Tech Problem Aggregator

# Virus's Generic!atr & Generic dx $DNSChanger.o Q: Virus's Generic!atr & Generic dx$ DNSChanger.o

I received notifacation by McAfee on Generic!atr & Generic dx $DNSChanger.o. Must have gotten them from DVD X Copy pro download, it is the only file download I did. I do not check email on this computer. It is the only thing I can think of unless I got them surfing. I did all the things in log 793721 as It looked identical but I just want to make sure so I am posting a few logs. Thank you very much for looking into this for me. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:01, on 2009-01-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Microsoft Corporation\MSN Remote Record service\rrtray.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [RRTray] "C:\Program Files\Microsoft Corporation\MSN Remote Record service\rrtray.exe" O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1186415498421 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1186415490875 O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/en/10/install/gtdownde.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Record Service (RemoteRecord) - - c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11818 bytes More replies Answer Match 91.14% Hi there! Thanks for taking the time to help me out. Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried. I'm running Windows XP Pro. Any help most appreciated. I can post a hijack this log if that's of any use. A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each): Detection name: Generic.dx (Trojan), Generic.dx (Trojan) File: C:\Windows\system32\drivers\109.exe Process: C:\windows\system32\svchost.exe process description: generic host process for win 32 services Detection Name: Generic!Artemis (Trojan) File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe Process description: Malwarebytes' Anti-Malware Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan) File: C:\Windows\system32\drivers\netsik.sys Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp Process description: (as process) The generic.dx has been repaired and removed from 12 files so far by mcafee The Generic!Artemis one has been quarantined from 7 files so far The rootkit.w one has been repaired and removed from three files so far 2 more replies Answer Match 88.2% The other night my buddy downloaded a torrent and thought he was installing a codec but turned out to be a bunch of trojans instead. He disconnected his computer from the internet and then downloaded ad aware and a few other programs on to a laptop and used a jump drive that was hooked up to his computer which ended up infecting the laptop with a autorun.inf. Mcafee kept stopping the autorun.inf on the laptop and ended up doing a scan and finding a few other bugs like generic.dx and dnschanger. Mcafee deleted these but now the internet says it's connected to the wireless network but nothing will load so I have a feeling mcafee is not picking up some things. Thanks in advance for any and all help you guys can provide! Here is the hijackthis log- Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:37:42 AM, on 11/20/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COM... Read more A:Laptop infected with generic.dx, autorun.inf, dnschanger etc. Hello and welcome to BC We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one. Once again, I apologize for the delay in responding to this topic. Regards 2 more replies Answer Match 87.36% I have tried running different malware removal tools and Mcafee both in normal and safe mode and keep getting the message that Mcafee detected and removed. How can I permanently remove these Trojans? I ran the GMER scan and nothing was found. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Cory at 17:48:05 on 2011-10-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2701 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\W... Read more A:DNSChanger!FA and Generic.dx!bbbq Trojans keep being "Removed" by Mcafee Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop. Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more 16 more replies Answer Match 79.8% I need help. I've been having trouble with my internet connection. What do you mean that's not enough info to help? Oh, ok. Well, to some degree it works ok. On a good day, pages load in my browser fine, and I can even stream video. Steam logs in ok, and if everything's going well, I can use Skype and play games fine. Most days are not good days. Today, for example, Steam and Skype will sign in (just about, takes a while to try, and Skype doesn't seem to load my online contacts properly), web pages will generally load, but voice chat via Steam or Skype is impossible, and no games will connect. Other days voice will be fine, but browsing and/or games will be pretty impossible. Days when everything works perfectly are rare, but so are days when I get absolutely nothing at all (when browsing, pages will generally half load, no matter how bad stuff is). I was running Windows Vista, I've since upgraded to Windows 7. I've had the same problem with three different routers on two different connections, and on both a USB dongle (tried a few, one was a Belkin if it's relevant) and an internal wifi card (Ralink, drivers up to date). I've tried turning off the power saving setting on the card ("allow my PC to turn this device off to save power"). Sometimes, just after making a change, it seems like I get a small improvement, but such impressions are generally fleeting and I'm guessing down to wishful thinking. Turning Windows Fir... Read more A:Single Machine Connectivity Issues (Generic Title For a Fairly Generic Problem) 15 more replies Answer Match 79.8% I have got a problem with my computer, no matter how i try to get rid of these, they will not go. i am using BitDefender internet security 2009. which fine these trojan. but when i run my trojan remover it tell me i have no trojan and my computer is free of all..? i have not notice that my computer is not playing up. but when trying to get rid of the three trojan it tells me it cannot because it is part of the system. i tryed in safe mode but it will not let me scan. but i can scan with my trojan remover, and it come up clean, some people say my computer has been kidnap and the trojan is hiding and pretending to be part of the system. the names are....Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD. with thanks Erwin A:Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD Hello ..I am moving this from XP to Am I Infected as it is a malware problem.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives sel... Read more 1 more replies Answer Match 79.8% Hello, my husband's computer seemed to contract quite a few trojans lately according to AVG free. I tried to use it to get rid of them, but I just wanted to check if it had done the job and if there is anything still lingering. Also I would like to prevent thhese infections happening again, as it seems a bit weird to me to have 5 different trojans at once. Can anyone say how the following trojans managed to download? In temp folder: trojan horse generic 14.ABXY & trojan horse SHeur2.APYR In system volume information _restore: trojan horse Downloader Generic 8.BJPU & another 14.ABXY In temp internet files: trojan horse generic 13.BUBK Thanks a lot for your time and please let me know if you need anymore info!! I appreciate it DDS log: DDS (Ver_09-07-30.01) - NTFSx86 Run by Gerard Sabapathy at 21:40:44.50 on 25/08/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.319.64 [GMT 2:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin&... Read more A:Trying to get rid of trojans generic 14.ABXY, SHeur2.APYR, Downloader Generic 8.BJPU Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more 2 more replies Answer Match 79.38% Hello all, McAfee keeps popping up a trojan alert every couple of minutes, and as I've watched them closely for the last few days, they seem to be the same 12 or so - over and over again. I have tried full scans using both McAfee and Spybot, and while they both indicate that they fix the problems, these trojan alerts keep showing up. My comp has become very sluggish, IE in particular. Also, every time I restart after a scan requires it, I get the error message "Owner.exe - DLL initialization failed". I noticed that this process (Owner.exe) jumps around a bit in the task manager, especially when McAfee pops up with the alerts. Below is my DDS. Please help! -Jim DDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 20:57:27.90 on Mon 04/20/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2595 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 5.0\Photos... Read more A:repeating trojan alerts - Generic rootkit, Generic!Artemis Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 14 more replies Answer Match 79.38% To Whom it may concern. On July 9th AVG Free Edition found the virus JS/Psyme which it was unable to heal and since then i have received numerous Trojan horse Generic 10 viruses that AVG states it healed but continue to hamper the performance of my computer. (Generic 10. BDVA, BEIA, BEWK, BAZL, BCCW, BVRB, BCQA, BCPW & Generic 7.SOQ & Agent AHMX. Im totally out of my witts here and i need some help. Thanks in advanceDeckard's System Scanner v20071014.68Run by Jean Marc McLean on 2008-07-27 11:25:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-27 15:25:32 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 23:00:59 UTC - RP3 - System Checkpoint2: 2008-07-24 03:36:00 UTC - RP2 - Software Distribution Service 3.01: 2008-07-24 01:23:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 11:31:17Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32&... Read more A:Infected With Trojan Horse Generic 10 Bewk And Other Generic 10 Trojans Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NEXTPlease visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512 2 more replies Answer Match 79.38% Hello, PC responsiveness is slowly deteriorating in last 2 weeks with symptoms including - browser (IE7) redirects- slow processing times (usage often pegged at 100% or several activities going on at the same time), - OExpress and IE unable to open occasionally. -Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i- Also at start up an apparent MS message says "Error loading JSUSA2.DLL Specified Module not found" (this loads before Mcafee opens)- Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also).Thanks for your help...DDS (Ver_10-03-17.01) - NTFSx86 Run by Robert at 9:31:27.43 on Sun 07/18/2010Internet Explorer: 7.0.5730.13AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://my.yahoo.