeping Computer help forum.Go over "Here" and post your question, along with whatever information that you have that makes you think that you're infected.Good LuckWendy

2 more replies

A:Have Trojon need help

Hello,

Why do you think your computer is infected with a Trojan?

Is your computer experiencing any issues or symptoms of malware? Eg. Slow performance, browser/Internet issues, etc.

13 more replies

I have a previous post to which no one has responded, it has my hijack this log there. I have spent 3 days running various spyware and virus scanners and they dont pick up on the problem. I have annoying popups, critical error messages and a yellow exclamation mark that tells me that my computer is infected with the latest trojans and malware. I am a student I am taking online corses and I have a paper that is due..my computer wont even stay on long enough to finish it!! I just need some help getting my computer back in order! Please please please Help!

More replies

Evening all,

I have a client that has somehow been infected with a botnet and it has completely blocked up their exchange (2003). It is currently sat with 10000 queues, they are now on pretty much every blacklist and we cannot get them removed until we fix this spam issue. The company only trades via email so it is very important I get this fixed ASAP but I'm at the end of my tether and need some assistance. Here's what I have done so far.
Scanned all client machines and shut them off to elimate any of them having the bot. Results were clear and the queue continues to grow while there are no machies turned on
Installed and scanned using Microsoft Malicious Software Removal Tool - no results found
Ran DDS - Incompatible with Server 2003
Hijack This log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:40:20, on 28/07/2014
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe

A:Urgent & Business Critical - Server 2003 infected with undetectable botnet

Nevermind folks - it turned out to be from something spoofing a company address. Thousands of spam emails were sent out from a spoof address and they all bounced back to an address that didn't exist on our servers, our Exchange server then sent an NDR out again to those addresses and we were stuck in a loop. All sorted now though.

3 more replies

Hello, i am infected with a virus and it has taken control of my browser and computer. I have popups all over the place from virus remover 2008 and windows security center and antispyware pro xp. they have hijacked my browser and i cannot go anywhere without getting redirected.

I have attatched the appropriate requested logs:

thanx

A:[SOLVED] critical system warning, virus remover 2008 infected

Hi and welcome to the TSF Security Forum

My name is Iain and I will be helping you clean your system.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Malwarebytes' Anti-Malware

Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.

7 more replies

Original word file named curriculum plan key stage 1 was 13pp. This was open.Another file called observation was also open. Tried to save observation on memory stick
question came up ' like to save.' in field up came other file name curriculum. this was accepted in error, warning of existing file open came up. Would you like to replace This was answered affirmative!
So currculum was overwritten by the other file that had been renamed,
How do we get back original file of 13pp? that used to be called curriculum plan key stage 1? help hope this is understood.

A:word file name replaced which overwrote a critical document

do you still have currculum open just save again from this file

3 more replies

I am getting the blue screen after start up. I reach the desk top but if I try to click on anything I get the blue screen. It flashed fast but I think it says something about missing a critical file. I can get to safe mode and safe mode with internet. I tried startup repair no luck. Chk dsk hangs in stage 4.

A:blue screen after startup, missing critical file

Correction. I CANNOT get to safe mode or safe mode with internet.

5 more replies

Hi,

I'm an intern with an NGO organization where one of the desktop computers started having problems about a week ago. The computer is a Dell running Windows 7. Every morning, the first person to turn it on sees a whole bunch of updates being installed. The boot screen is irregular, it doesn't include the F2 or F12 options for changing the setup, and it never goes to the log screen. Instead, it goes to a "Startup Repair" window, runs a "scan" that can't be canceled, and then reports that Windows was unable to fix the problem and offers an option to restart. If I click to see the full diagnostic, everything checks out except the last item, which says that "critical boot file ci.dll is corrupt." If I go to "Advanced Diagnostic Tools," it doesn't allow to me do a system restore or much of anything else besides open the command prompt, and I can do only limited diagnostic tasks from there. If I restart, though, it restarts and functions perfectly normally. I installed Avast on there when I started working with it and the full virus scan finds no problems. The computer functions normally for the rest of the day; however, when I go to shut it down after 5 oclock, it says that it's installing 67 updates, every single day.