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae06... Read more A:Need help removing stubborn Trojans - artemis, generic.dx, generic dropp Today another symptom: mcafee identified a buffer overflow in c:\windows\system32\svchost.exe at the same time that a host process error occurred... screen shot of all message alerts are attached. system is detriorating with frequent blue screens while rnning a virus scan or logger (ie MalwareBytes and gmer) I would appreciate a quick response if possible so I can get this one and only family pc up and running again. Thank you. 3 more replies Answer Match 79.38% Computer Runs very slow..bit defender finds Trojan.Generic 25641 and 1)Generic Peed.Eml.Ea92)Generic.Peed.Eml.AB3)Generic.Peed.Eml.FDO4)Generic.Peed.Eml.Fad..but bit defender cant disinfect or moved these viruses...and nowadays my computer runs really slow Deckard's System Scanner v20071014.68 Run by Bishakha on 2008-02-23 14:31:36 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 52: 2008-02-23 20:31:45 UTC - RP164 - Deckard's System Scanner Restore Point 51: 2008-02-23 04:52:49 UTC - RP163 - System Checkpoint 50: 2008-02-22 04:31:29 UTC - RP162 - Software Distribution Service 3.0 49: 2008-02-21 04:33:06 UTC - RP161 - Removed InterVideo DeviceService 48: 2008-02-21 04:27:18 UTC - RP160 - Removed Pando. -- First Restore Point -- 1: 2007-12-24 19:59:33 UTC - RP113 - Installed Windows XP KB899589. Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-23 14:33:24 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\SYSTEM32\SMSS.EXE C:\WINDOWS\SYSTEM32\WINLOGON.EXE... Read more More replies Answer Match 79.38% DDS (Ver_09-01-18.01) - NTFSx86 Run by Owner at 8:21:49.90 on Wed 01/21/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\gearsec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe C:\Program Files ... Read more A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic Please close this post. Problem has been fixed. 2 more replies Answer Match 78.54% Hi, I have MacFee Virus Scan copy installed on my laptop. It displays virus detection and deleted messages for Generic.dx, Generic downloder.dx, and Puper Trojons in Temp folder. These messages keeps coming back. Here is my HJT log file ========================= Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:34 PM, on 10/30/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe C:\WINDOWS\system32\CmgShieldSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Funk Software\Odyssey Client\odClientService.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe C:\Program Files\Connected\AgentSrv.EXE C:\WINDOWS\system32\ccsrvc.exe C:\Program Files\Altiris\Carbon Copy\shellker.exe C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE C:\WINDOWS\system32\clipsrv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe C:\Program Files\Google\Common\Go... Read more A:Generic downloder.dx, Generic.dx and Puper Trojon on my laptop I had real time anti spyware enabled for my previous HiJackThis so now I have disabled the same and run HiJackThis again. The new log is given below. =================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:46:41 PM, on 10/30/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe C:\WINDOWS\system32\CmgShieldSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Funk Software\Odyssey Client\odClientService.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe C:\Program Files\Connected\AgentSrv.EXE C:\WINDOWS\system32\ccsrvc.exe C:\Program Files\Altiris\Carbon Copy\shellker.exe C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE C:\WINDOWS\system32\clipsrv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateSe... Read more 1 more replies Answer Match 78.54% McAfee found those files and I wondering if they are slowing down my computer. I am also having problems removing programs and installing Microsoft security updates. When ever I try to remove certain programs I get a message that says, "This installation is forbidden by system policy. Contact your system administrator." My computer is a stand alone and I have admin privileges . Here is my log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:38 PM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicen... Read more A:Help removing Generic!Artemis, MK Recorder, and Generic Downloader Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more 2 more replies Answer Match 78.54% Have Compaq Presario CQ56 laptop running Win7 64bit. I use Norton thru my ISP and so far so good until a few days ago! Norton popped a box saying it had detected a problem and when I expanded the box it showed 3 trojans and only 1 removed. It then began popping up a box telling me to reboot so it could make the needed fix and I did but it didn't I downloaded Housecalls and the scan found nothing. Next I tried AVG and that scan found nothing! Now I can't even get on the web or open any desktop icons.... I get a pop-up stating "There was a problem sending the command to the program" and it refuses to do anything. I can't run any of the diagnostics posted on the self help instructions above... I need HELP Please!!! Thanks, Jan A:TROJANS: Generic dxlb2rms and Generic Backdoor!1sw - NEED HELP TO REMOVE PLEASE!!! Please don't forget this post.... I really need help! THANKS! 1 more replies Answer Match 78.54% Hi there Tech Support Guru! my computer has been invaded by these three trojans: generic!Artemis, generic.dx and generic rootkit.w At least, that's what McAfee is telling me. I am using Windows XP pro Here is my Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:18:47 PM, on 18/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\ASUS\Asus Probe\AsusProb.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Prog... Read more A:Please help! Generic!Artemis, generix.dx and generic rootkit.w have invaded Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each): Detection name: Generic.dx (Trojan), Generic.dx (Trojan) File: C:\Windows\system32\drivers\109.exe Process: C:\windows\system32\svchost.exe process description: generic host process for win 32 services Detection Name: Generic!Artemis (Trojan) File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe Process description: Malwarebytes' Anti-Malware Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan) File: C:\Windows\system32\drivers\netsik.sys Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp Process description: (as process) The generic.dx has been repaired and removed from 12 files so far by mcafee The Generic!Artemis one has been quarantined from 7 files so far The rootkit.w one has been repaired and removed from three files so far 2 more replies Answer Match 78.54% Hello, my Dell running XP (SP3) responsiveness is slowly deteriorating in last 2 weeks with symptoms including - browser (IE7) redirects - slow processing times (usage often pegged at 100% or several activities going on at the same time), - OExpress and IE unable to open occasionally. -Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i - Also at start up an apparent MS message says "Error loading JSUSA2.DLL Specified Module not found" (this loads before Mcafee opens) - Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also). Thanks for your help... ************************** DDS (Ver_10-03-17.01) - NTFSx86 Run by Robert at 9:31:27.43 on Sun 07/18/2010 Internet Explorer: 7.0.5730.13 AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p... Read more A:Need help with Trojans including - artemis, generic.dx, generic dropp Hello again, obxhockeydad_1. Even though it's been almost a year since the last disinfection, which is ok, it's still a bit disheartening to see you back in the forums with another infection. Please be sure all who access the machine are taking great care when surfing the internet, opening emails, downloading files, etc... Also, IE7 is not as secure as IE8. IE should be updated once the machine is clean. I'd like to try to get a log from GMER rootkit scanner. Let's try this version of gmer. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan. In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop, and attach it in reply. **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If you still have troubles, try running the scan in Safe Mode. Restart your computer and boot into Safe ... Read more 19 more replies Answer Match 77.28% Hi,My device has been infected with ZeroAccess, which proceeded to bring along the 2 generic trojans. My main problems are that windows is very laggy (most things has to be done through Safe Mode at the moment), my firewall won't stay on (in normal and safe modes) and occasionally a pop-up appears with the title [Web Browser] warning that I should stop a script from running. It looks something like this: (I forgot to take a screenshot when it popped up, so here's the exact same thing that I found through google)Before I start off, here are some details about my machine.Windows 7 SP1McAfee SecurityCenter v11.0McAfee VirusScan v15.0 last updated today (17/6/12)McAfee Personal Firewall v12.0A few days ago, my friend was using my machine when McAfee popped up saying that it had quarantined some trojans and no further action was required.Afterwards, the computer was getting significantly more laggy with each reboot; McAfee Personal Firewall and Real-time protection were also unable to stay on. Looking through the quarantined list of items, there were multiple instances of the same 3 items:ZeroAccessGeneric.Backdoor!1ubGeneric.dx!b2ptAll 3 appeared in C:\Windows\Installer\post:27338360\UMy friend had already deleted the zip file which probably allowed ZeroAccess in. Since McAfee's complete scan of the computer was unable to complete due to the significant lag, I then downloaded and ran Spybot S&D and Ad-Aware Antivirus in Safe Mode, but n... Read more A:Help with Zeroacess / Generic.Backdoor!1ub / Generic.dx!b2pt Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so. We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text. Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything. Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go. A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more 50 more replies Answer Match 77.28% My wife downloaded a file through bearshare and now the computer is lagging bad and avg keeps picking up these 2 trojans. I navigated to and deleted the file that the generic arly was in. I have tried to run malware bytes,trend micro housecall and they lock up before finishing as avg also locks up before finishing. I have run spybot and it removed several things. Also if possible i would like to remove any garbage programs i dont need. Plese let me know what else you will need. Thanks a lot 1. DDS LOG DDS (Ver_09-06-26.01) - NTFSx86 Run by Jamion at 12:40:26.86 on Mon 07/06/2009 Internet Explorer: 8.0.6001.18783 Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3034.1773 [GMT -4:00] SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.in... Read more A:Trojan generic 11zne and generic arly Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more 7 more replies Answer Match 74.76% Here is my HijackThis Log:Logfile of HijackThis v1.99.1Scan saved at 9:07:22 PM, on 10/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\SYSTEM32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\windows\Explorer.EXEC:\windows\system32\nvsvc32.exeC:\windows\system32\svchost.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\windows\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeE:\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Softwin\BitDefender9\bdmcon.exeC:\Program Files... Read more A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331, Both Located In My Temporary Internet Files Folder. Reboot into Safe mode then follow these steps.Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet ExplorerGo to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu on the left side of the Options window.Click the Clear button located to the right of each option (History, Cookies, Cache).Click OK to close the Options window Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.Does that remove them? 2 more replies Answer Match 74.34% McAfee installed on computer but was "complaining" that the computer wasn't protected but when clicking fix - nothing changed. Finally tonight was able to get the updates and now it says machine is protected and it quarantined: Generic Dropper.cx, Generic Downloader.x. I can see from the logs that on 1/25 it supposedly removed Generic.dx. Obviously, this machine still had a problem so I ran dds and mbam - although in reverse meaning ran mbam first. Logs below. Perhaps MBam has fully resolved but I'd like an expert to confirm. Thank you. ***************************************************************** Malwarebytes' Anti-Malware 1.33 Database version: 1736 Windows 6.0.6000 2/6/2009 8:39:56 PM mbam-log-2009-02-06 (20-39-56).txt Scan type: Quick Scan Objects scanned: 51894 Time elapsed: 10 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT... Read more A:Generic Dropper.cx Generic Downloader.x Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more 2 more replies Answer Match 74.34% Hello, I noticed last week that my browsers (Mozila and IE) were not working properly: all the searches I was doing were redirected. I can't access to some websites as this one or McAfee... I can't update my McAfee Security Center software nor perform a restore system and Malwarebytes doesn't launch. McAfee found the following trojans: Generic.dx, JS/Tenia.d and Generic PUP.z and I deleted them. However, my problems are still not solved. I was wondering if someone here could please help me to fix theses issues or if I should just reformat my hard drive (will this get rid of all viruses/trojans for sure?)? Thanks in advance for all your inputs! Fanny You'll find here below the contents of the DDS.txt log: DDS (Ver_09-01-19.01) - NTFSx86 Run by Fanny at 13:11:49,90 on 26/01/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.509 [GMT -8:00] AV: McAfee VirusScan *On-access scanning disabled* (Outdated) FW: McAfee Personal Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\... Read more A:Infected with Generic.dx, JS/Tenia.d and Generic PUP.z Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more 3 more replies Answer Match 74.34% I can't get rid of the the Generic Rootkit w. My virus software warning window keeps popping up saying the Trojan is detected even after I ran SDFix. Generic Rootkit w File: c\WINDOWS\system32|securetm.sys Process: c:\Docume~1\Valerie\LOCALS~1|Temp|BNF6FD.tmp Generic Downloader.x!i File: c:\Documents & Settings\Valerie\Valerie.exe Process: c:c:\Documents & Settings\Valerie\Valerie.exe Thanks for your help, Valerie ______________________________________ DDS (Ver_09-03-16.01) - NTFSx86 Run by Valerie at 9:30:34.68 on Wed 04/22/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1283 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\V... Read more A:Generic Rootkit w and Generic Downloader Hello and welcome to TSF. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed. 2 more replies Answer Match 74.34% Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?) I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =( If you could help me that would be great!!!! Here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:32:38 PM, on 9/26/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\OEM02Mon.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe C:\Windows\System32\rundll32.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\AIM\AIM Pro\aimpro.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Fi... Read more More replies Answer Match 74.34% About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more A:generic.dx and generic downloader.dx Trojan Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more 6 more replies Answer Match 71.82% Hiya! I'd originally come aboard with the intention of asking why I see one or two "Generic volume shadow copy" driver installs EVERY DAY in perfmon/Reliability Monitor. After reading other threads on this topic, I'm now convinced this is related to my leaving a USB drive plugged into my PC 24/7 for ReadyBoost, and ditto for an external USB-attached hard disk (for backups). My questions have now become: 1. I have 98(!!!) Generic volume shadow copy entries in the "Storage volume shadow copies" element in Device Manager (and my rebuilt Vista install is about 5 weeks old, installed on 8/7/08). Should I be concerned? What can I do to get this number down? How do I keep it down? The obvious bonehead answer appears to me to be "Delete them all, and keep it up every day, or write a script to do likewise." Is this even reasonable? 2. I have 5 "Generic volume" entries in the "Storage Volumes" element in Device Manager. Same questions as before... 3. I can't get any meaningful info from the Properties windows under either heading, though complete coverage of "Storage Volumes" and random sampling of "Generic volume shadow copy" entries all say "The device is working properly" Any input, ideas, advice, or references that will help me understand how to proceed from here will be greatly appreciated. TIA for your help and support, --Ed-- A:Device Mgr: 98 Generic volume shadow copy, 5 Generic volume entries Just FYI in scanning elsewhere on the Web I've found other posts that report this same behavior. For example: http://www.vistax64.com/vista-genera...talling-s.html (no resolution). This posting may offer some relief, and recommends uninstalled the USB Root Hub drivers so they can be rediscovered upon bootup: http://www.vistax64.com/vista-genera...ecognized.html. Haven't tried this yet, though, so I don't know if it helps or not. HTH, --Ed-- 3 more replies Answer Match 70.98% First off, I'd like to thank everyone who contributes to this forum. I just found it and I've already learned a lot from the stickies and other posts. I really appreciate the time put into it. Now, I have a problem I was hoping to get some help with. I'm running Windows XP and for the past week my McAfee SecurityCenter has been reporting a lot of trojans/viruses/PUPs that have been removed or quarantined or that could not be repaired. Since this has happened, I've noticed my computer (especially web applications) running incredibly slowly from time to time for no obvious reason. I've also occasionally been redirected from websites that I frequent to websites I've never been to. Below I've included a list of the items detected by McAfee and the actions it took (minus duplications) and a current HijackThis log. Any help would be appreciated, thanks. Generic Dropper (quarantined) Generic.dx (quarantined) Generic Downloader (quarantined) Generic.dx (removed) Generic Dropper (removed) Adware-PurityScan (cannot be repaired) Downloader-BCF (removed) Adware-ISM (removed) Adware-BHO.gen.c (cannot be repaired) Generic Pup.d (removed) W32/Sdbot.worm (quarantined) FakeAlert-AB!htm (removed) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:59:24 PM, on 11/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winl... Read more More replies Answer Match 70.14% Help, Nothing seem to work. I tried scanning with BitDefender but beside finding the virus, it cannot put both virus in quarantine. I tried doing the technic that includes, rebooting in safe mode, using ATF Cleaner then doing a full scan with ewido (ewido 4.0). But ewido cannot spot the virus. Can anyone help? A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331 I just updated to AVG Anti-Spyware 7.5 2 more replies Answer Match 69.3% Hello. I recently reinstalled windows xp on my dell. I live in a fraternity and we have a server for files. I was looking through it and simply clicked one of the folders and none of the files and AVG told me explorer.exe was infected by the generic 12 trojan horse. It couldn't get rid of it. Anyways after that my cursor keeps flashing the hourglass symbol. Any help would very much appreciated. Thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:31:47 PM, on 4/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Documents and Settings\Matthew Jackson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\igfxsrvc.exe C:... Read more More replies Answer Match 69.3% I did an online scan for a virus just for fun on my 98se machine and it came back that I had an uncleanable virus called "generic 408*" Has anyone ever heard of this before? It's a new one on me. I tried looking on the microsoft site and couldnt find anything on it. I tried symantecs site and no luck either. John ps since the discovery I am having trouble or not success with installing software A:Never seen this one, generic 408 virus? 