I can't figure out whether this is some bizarre virus that just makes it take a little longer to use the computer every morning, or a much more malicious virus whose effects simply haven't mani... Read more

A:Once-a-day startup problems, saying "boot critical file c:\ci.dll is corrupt"

For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program bef... Read more

2 more replies

About a year ago I installed a cyber sitter called "iProtectyou" on my son's computer. I decided to uninstall it for him recently because it didn't work, and it only seemed to give him a hassle when he tried to use the internet or play games. When I tried to reinstall it, it would not take the password I used (I could of forgotten it, but I had it written down).

After hours of trying to uninstall it, I went to the internet and Googled how to get rid of cyber sitter's with a forgotten password. Luckily there were several people with the same problem. I downloaded the applications they gave out on the site, and eventually got rid of it. They also had me go to the "Registry Editor" (run: regedit) and screw around in there. The program still shows up in "Programs and Features" but theirs no publisher now, and I still cannot install it. Except now, instead of asking for a password, it just says that their was an error with database.

Now when ever we open up anything, we are swarmed with windows telling us "Crictical Error Occured While Opening Database."

Any help would be great.

A:Critical Error Occurred While Opening the Database File

Have you tried this: http://www.securitystronghold.com/gates/iprotectyou.html?

6 more replies

i ran spybot and it pick something up called smithfraudc.coreserivce that it can't get rid of
also avg didn't pick it up either

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:45 AM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

A:Got a problen with a trojon

Hi, Welcome to TSG!!

Double click combofix.exe and follow the prompts.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

3 more replies

Had trojan virus in the computer. Now everytime in go to a site. It runs a sprip that slows down the computer.
Antivirus found 8 infected files.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:00 PM, on 7/6/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yontoo\Y2Desktop.Updater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\CallWaiting.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\tinySpell\tinyspell.exe

More replies

Hello Team ,

I Have Windows SP! Installed on My System .

Few Days back I got a Message that an antivirus Has Been Detected .
So When I Scanned the System I Found Two Trojon Horse Files .
I Deleted Them , Unfortunately I did not make a Note of the File names.

However Now I am unable to Open Regedit, gpedit , msconfig and Task manager .

Yesterday I Was even Not able to Send a Mail .

So I am New To this Forum , Please Help Me Before My System Goes DOwn Completely .

A:Help With Trojon Virus

You shall have a proper set of logs for us after that. Someone will be along shortly

19 more replies

I have posted the logs from each guide on the site. Also have a DDS one too. I don't know whats going on. there are 2 users when im in Safe mode. Myself and Administrator. I even tried to do a full system restore to orginal settings losing everything i had and just to find out it didn't fix it =( please help thank you -Mike-I been trying to upload the ark.txt but it says this Select a file Attachment space used 40.58k of 512kMerged posts. ~ OB

3 more replies

hey all,my system seems to hve been infected with the trojob winlogon.exe. I tried using my mcafee anitivirus, it detects it but is unable to terminate it. Below is the hijackthis log. It would be great if you guys could help me outLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:22:44 PM, on 6/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:... Read more

A:trojon winlogon.exe

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

2 more replies

Well hi everyone I'm new here and need a little help and have some advice for some of you . the advice is , DYNEX CD - R I was trying to burn a cd and opened a new 50 pack of these CD's Put 1 in the burner and all of the sudden it started making this weird noise and would not stop, took it out and tried another same thing after about 5 tries figured the burner went bye bye , took the Sony Vaio to best buy ( Warranty work ) put in 1 of their disc and it was the same brand I was using and then nothing not a peep so they did the diagnostic check ( found I have this Trojan called PHISHER_BZUB so I bring the sony home stick a new disc in the burner and we have the noise and it wont work . so I try a sony disc and a magnovox disc no noise it was a bad batch of CD's so if you have trouble like this try using a different disc from a different bunch ok .

Now I still have the trojan anyone know how to get rid of it ???????

More replies

I keep on getting a balloon saying
Type: Spyware/Trojan
Vulnerable: Windows
Description: Spyware program that sends confidential information to a remote attacker

I have run Ad Aware and Spybot Search and Destroy but still keeps coming up.

A:can't remove trojon

11 more replies

I have norton 2005 on my xp pro.the virus dector says I have a trojon horse in C windows\winsocks5exe,but can't fix it.I can't use my computer because this notice keeps poping up and freezes my browser. I had to delete norton in to order get on the web to send this.

Any one know how to get rid of this horse???

A:trojon horse

since you deleted norton, try using a better anti-virus to get rid of the trojan. click on AVG on my sig and download the program. install it on your computer and then update AVG. afterwards, run AVG and see if the program gets rid of the virus.

good luck and post back if you have more trouble.