8 more replies Answer Match 69.3% Hi... Some time before I was prompted by antivirus McAfee for generic.dx. I have tried to remove the same .... formated c Drive and reinstalled the windows but some how I could not remove the same. I have installed spyboat... It has showed win32.joleee.K trojan in service.exe file. I am getting the same message when I run spy boat. every time it shows the file infected with it. I fix the problem but problem persists. Any guidance ? Vijaykumar Dave More replies Answer Match 69.3% I just ran mcafee on my kids computer and it's filled with this virus. How do I get rid of it? Symantec said to delete some files in the registry but I didn't find the files they said would be there. Is there any other way to fix this besides deleting each one with Mcafee? A:w32\generic virus Hi and welcome to TSG. Let McAfee do it's thing and remove the virus. If you need more help..we will show you how to D/load a Hijack this log which may show other problems and post it on this thread. 1 more replies Answer Match 69.3% Cannot seem to get rid of ths horrible trojan. Got rid of McAfee because it wasnt doing anything ( McAfee didnt even pick it up), tried Malware, but to no avail. Am now using BitDefender whch is fine, it picks up that i have the virus, but cant do anything about it. The file is Backdoor.Generic.240830 and comes up in the svchost file. Need help guys, please? A:Generic Virus will not die!!! Deleted BitDefender (which was a mission and a half), and reinstalled AVG which seems to be working now. My internet was cut off, and the pc kept shutting down. Thanks me for helping me...... 1 more replies Answer Match 69.3% I was browsing on Mozilla Firefox and I suddenly got spammed by messages from some site called "scnadator14.info" telling me my computer was at risk from a virus, and it ran a scan of my computer and told me about 17 times that there's a virus called "Mal/Generic-A." I don't know what it is, but I'm running a Webroot Spysweeper scan right now and it is telling me, counting, 8 times that this virus is infecting Mozilla Firefox. Any time I try to get onto Mozilla I keep getting routed to scnadator14.info, and when I try clicking exit, it tells me either I have a possibility of a system crash, or it gives me a popup asking if I want to run something called Eco Install.exe. I don't know what to do. Please help! And here's the HJT log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:18 AM, on 2/14/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpg... Read more More replies Answer Match 68.88% Received this computer with numerous issues. 1. Cannont install programs - receive error 1306. 2. Microsoft FIXIT programs "Failed to process" 3. Malwarbytes Generates errors on install (both with mbam-exe and 3f34l3faa.exe). Program gives error: "CoCreateInstance failed; code 0x080040154. Class not registered." 5 times, but then is able to run, update and scan. Finds no problems. This is both in normal and safe mode. In addition. removed hard drive from PC and scanned from another computer, no virus found. Also manually updated virus definition files from usb drive, nothing found on both quick and full scans. 4. Sophos Virus Removal Tool finds 2 infections: "Mal/Generic-L" and "Mal/Generic-S", but fails on removal: "Virus removal failed". 5. IE opens and immediately closes. Uninstalled IE8, IE7, and reinstalled, no help. Firefox works (using Firefox to post this message). 6. When plugging in flash drive, get windows dialog box with one option to open folder to view files. Clicking on that does nothing. Have to open drive through my computer or windows explorer. 8. start>search fails to run. 7. Ran GMER without incident, log attached. DDS log below. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 19:42:12 on 2012-08-15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1351 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD... Read more A:Damage to XP After MAL/Generic-L and MAL/Generic-S Update: Ran Sophos again, and here is the log. it shows 3 different scans I have run. 34 more replies Answer Match 68.88% Hi, I can't get rid of either or these trojans. Please help!!!! I ran the HiJackThis and here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:04:34 PM, on 1/16/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PackethSvc.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINDOWS\System32\NMSSvc.exe C:\WINDOWS\System32\nvsvc32.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\lanmanwrk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:... Read more A:Generic.dx and generic RookKit.a Hi, niki804 Welcome. We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here Apply the update, reboot, and post a fresh Hijackthis log. 2 more replies Answer Match 68.88% Downloaded AVG?. Found: Trojan horse Collected Z C:\Windows\toolbar.exe Trojan horse Downloader.Generic.FCB C:\Windows\tool1exe Updated AVG files?. Found: Trojan horse Downloader.Generic.ITN C:\Windows\loadnew.exe Trojan horse PSW.Generic.DYD C:\Windows\kl.exe Trojan horse Downloader.Generic.ITN C:\Windows\1sv22cb9.exe Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.exe Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.dll Trojan horse PSW.Generic.DYD C:\Windows\ibm00002.dll Trojan horse Startpage.UN C:\Windows\paytime.exe I then Rebooted?.. AVG Boot-up Scanner (ver 7.1) Detected a virus C:\Winstall.exe spyware spytrooper.G Recommend reboot and restart system from virus free diskette then use AVG Rescue Disk and remove the virus by healing. Did this and it found nothing. Ran AVG found nothing. Still detects [C:\Winstall.exe spyware spytrooper.G] on boot-up HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 12:05:23 AM, on 11/18/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\OFFICE51\SOINTGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FI... Read more A:Downloader.Generic.FCB + PSW.Generic.DYD + others just a bump 14 more replies Answer Match 68.46% Windows XP Service Pack 3 Trend Micro Internet Security Turned on IE yesterday and it went haywire with pop-ups. Called TM and spent all day today (literally) with their virus department..both guys said it was fixed..wasn't. Git a level two engineer on it tonight who did the same things (remote access to my computer, auto runs etc.) swore it was fixed..wasn't. After the first two techs it would redirect me to different web pages completely and not let me go to the one I wanted (different than when it first happened in that I could go where I wanted but an extra window would open with an ad). Now, after the third guy, when I try to go to certain web pages a trend micro window comes up and blocks the redirect but will not let me go to the page. Adaware showed three infections (in the registry as well). Hijackthis log below. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:07 AM, on 1/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft ... Read more A:Adware_Virtumundo and Generic virus Hello and welcome to TSF. We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a Quote: Having problems with spyware and pop-ups? First Steps link at the top of each page. Please follow our pre-posting process outlined here: http://www.techsupportforum.com/f50/...lp-305963.html After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. 1 more replies Answer Match 68.46% We have a virus that is a real pain in the a**. AVG indentifies the virus as Generic.GM and cannot heal the virus nor can I quarantine the virus because it is in a system file and when I try AVG advises against it. It was almost impossible to even install an antivirus program on the computer since every time we tried to access an antivirus website it wouldn't open. Then everytime we tried to run the install program for the antivirus program (once we were able to get it on the computer) it (the virus) would immediatly kill the install. Below is my Hijack This logfile. Can someone help? Please! Logfile of HijackThis v1.98.2 Scan saved at 11:12:29 AM, on 9/13/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINNT\SYSTEM32\DNTUS26.EXE C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\sdhelp.exe c:\winnt\system32\Microsoft\Protect\S-1-5-18\Userx\FireDaemon.EXE C:\WINNT\system32\stisvc.exe c:\winnt\system32\Microsoft\Protect\S-1-5-18\Userx\srvmon.... Read more A:Virus Generic.GM on my computer 16 more replies Answer Match 68.46% I ran Trend Housecall AV and it detected a BOOT GENERIC virus, a file in Drive D, which I have been unable to either clean or delete. Scan Result: Can Not Access. I click both Clean and Delete and get the following message: Unable to clean because it is currently in use. Is there an easy way to get rid of this virus? I have McAfee AV installed but it failed to detect the virus. So someone suggested I try Trend Housecall. I figured something was wrong for two reasons: (1) I was no longer getting McAfee's automatic security updates; and (2) whenever I boot up it now takes several minutes for most of my icons to change to their proper colors/appearance. They're basically white for a few minutes until they FINALLY change -- a very annoying wait. Since I was no longer getting the automatic updates I tried getting them manually, only to get a reply message from McAfee Security Center indicating an inability to connect to the Internet. I would then click on Retry and get the same response, again and again. Another thing I've noticed lately is that my Security Index and Antivirus Index are now registering 7.0, and I'm pretty sure they had been at 8.5 for as long as I can remember. Could it be that missing my automatic updates has caused these readings to drop? I went to McAfee chat support and received a fix that allowed McAfee to reconnect to the Net. I then clicked on Updates and received a reply telling me that all of my McAfee services were up-to-date. Howe... Read more A:BOOT GENERIC virus. Please help! What is the exact file name and location where the virus is detected? And have you tried deleting it in Safe Mode? http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 Also give us a copy/paste of a HijackThis Scanlog: http://computercops.biz/downloads-file-328.html 3 more replies Answer Match 68.46% Hey Guys, New here on the forum, like the forum and need some help. Currently have Dell PC, XPS 400 and of course Windows XP is my OS. So the story goes like this: I have this Trojan Generic.Adv virus that i can't remove/delete. Trend Micro PC-cillin can't remove it. Free edition of Spyware Doctor won't do it. Won't let me delete from registery either. Any ideas? Will any of the Spyware removers clean this up for me? Please help. Some suggested trying Pandasoft? This is where this stupid thing is located? C:\WINDOWS\system32 Filed is called dmubsi.dll Thx, Mookie A:Help with Trojan Generic.Adv Virus Please do not start more than one thread for the same problem. You were receiving help in another thread. Closing duplicate. Please continue here: http://forums.techguy.org/security/563610-error-safe.html#post4646171 1 more replies Answer Match 68.46% Please see Log below - my McAfee software cannot clean, quarantine or delete this trojan - please help - thanks: Logfile of HijackThis v1.99.1 Scan saved at 12:32:19 PM, on 4/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nhoxnl.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\eqgcn.exe C:\WINDOWS\system32\eqgcn.exe C:\WINDOWS\system32\eqgcn.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe C:\Program Files\Dell Photo AIO ... Read more A:Generic Downloader.ab virus Add remove programs - remove MyWebSearch - all occurences of Viewpoint Go to the link below and download the trial version of SpySweeper: SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg * Click the Free Trial link under "SpySweeper" to download the program. * Install it. Once the program is installed, it will open. * It will prompt you to update to the latest definitions, click Yes. * Once the definitions are installed, click Options on the left side. * Click the Sweep Options tab. * Under What to Sweep please put a check next to the following: o Sweep Memory o Sweep Registry o Sweep Cookies o Sweep All User Accounts o Enable Direct Disk Sweeping o Sweep Contents of Compressed Files o Sweep for Rootkits o Please UNCHECK Do not Sweep System Restore Folder. * Click Sweep Now on the left side. * Click the Start button. * When it's done scanning, click the Next button. * Make sure everything has a check next to it, then click the Next button. * It will remove all of the items found. * Click Session Log in the upper right corner, copy everything in that window. * Click the Summary tab and click Finish. * Paste the contents of the session log you copied into your next reply. Also post a new Hijack This log. 1 more replies Answer Match 68.46% I've been trying to fix this for 2 days with some improvement but it keeps returning. Went to a website doing research on what I though was a innocent enough topic, (not a porn site) and next thing I know Mcafee is alerting me to programs wanting to do something and of course I clicked on no, but still got loaded with the virus. Running a scan on Mcafee showed some problems but after using it to clean, I found that I couldn't log on with my browsers. Finally figured out the virus had put proxies on them and change those back to their usual setting on IE and FireFox. Then ran malware bytes and found more stuff infected. The logs indicate it cleans them up, but then says it has to reboot to take care of one or more of them, but after rebooting Mcafee starts giving our warning messages such as: Generic Rootkit Windows/system32/drivers/nicsk32.sys I've run Malware quite a few times with the same results and the longer between scans and the limited clean up it does the more infected files that it discovers on the next scan and also the slower the computer runs and takes a long time to open word docs, etc... Where do I go from this point to try and get this fixed? Thanks! This is the last Malware log: Malwarebytes' Anti-Malware 1.36 Database version: 2085 Windows 5.1.2600 Service Pack 3 5/7/2009 5:24:05 PM mbam-log-2009-05-07 (17-24-05).txt Scan type: Full Scan (A:\|C:\|D:\|) Objects scanned: 195354 Time elapsed: 46 minute(s), 25 second... Read more A:Generic RootKit Virus, need help Sorry, forgot to add that I'm on Windows XP. 16 more replies Answer Match 68.46% Hi I been reading this forum and I have the same problem with the generic 4 virus. I have run spybot Ad-aware AVG F-prot to no avail. Could you help me. I have done a hijackthis and posted it below. Please help as I am getting popups every time i click the mouse. It also comes up with smitfraud-C.toolbar888 whenever I do a spybot check. Many thanks HeatherB56 The logfile is as Follows: Logfile of HijackThis v1.99.1 Scan saved at 17:47:33, on 21/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\KService\KService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\eht... Read more A:Generic 4 Virus HEEEEEEEEEEEEEElp!!!!! why don't you click on the red triangle at the top right and ask to move the thread to the security forum. 1 more replies Answer Match 68.46% So everything was fine on my PC for years, I get a java alert to update back around Christmas time and thats when it all began. Was using Norton form att dsl service and it alerted me to the vundoH virus. Took a few days and I thought I had managed to get rid of it, but my pc still acted weird. During that fix, I had to move over to McAfee anti-virus cause that was what now was available from my ISP. But like I said, it still acted weird, It would, I guess, do memory dumps (3 so far) on the 3rd one is when I got that MS Antivirus 2009 message come up. I know it's bogus from the research I didi when I tried to get rid of Vundo, so I figured I come to the experts and ask for help. I used spybot, vundo fixit tool and ad-ware before the latest batch of mishaps. Here's the DDS.txt. DDS (Ver_09-01-19.01) - NTFSx86 Run by Gabe at 17:43:58.92 on Mon 01/26/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.606 [GMT -8:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files�... Read more A:MS virus, vundo, generic.pup.... Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.As instructed on above page, they recommend to disable your Antivirus, in your case McAfee. For McAfee, I rather recommend to temporary uninstall it, because Mcafee causes a lot of problems with Combofix after reboot, this because McAfee enables ag... Read more 14 more replies Answer Match 68.46% Hi, I hope yall can help! I believe that i have some sort of virus it keeps popping up in my symantec as us.exe packed.generic.295 It says that its deleted but it keeps coming back up. And auto protect keeps popping up with the same message over and over deleted! Please Help.... Thanks More replies Answer Match 68.46% Hi, My computer is for sure infected with the Downloader.Generic virus. This virus seems to be affecting the fvq.exe process. I will receive a message by windows several times "fvq.exe has encounted an error-it will now close". I have scanned with AVG and it caught it but even after removal I still receive the error. When I previously scanned with Norton, it actually scanned viruses. This sounds strange, but it showed it was scanning things like W32.Sality.U, not the files but the actual virus, but never picked it up. Not really sure where to go from here. Here is the requested information: DDS (Ver_10-03-17.01) - NTFSX64 Run by Shannon at 13:35:32.47 on 17/07/2010 Internet Explorer: 8.0.6001.18928 Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.6142.3550 [GMT -6:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\s... Read more More replies Answer Match 68.46% I've got this virus in my pc which has disabled antivirus and network. I am trapped in a circle and cannot get out. I cannot install HijackThis. I was able to install Malwarebytes but it won't start. I have Norton Internet Security 2009 and it detects the virus but it is unable to get rid of it. It says that it cannot scan e-mails so I suppose the virus came through an e-mail. When I click on the name of the virus in NIS, yesterday it said that 4 files and 1 browser cache were infected, today there are 5 files and 1 browser cache. The files are: globalroot\systemroot\system32\uackvrjbxdorjittjp.dll (it is this file repeated 5 times, exactly the same). Risk level: HIGH The pc is connected to the internet via LAN through the wireless router, I have connection but I cannot connect (no packets sent or received) and it says I don't have any network card (I don?t remember the exact names used). I tried to connect via wireless with a wireless adaptor and it is practically the same (this time I works to send packets but I cannot receive). I get the wireless monitor working but the adaptor is disabled and cannot enable it. I also downloaded (through another computer) a Pareto Logic anti-virus. I can install it but it needs internet connection to download some files to start working, so as I say, I am trapped in a circle with no way out. I tried system restore but when I click "next" I only see that I have clicked on the next tab and after 15 minutes it is as ... Read more A:packed.generic.200 virus I found a HijackThis program installed in my pc from a previous problem and although it is an old version and since I cannot install HijackThis or any other program, and the ones I can install, cannot run them. I thought this was better than nothing. When I tried to post it, it was detected as an old version and was rejected, so I took out the heading hoping this will work.It started with 4 files and 1 browser cache infected and today there are already 6 files and 1 browser cache infected (all the files are identical):globalroot\systemroot\system32\uackvrjbxdorjittjp.dll (as reported by NIS).Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\Iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Common Files\Sym... Read more 3 more replies Answer Match 68.46% Won't let me clean, delete, or quarantine (I get the message "The file "unp142029129.tmp" could not be cleaned/deleted/quarantined. Please check access rights to media where the file is located." And I'm sure there are many more viruses on here, so some help would really be appreciated!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:21:49 PM, on 8/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\Digital Imagin... Read more A:Virus W32/Generic.worm!p2p 11 more replies Answer Match 68.46% My bitDefender 2008 has come up with a virus on my computer - Win32.generic.494661, and it's seemingly everywhere. I have no idea what is going on and can't seem to get rid of it. I've tried scanning my entire system and put a clean backup image through Acronis on my C drive after cleaning my other hard disks. HijackThis comes up with when I run it on my system: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:28 PM, on 2/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TRENDware\802.11g Wireless Client Utility\UMCCfg.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Intergy\Installer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\rmss\WIN_MONITOR.