2 more replies

unable to update windows will not allow download o spywhee to remove it my spy antivirus will not ind it

A:trojon rustok-n

HI rabbit13,

When you do what I told you to do in your other topic just include this information in it too. And don't post more than ONE topic for the same problem.

Wendy

2 more replies

how can i remove threats found ,when  i scan my computer with 360 total security antivirus,if i will resolve all the threats . will any data will loose.

More replies

Hello there

My computer has mcafee installed and it keeps coming up with trojan detected. It says it's called zeroaccess.hi and is quarantined from C:\windows\assembly\GAC_64|desktop.ini

It says it cannot remove it while it is in use and that i should restart my computer so mcafee can fix it.

I press restart now and it restarts but just logs in as usual and the same trojan detected message pops up after a minute or 2

I'm assuming it wants to launch a scan during startup but the virus is stopping it somehow.

Ive scanned in safe mode but mcafee still doesnt fix it

is there a fix tool for this or a better program to use? I've tried a few things but nothing seems to work.

It's a DELL XPS8500 desktop
Windows 7 home premium, SP1 64bit
If you want a hijack this log I will post one.
Any help would be greatly appreciated

Cheers

Pete

A:Trojon: Zeroaccess.hi

14 more replies

Hi, Ive got a Trojan horse Dropper.Generic_c.MMI in a system critical/white listed file according to AVG, and it can't to anything about it. Can I please get some help in removing it

I was also wondering whether it was advisable to use a USB flash drive to back up any data and whether its advisable to use sites with logins?

I hae also attatched the file

Thanks very much
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:08, on 15/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Users\mohammed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14... Read more

16 more replies

Please help me with this issue. My son was running with an antivirus program not up to date.His lap top started to have problems at first he had the blue screen come up saying it was dumping virtual memory.

I tried to install webroot and update his anti-virus but no luck. next i went to safe mode with no results. Now when we start computer the start up repair comes on and runs we get the following message:

boot critical file c:/windows/system32/drivers/sshrmd.sys

My son has all his pictures on this computer {i know silly not to back up}

Could anyone tell me how to fix this problem?

More replies

Laptop - Dell Inspiron 1525
Windows Vista

Been getting this message on failed start up repair since yesterday. System restore runs and says its completed successfully but then it just boots up doing the system repair again. I can't even get into the computer via safe mode (to see if there are any files on there that I really need)

Is there anyway to get into the computer to get my files that I might need off or fix this problem?

Someone told me that I'd need the Windows DVD version of my version of Windows to fix this and a repair install doing? I have no idea what that means and the only DVD I have is a recovery one I made via the laptop a month or so ago, which someone told me if I use could wipe all my data and I really don't want that to happen.

A:boot critical file c\windows\system32\drivers\ksedd.sys

Try performing a repair installation.  This will require the installation disc, if you do not have one you can download a ISO image and burn it to a disc to create one in the instruction as Window Vista Forums.

1 more replies

Windows 7 x64 Professional

Hardware less than 2 months.

OS re installed after MS updates failures.

perfmon named failure.

A:BSODs Memory Management, Edit of a critical system file, etc

Hi.
In this order,

Run SFC /SCANNOW Command - System File Checker
You may need to run it 2-3 times to "fix" everything.

Run RAM - Test with Memtest86+
Let it run until at least 9 passes are completed, or errors are found (whichever comes first). The longer you run it, the better.

Finish with the above steps and post back with results\news.

5 more replies

Hi there, can anyone please help me?I am totally new to computers, have vista home basic. When I start my computer in the morning it comes up saying boot critical file corrupt. I go throught the motions of searching for a solution and it says the following:

Bugcheck c000021a
Parameters = 0x8c40140, 0x0
0xc0000001, 0x1004c8.
Boot critical file corrupt.

Repair action: File repair
Result: Failed, error code - 0x34
Timetaken = 3588 ms

Repair action: Sysyem restore
Result: Failed, error code = 0xe
Time taken = 44944 ms

Repair action: Systems File integrity check and repair
Result: Failed: Error code = 0xe
Time taken = 14102 ms

I am told to shut computer down, and when I restart everything is fine. Does anyone know what this is and how to fix it?
Any help very much appreciated1!!

A:Trouble starting computer (Boot critical file corrupt).

boot from the vista dvd
on the bottom left of the install screen
click on the repair option
run
chkdsk /r

1 more replies

Every time the computer is turned on or restarted it runs Starup Repair. When i look at the diagnosis it says 'boot critical file c:\ci.dll is corrupt'. I have already tried to restore the computer but i don't have the discs where i have backed up the computer. I have also run a virus scan with Avira and it did pick up 4 viruses and i removed them but the error still occurs. If someone could help me and give me guidance it'll be much appreciated.

A:Startup Repair error : Boot critical file c:\ci.dll is corrupted

After the PC tries the start up repair, select advanced options. From there you should be able to access CMD.

Once you get CMD open run this command. sfc /scannow -This will scan the integrity of all protected system files and repairs the system files if needed.

2 more replies

Hello, im in desperate need of help here! So far everything ive tried has not worked. Upon browsing today i stumbled across a website that was deemed a possible "Attack site" by Firefox, shortly after i closed the page the following error message popped up repeatedly;Windows - delayed write failedFailed to save all the components for the file \\system32\000024b5. The file is corrupted or unreadable. This error may be caused by a PC hardware problem. This message pops up literally about 30-40 times every time i restart or attempt to close them, each error has different numbers/letters following \\system32\On top of this my desktop background has gone black, system check keeps popping up and cannot be closed only paused and most importantly almost everything within my username ie music/files/folders/desktop icons has disappeared!! which is a huge problem because a lot of it isnt backed up and theres work related things i cant afford to lose on there! My hard drive is telling me the same amount of space is being used as before so im hoping they havent ACTUALLY been deleted but when i try to view the main user folder it just says its empty?!...also programs/control panel/shortcuts to my documents have disappeared from the start menu.Two random messages saying "hardrive clusters are partially damaged. Segment load failure" and "RAM memory reliability is extremely low..." occasionally pop up from the ta... Read more

A:Critical error! Failed to save all the components for the file \\system32\....

13 more replies

The Malwarebytes' Anti-Malware is finding a trojon. The anti-virus isn't finding anything yet.
The name of the last one is Tojan.Banker

My log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:37 PM, on 5/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\PC\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe

More replies

Logfile of HijackThis v1.99.0
Scan saved at 10:48:46 AM, on 1/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OmniDrive USB Pro\OmniUSBServ.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
c:\oracle\ora92\bin\omtsreco.exe
c:\winnt\system32\rcmdsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

A:Vx2.ZServ(Trojon) Wont go away. HELP

9 more replies

have a desk top, hewlett packard, srs413wm, Windows vista premium. have avg full, spybot search and distroy, spywareblaster, malwarebites antimalware. trojan hunter free trial. spybot found a trojon in a registry key and would not remove it. trojan hunter found 30+ warnings with double extentions or what ever, I know that the double extention is bad. now we have a pop up that says ( internet Explorer security ) Windows live toolbar, Allow Dont Allow. I know that we have a problem but AVG or Malwarebites found nothing, I have combofix downloaded now but do not know where to change the nane, or ron it.?????Could I get help when some one is free.
Thank you!

A:trojon double extention????????

I hope I posted in The right place????????????? Please forgive any errors

2 more replies

I was using the computer when all of a sudden it shut down. When I turn it back it on, it automatically tries to do a Startup Repair. After several minutes, I get the message: "Startup Repair cannot this repair this computer automatically." When I click on "View problem details," everything looks fine except for "Root cause found: Boot critical file D:\CI.dll is corrupt." This happens every time I try to retart the computer. I've tried System Restore and System Image Recovery to no avail.

A:Computer won't restart: "Root cause found: Boot critical file D:\CI.dl

1. Insert the Windows installation DVD into the DVD-ROM; Click Exit if the auto-menu pops up.
2. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
3. At the command prompt, type the following command, and then press ENTER:
sfc /scannow

9 more replies

Hello.

I'm not sure what nasty I have. In normal mode, I get three critical error messages like below with different file numbers.

---------------
Critical Error!
Windows was unable to save all the components for the file \System32\496A8300. The file is corrupted or unreadable. The error may be caused by a PC hardware problem.
-------------

I have a black screen, can run nothing, cannot access files, cannot connect to the internet.

In safe mode, I can get the files to display and can access a CD and external hard drive, but still cannot access the internet.

I used a laptop to transfer DeFogger, DDS, and GMER. I ran Defogger, obtained DDS logs, but twice GMER caused a stop screen error: RQL_NOT_LESS_OR_EQUAL and dumped the memory - had to reboot.

Previously, I had run rkill, TDSS, and MBAM. Once, the TDSS log indicated it had stopped C:\WINDOWS\system32\grpcon.exe - I believe it was the third time I ran it. Otherwise I get zero files terminated. I cannot run MBAM. I get run-time error '53' mbamnet. I tried using randmbam.exe, but was still unsuccessful after 10 attempts.

I get locked up in safe mode and have to turn off the computer and restart the whole process. This morning, I missed the safe mode tap and when starting up in normal, Spybot popped up and stated it had terminated a file called win32.zbot.

Thank you for any help you can give me. I'm stumped on this one. I've been working with it for two days now and can&#... Read more

A:Critical Error! Failed to save components ..... file \System32\0006784

20 more replies

anyone's help is greatly appriciated

Logfile of HijackThis v1.99.1
Scan saved at 12:53:48 PM, on 12/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explore... Read more

A:startup, shutdown, critical sytems error message: hijackthis file

6 more replies

Hi and Help!!!
I have just run Kapersky av and received the following report. I have 3 varietys at least of the trojan downloader. I see Qoologic.bj, win32 Scapur and java, plus several adwares.

I would appreciate any assistance in cleaning up my computer. Thanks so much

Here is the Kapersky report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 13, 2007 3:36:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/07/2007
Kaspersky Anti-Virus database records: 362060
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 141750
Number of viruses found: 24
Number of infected objects: 55
Number of suspicious objects: 0
Duration of the scan process: 02:15:36

here is my hijack this, run immediately after the above

Logfile of HijackThis v1.99.1
Scan saved at 3:58:07 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe

1 more replies

computer constantly restart and finally i know vundofix is needed i been doingit constantly but still been getting bsod and could use any help at all.
Logfile of HijackThis v1.99.1
Scan saved at 7:20:54 AM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\rotatelogs.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\rotatelogs.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

More replies

I have Norton Internet Security 2003 and it is reporting multiple attacks a day by a computer using the backdoor subseven trojan horse. Is this normal or is there a malicious program on my computer that is causing these attacks?

A:backdoor subseven trojon horse

Please post the scan log from HijackThis http://www.tomcoyote.org/hjt/

2 more replies

A:trojon.Win32.Agent.azsy

I really need someones help. I run the website for the community baseball team, i really need my computer. SOMEONE please help... They depend on me to keep it going and updated.

It all started with opening an email - it that helps!

THANK YOU ahead of time if someone can help
Your hard work is greatly appreciated!!!!!!

3 more replies

Hey guys,

My avast keps flagging most of my programs as trojons under the runonce process.
Have to disable avast to work anything. Tried updating and reinstalling, avast boot scan flags all executables.

Problem started from a cracked game exe from my external harddrive. I installed the game on 11 pc's with same avast versions perfectly but when i plugged the harddrive into my college pc its mcaffe av flagged the cracked game exe and reported threat removed. From then the exe never worked(eg. windows said i wasnt an executable program)

when i plugged the harddrive into my laptop avast immediatley removed the game exe and now avast is flagging everything.

does anybody have any insight on this?

i could remove avast all together and maybe start using another av program but i like avast :P

any help would be much appreciated thanks guys.

A:Avast removing All exe's, runonce trojon

Aru you using pirated version of avast ??

7 more replies

A few weeks ago I suddenly recieved a massage saying I had a trojon something or other. I am not so computer savve that I could tell you what it was. my computer was suddenly taken over and i had no idea what to do. A screen popped up said to buy antispy storm. I did so . but now my computer is really slow and other things are happening. I always receive this message when I turn on my computer. RUNDLL error loading C:\PROGRA~\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL The specfied module can not be found .here is my log. PLEASE HELP!!!!!!!!!!!!!!!!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:56:32, on 6/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.ex... Read more

A:Malware Removal And Trojon Virus

In the Drivers section click... Read more

1 more replies

I just want things to be right. IE 7 popups come even if the program isn't open and I use E-trust AntiVirus and I keep getting errors.

Logfile of HijackThis v1.99.1
Scan saved at 5:35:19 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PhnxCDSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

A:Help: Misc. Popups in IE7 and Trojon Error

6 more replies

My son was surfing the net and we ended with all kinds of problems this morning. Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:18:39 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

A:Help: Trojon virus, system slow

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Select the first option, to run Windows in Safe Mode, then press "Enter".