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaP... Read more More replies Answer Match 68.46% Hello, I have a trojan virus called Generic.dx!fhb which is located here C:\Windows\System32\iuypifmo.dll My McAfee says it found the virus and quarantined it but it keeps coming back over and over. It halts my PC from working continuously. I am lucky to be here now posting this request. I have to restart numerous times. I have attached the log from Hijackthis. Please help me!!!! A:Trojan Virus Generic.dx!fhb 16 more replies Answer Match 68.46% Hello I am infected with the virus vbs/generic and trojan horse small.3.0 I run a scan and it suppose that it healed but now most of my programms are not working properly and I am still getting threat alerts. What should I do. I can not send you my log report because i can t open the excel file. now I am scanning with the malwarebyte's and for now no threat found but still running. Please help I really need my pc I am writing my thesis A:AVG virus found vbs/generic Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application. For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan"... Read more 3 more replies Answer Match 68.46% Hi, I am suffering from a trojan horse generic 13.ATYY virus. I have looked other similar threads as well in this forum, but haven't got help for my problem. I have Windows Vista and updated version of AVG. I have used it without problems until now. The computer scan shows that I have no infections, but every time I open internet explore I get a AVG message saying that I have 2 infections in that location: C:/windows/system32/gxvxcppwrigibprwuyfmwucxpdftyclcvjpyg.dll (Process name: C:/program files/internet explorer/iexplore.exe) AVG can't heal these files and I get this message: "some files cannot be healed. Item with this value already exist in object" I've followed the instructions from virus forums and downloaded Spybot and Malwarebytes, but after installing the programs, they do not open. I have tried that many times without any success. I've also tried system restore, but this does not allow me to do anything either. Can you please help me with this matter?! Thank you in advance! A:Trojan Virus generic 13 Hello and welcome to TSF. We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a Quote: Having problems with spyware and pop-ups? First Steps link at the top of each page. Please follow our pre-posting process outlined here: http://www.techsupportforum.com/f50/...lp-305963.html After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. 1 more replies Answer Match 68.46% My bitDefender 2008 has come up with a virus on my computer - Win32.generic.494661, and it's seemingly everywhere. I have no idea what is going on and can't seem to get rid of it. I've tried scanning my entire system and put a clean backup image through Acronis on my C drive after cleaning my other hard disks. HijackThis comes up with when I run it on my system: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:28 PM, on 2/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TRENDware\802.11g Wireless Client Utility\UMCCfg.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Intergy\Installer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\rmss\WIN_MONITOR.exe C:\Program Files\Microsoft\Search E... Read more A:win32.generic virus Hello - Is it possible BitDefender is giving you false alerts? Have you tried scanning any of the files it identifies as infected at VirusTotal If you need more detailed assistance... We no longer use HijackThis as our initial analysis tool. We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a Quote: Having problems with spyware and pop-ups? First Steps link at the top of each page. --------------------------------------------------------------------------------------------- Please follow our pre-posting process outlined here: http://www.techsupportforum.com/f50/...lp-305963.html After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply. 1 more replies Answer Match 68.46% I have had this message from mcafee that it has detected but cannot remove or quaranteen the following file: c:\windows\system32\vistax.dll the detection name is "Generic.dv" Is anyone familiar with what this virus can do and how to remove it? thanks, vinmania: More replies Answer Match 68.46% HELP!! MacAfee found a virus on my puter and "it cannot be removed" It is a trojan virus, generic.dx File: D:\DRIVERS\WIN_9X\LXCFSR9X.EX_ I am not very computer illiterate, so any step by step help would be greatly appreciated. Thank you A:trojan virus: generic.dx hello I understand you have a virus in this location D:\DRIVERS\WIN_9X\LXCFSR9X.EX_ d:\ is an optical drive so the only way I can think is that you may have burn't it to a disk or do you have more than one hard drive? example drive c and drive d? If its the case of 2 hard disks you may only have the option where you have to remove them manually which is a case of navigating to the location, press and hold shift and press delete then press enter to delete it, but only do this if you are sure, if not then you might want to consider getting someone to help you. If you have anymore information for us then please notify us Thanks for posting, I hope I have helped you in someway 3 more replies Answer Match 68.46% Hi, I foolishly decided to run a random program before scanning it (I even told myself to do it the night before). I ended up getting 4 viruses and ishost.exe on my computer. AVG has killed all but one of the viruses, Generic.WUE, and it's infeced file win31.tmp.exe.I was hoping someone could help, as I might not have completely gotten rid of all of them (I manually deleted some).Thanks---Oops, AVG just found another virus!! It's called Downloader.Obfuskated and it's infecting file rdgUS2404[1].exe in my Temporary Internet Files.---Logfile of HijackThis v1.99.1Scan saved at 8:37:26 PM, on 9/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Symantec Shared\SP... Read more A:Win31.tmp.exe / Generic.wue Virus! Hello;I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer during HijackThis CleanupThen, Download ResetTeaTimer.bat.Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.I notice from your log that you are running more than one different Anti-Virus programs with Auto-protect enabled. Norton/Symantec and AVGRather than giving you extra protection, this can actually give problems because of incompatibility issues, can even cause BSODs and decrease the reliability of it seriously!Also, it causes a serious system slowdown.I would strongly advise you to only have one Anti-Virus with the Auto-Protect feature running at any one time!If you decide to only keep one Anti-Virus installed, you should uninstall the other(s) through the Add or Remove Programs option in Control Panel.* Open hijackthis, click 'config' (bottom right)Choose the tab 'misc Tools' on top.Choose 'delete a file on reboot'In the field, copy and paste next:C:\WINDOWS\SYSTEM32\winopn32.dllClick open.Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/okYour system should reboot now.* Download Smitrem.exe and save the file to your desktop.Double... Read more 8 more replies Answer Match 68.04% Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:27:20, on 03/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS ... Read more A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors... I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one. Once again, I apologize for the delay in responding to this topic. 1 more replies Answer Match 68.04% Thanks for reading this, I have a virus in my virus vault identified and isolated by AVG but can not delete it. Trojan horse Generic.WUD found in 5 places: A0004526.exe c:\system volu A0004578.exe c:\system volu It appeared when my son tried to download songs from his itunes on to a new mp3 player that i had bought him from macro. I have 3 questions; 1. If a virus is in a virus vault, can you safely use the computerfor internet banking or could it still be tracking passwords? 2. Is there a way to delete it from the vault? 3. How did the virus appear from a new mp3 player,(ministry of sound, sports clip stix 256mb )(it is preloaded with songs, were they the source of infection?) , could the manufacturer be trying to just track its use? we have a windows xp media centre edition 2005, 2 months old no trouble until this. I have very very basic it skills. Thanks again A:virus in virus vault but not able to delete it; trojan horse generic.WUD Hi and welcome You can delete them from the vault. The location of those are in System Restore. If you turn off System Restore, then turn it back on - they should all be gone. 3 more replies Answer Match 67.62% I recently noticed that I have a virus on my computer. After doing a little search on this site, I have download HJT and I will post my log. Please help... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:23:02 PM, on 10/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lphcpqcj0e1aa.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\AIM6\aolsoftware.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WIN... Read more A:Adware.virtumonde generic.dx virus To give a little more details. This bug is had taken control of my task manager as well as my desktop background. It sends pop-ups that imitate windows antivirus 2008 (which I never clicked on). I have down a scan with Mcafee and it has quarantine 3 trojans. That allowed me to controll my desktop background again, but now I get a windows boot error message when the computer as been idle. Like a screen saver. Any help is greatly appreciated. 1 more replies Answer Match 67.62% Hi, I need help getting rid of these virus please. Mcafee detected it. I am including a hijackthis log. Thank You Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:12:42 PM, on 2009-01-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.e... Read more A:Trojan virus generic.dx and downloader-uah some one help please 1 more replies Answer Match 67.62% Browsed through your forum. Did the Panda Active Scan as you suggested. There were three infected files - one a trojan - despite using several spyware programs religiously... In the past, I have had wipe the hard drive and reinstall the operating system so I am trying to proactive this time around. I've included uploads of the HiJack This log and the Active Scan log. Your help is appreciated. Thanks! A:Generic Malware/Virus/Trojan Hello, Coach P Welcome to TSF My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.) Please give me some time to look over your computer's log(s). Please take note of the following:In the meantime, please refrain from making any changes to your computer. Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :) If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Finally, please reply using the button in the lower left hand corner of your screen. Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" . We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer. Save it to your desktop. Double click on the icon on your desktop. Click the "Scan All Users" checkbox. Push the button. Two reports will open, copy and paste them... Read more 2 more replies Answer Match 67.62% Hi, im new here and hope you can help me solve this annoying problem. The error message appears randomly (or i just dont get it what have i done to make it appear). Its a Generic Host problem Error message (Send/Don't send). With it popping up my LAN connection stops (stopping the internet connection sharing as well (ICS)), shared folders unshare, and i lose internet too. I have to restart to make it work. After restart folders are shared again and connections work. But i know its not ok. The virus is still in. Here is the HJT log of the PC connected directly to internet and also sharing it with ICS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:43:23, on 25.2.2008 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe D:\INSTALL\hijackthis\HiJackThis... Read more A:Generic Host type virus while using MS ICS pls help me bump! 7 more replies Answer Match 67.62% Hello, I just received notice through my Trend Micro Internet Security that I have a virus! I came home and turned on my computer. When I tried to load IE, the computer froze, flashed the BSoD, and rebooted. Then my computer couldn't locate my harddrive. Through my RAID array configuration I was able to reconnect my hard drive. Immediately upon rebooting, my AVS popped up warning me that I have the PAK Generic.001 virus. This is strange because after my last attack, I've been careful not to visit any questionable sites, and I haven't downloaded anything lately, to my knowledge. Here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:10:00 PM, on 9/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe E:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\WINDOWS\Explorer.EXE E:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe E:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Trend Micro\Internet Sec... Read more A:Infected File: b11[1].exe Virus Pak Generic.001 I'm not sure on the proper ettiquette of forums, but I've heard that it's rude to double post.. if this is the case, please forgive me. As a follow up, I used my computer as usual, booting down when I was finished. Upon returning from work, I tried to start my computer only to have the same problem as last night. My HD connected through a sata array (I think) was not defined again. I'm assuming the virus is affecting this. Also, I noticed that any ads seems to change to some sort of pornographic banners on the side, with audio. I was on a MSN games page and was shocked to see such an ad on MSN. I assumed it was this pesky virus.. Hopefully someone knows what the problem is and how I can fix it. Thanks again for your time. 3 more replies Answer Match 67.62% Hello. The other day I installed MS Expression Web 2007 and after the installation I ran a Kaspersky (2011) Full Scan and the following 2 Objects were detected as ? hidden from the user?. HiddenObject.Multi.Generic - C:\WINDOWS:nlsPreferences and C:\WINDOWS:Astinfo. Kaspersky indicates these objects will be moved to quarantine but upon system reboot and a rescan the infected objects reappear. Are these objects a virus? My DDS.txt is below: . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by User at 23:18:50 on 2011-06-19 . ============== Running Processes =============== . C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ASTSRV.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\IFXTCS.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe C:\WINDOWS\system32\NLSSRV32.EXE C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesSer... Read more A:HiddenObject.Multi.Generic Virus? Hi, Please do the following: Download ComboFix from one of the following locations: Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log... Read more 9 more replies Answer Match 67.62% Help I have been trying to remove this virus for two days and still it is showin up. It first started out with the securitytool virus and would not let me se the desktop nor open anything. I was able to find that and remove it. I then turnred off system restore and tried several times to remove the PACked. Generic.254 virus, but it is still not coming off. I tried to download spybot and malwarebytes, but it doesn't install or open properly. Please help. I work at a healthcare industry and I need this pc clean, before it spreads. (((I HAD PLACE THIS I ANOTHER AREA, HOWEVER I WAS GETTING VIEWS BUT NO REPLYS))) I MUST HAVE PLACED IN THE WRONG FORUM PREVIOUSLY A:Can't remove PACKED.GENERIC.254 VIRUS We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down) Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it. Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr================================================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press an... Read more 5 more replies Answer Match 67.62% Hi! mY thUmbdriVe hAv thiS generiC.dx viruS which my cOmputer caNt remOve. Plz heLp~ THx yOU vERy mUch . This iS mY hijaCkthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:51:47 PM, on 10/2/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\sttray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\McAfee\MSK\mskagent.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\Program Files\WIDCOMM\Bluetooth Software\... Read more A:Generic.dx Trojan virus on thumbdrive HELP~~~ HELP~~~ SAVE mE~~~ o.0 2 more replies Answer Match 67.62% I am running Windows XP and have been nailed by the generic.dx and vundo!grb viruses. My McAfee AV was able to quarrantine the vundo virus, but cannot fix the generic.dx virus. I cannot get rid of these and need some help. Please advise! A:HELP! Computer has generic.dx and vundo! grb virus I have already run ComboFix and below is the text report: ComboFix 09-02-08.02 - John Carroll 2009-02-10 10:08:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.405 [GMT -5:00] Running from: c:\documents and settings\John Carroll\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\twain_32 c:\documents and settings\LocalService\Application Data\twain_32\user.ds c:\documents and settings\NetworkService\Application Data\twain_32 c:\documents and settings\NetworkService\Application Data\twain_32\user.ds c:\windows\system32\cbXPgebX.dll c:\windows\system32\ctcxhx.dll c:\windows\system32\DKSBHkkj.ini c:\windows\system32\DKSBHkkj.ini2 c:\windows\system32\dydbgrnv.dll c:\windows\system32\emvtaraw.dll c:\windows\system32\flapjntc.dll c:\windows\system32\fucndwpl.dll c:\windows\system32\hgalghoc.dll c:\windows\system32\irajwimb.dll c:\windows\system32\jkkHBSKD.dll c:\windows\system32\jsjnpf.dll c:\windows\system32\mralrc.dll c:\windows\system32\mxqvwjum.dll c:\windows\system32\qouavg.dll c:\windows\system32\qplqfbnv.dll c:\windows\system32\sgxmdmbm.dll c:\windows\system32\twain_32 c:\windows\system32\twain_32\local.ds c:\windows\system32\twain_32\user.ds c:\windows\system32\wvUkLCvt.dll c:\windows\system32\yoocakvv.dll c:\windows\Tasks\prnjltuf.job . ((((((((((((((((((... Read more 2 more replies Answer Match 67.62% I seem to have this vundo trojan or virus or whatever...just like everyone else here who has had the same problem, my antivirus keeps popping up and saying 'virus found & deleted', yet from what I have researched about the dll, it only replicates itself if deleted? I have downloaded hijackthis and vundofix...please help!! Here is the log file; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:10:20 AM, on 5/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:... Read more A:Vundo!generic virus on my system...help? 7 more replies Answer Match 67.62% McAfee recently detected generic.dx as a trojan in digstream.exe and npwthost.dll. It says that both were deleted but it keeps recurring daily. I am running windows XP and it has been running slow for the past couple weeks. I tried to follow the instructions for generic.dx but I assume that it is a case by case basis as I didn't have the same log file when I ran hijackthis and got the following log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:12:20 PM, on 9/18/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\Sys... Read more A:Generic.dx in virus scan, keeps recurring 10 more replies Answer Match 67.62% Hi there, I'm really disappointed with this virus. Although I had many tries but it wouldn't be removed. This virus has spread to my all 3 drives (C which is an OS drive, D and E). I had a report from Kaspersky Anti Virus which found this is a Worm.Win32.Generic. I tried to re-install my PC for several times and formatted drive C, then took some full scans but it still didn't change. It has some symptoms such as: 1 - Stop my connection even a connection status icon still runs normally. I can't surf with any certain browsers. 2 - In all drives, there are strange folder applications usually called "New Folder". When I removed it automatically re-generated after restarting Windows. Is there any help? I need your help now 'cause I'm not good at struggling those viruses and no confrontation b4. Thanks in advance, amida A:Worm.Win32.Generic virus! Hello and welcome to TSF. We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a Quote: Having problems with spyware and pop-ups? First Steps link at the top of each page. Please follow our pre-posting process outlined here: http://www.techsupportforum.com/f50/...lp-305963.html After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. 1 more replies Answer Match 67.62% Hello, Let me first introduce myself as Donviti the amazing idiot. Yes, I downloaded something, opened it and then after clicking it, said Why TF did I open that. And now, one full week later I can't contain it. McAfee stopped a pop-up once, but since then the adds keep appearing. I have run Malwarebytes, AVG 7.5, Ad Aware, McAfee from comcast. I know for a fact that I have at least one virus that could not be "contained" by McAfee and the other one McAfee found told me to restart my computer and rescan. Once I did that, McAfee no longer found the either of the virus's but the pop-ups kept coming. Then when I run the ad-aware it now finds about 18 different stat-counters and things like that. McAfee labeled it as "Generic!Artimus Trojan" if that helps anyone... A:Snappy Ads Virus (Generic!Artimus) Did McAfee provide a specific file name associated with this malware threat(s) and if so, where is it located (full file path) at on your system? Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved. See Understanding virus names. 3 more replies Answer Match 67.62% Hello! I recently discovered this virus on my laptop and am unable to remove it using Norton Internet Security 2009. This program says it "fixes" it but when I do another scan it is still there. When i attempt to run the DDS program that you recommend I get an error telling me that it is not compatable with my system (I'm running Windows Vista Home Premium 64 bit), so instead Ive ran HijackThis and saved the log. If you need any further information to figure this out let me know, and much thanks in advance for any help you can provide!Here is the HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:37:36 PM, on 5/9/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\MediaMall\PlayOn.exec:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MS4V5879\procexp[1].exeC:\Program Files (x86)\In... Read more A:Packed.Generic.200 Virus Infection Can no one help?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of ... Read more 3 more replies Answer Match 67.62% Can you help me how to remove Trojan Generic.dx. it is deleted by Mcaffe but it generate with winlogon.exe application after every 5 seconds. A:How to remove Trojan virus Generic.dx Hi there and welcome to TSG Download HJTsetup.exe to your desktop. Double-click HJTsetup.exe icon on your desktop to start the installation. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back to this thread and Paste the log (Ctrl+V) in your next reply. 1 more replies Answer Match 67.62% Hi, i think i caught a virus today as i was searching on a specific file search engine. Everytime i open up internet explorer the screen will say, "Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information. To get full advanced real-time protection for PC and Internet activity, register your antivirus software." AVG will also tell me that it detects Trojan Horse Generic. Can somebody please help me? Thank you A:Trojan Horse Generic Virus..Please Help Hello to everyone out there thats reading this. I just caught this virus on my computer a few days ago and i need to find a way to get rid of it. I'm afraid to access my email or any other personal information. This virus basically keeps sending me alerts saying that my computer is at risk and will give me links to download Perfect Defender. Can somebody please help me with this? I know you tech people are probably very busy fixing other computers so i understand if your response takes a while. Please let me know what i can do. Thank You 1 more replies Answer Match 67.62% Hello. The other day I ran a Kaspersky (2011) Full Scan and the following 2 Objects were detected as ? hidden from the user?. HiddenObject.Multi.Generic - C:\WINDOWS:nlsPreferences and C:\WINDOWS:Astinfo. Kaspersky indicates these objects will be moved to quarantine but upon system reboot and a Kaspersky rescan the infected objects reappear. Are these objects a virus as I Have done a MBAM, SAS, and Dr. Web CureIt scan and they all come up clean? My DDS.txt is below: . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by User at 23:18:50 on 2011-06-19 . ============== Running Processes =============== . C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ASTSRV.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\IFXTCS.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe C:\WINDOWS\system32\NLSSRV32.EX... Read more A:HiddenObject.Multi.Generic Virus? Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more 3 more replies Answer Match 67.62% I got a rar file from a friend that has apparently infected my pc. According to my VShield the name is Generic PWS.y!ti.It's main location from what i've learned so far is C:\lsass.exe. It keeps extensions and system files hidden, this is how i found out my infection because i do not have extensions and system files hidden normally.From a dos window i can see the file in my root. (dir /a)08/04/2004 14:00 380,928 lsass.exeWhen i'm in Windows my VShield keeps alerting me, C:\lsass.exe\000535a8.EXE cannot be cleaned. Neither can i move or delete it.Using a 3rd party program (hiddenfinder) i did Properties of the lsass.exe located in the root and it strangely enough had a Font tab. So maybe it has itself connectec to fonts too?!I searched my registry and it has 'connected' itself to userinit.exe:HLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogin C:\WINDOWS\system32\userinit.exe,c:\lsass.exeMy OS is Windows XP SP2This is my hyjackthis log and DDS log. I hope somebody can help me get rid of this bugger.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:30:10, on 10/7/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WIND... Read more A:Cant remove virus/trojan (Generic PWS.y!ti) ? Well after 3 days i must say i really hoped someone could help me get this virus beaten. I guess no experts have been present in the forum. I read that it normally takes 24 hours tops for a reply! Well guys, for what it's worth, i got the virus out myself. In case somebody else gets the same virus just just Malwarebytes' Anti-Malware. It seems to work good enough to rid of the virus after a reboot. At first i was manually deleting reg keys, (the virus kept sticking itself to userinit.exe), but it kept coming back. Cheers. 2 more replies Answer Match 67.62% I have dowloaded AVG anti virus and when i run a scan the following virus appear Trojan Horse Generic. Once this has been detected the search freezes and I cant delete this virus cos the PC freezes. Can I search and delete this virus in another way. I think it is this that is causing my pc to freeze and restart when connecting to the net. Please help!!!!!!!!!!!!!!! A:Trojan Horse Generic Virus 16 more replies Answer Match 67.62% Hi My sons computer is infected with the Trojan Downloader generic4. dem virus and infostealer. I need help I have downloaded AVG and it can not remove the virus. PLEASE HELP... Here is the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 6:07:23 PM, on 4/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common F... Read more A:Help...Trojan Downloader generic virus 13 more replies Answer Match 67.62% Logfile of HijackThis v1.99.1 Scan saved at 11:00:43 AM, on 3/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\FreezeScreenSaver.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Bangalore Press\Rainlendar... Read more A:my system is affected with generic.fx virus brooksy, you have been warned about posting to threads in the Security Forum. Consider this strike two. 3 more replies Answer Match 67.62% Hello folks, I seem to have caught a pretty bad case here. I hope one of you guys can help me out a bit... Whenever I start my laptop, I get a Data Execution Prevention error on Windows Explorer (Explorer.exe). This causes it to shut down and start afresh. However, every time it starts again, I get an Application Error of Explorer.exe ("The instruction.... referred memory at... The Memory could not be written." And I get the same Data Execution Prevention error again. So it keeps on going in a loop. But that is not all. McAfee pops up every time explorer is launched anew, and warns me for a couple of infections with "generic.dc!sux". It claims to have deleted them, but since it finds these again every time explorer starts, it's obviously not solved. I've ran a couple of malware scans (Spybot and SAS). SAS has removed some minor malware threads. One keeps coming back however. At first it was the "Trojan.Agent/Gen-WPV". It was removed, but after reboot, I ran another scan, and this time it found infectons with the "Trojan.Agent/Gen-Frauder". I'm not even sure all this problems are interrelated, but I'd guess they are. Thanks for any help! Here's my HiJackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:42:10, on 28/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS... Read more A:Explorer.exe crash & Generic.dx virus 15 more replies Answer Match 67.62% Hello,I just received a warning message from McAfee saying they'd detected a programme called Generic!Artemis. It's located on the C:Drive under my downloads in the SetUp file. When trying to remove it, the following message appeared: The potentially unwanted programme cannot be removed. Something about maybe being linked to a bundle.So far we haven't really noticed many problems with the computer, except that it runs quite slowly and sometimes it just freezes and doen't allow us to open any programs. Also we often get an error message about the synopsis touch pad not working, whatever that means. I would kindly ask for your help in resolving this as it's proving more persistant than expected! Thanks so much!!Here's the DDS Log:DDS (Ver_09-02-01.01) - NTFSx86 Run by Vicky at 19:14:24.74 on 26/02/2009Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.1789.731 [GMT -8:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost... Read more A:Generic!Artemis Virus Detected Hello ConfusedComputerUser,Artemis is something McAfee uses in its detections. What you're experiencing is most likely a false positive from McAfee. Can you please post for me the file(s) it's flagging so we can be sure?We can do a couple of scans after that, if you like, to be sure your system is all right. Regards,tea 10 more replies Answer Match 67.62% I have a message that keeps popping up from McAffee that says I have a trojan virus called Generic.dx located in c:windows\system32\AppCert\wnl32.dll. MaAffee cannot quarantine nor remove it. Any ideas on how to get rid of it? A:I Need To Remove The Trojan Virus Generic.dx Welcome to BC cadoodle32 For a start, I suggest scanning the file in question at Jottiscan and Virustotal to rule out the possibility of a False Positive. Please post the results in your next reply.Orange Blossom 1 more replies Answer Match 67.62% my computer has seemed as though it's being controlled by something and i noticed the connectivity icon down by my system clock shows two internet connections (where there used to be only one. ...one is "network 2, access: local and internet and it is a "private" network, the 2nd is "the internet (1) and a variable number ...at first i noticed it was 40, then 41, etc. now it is 43; access on this one is: local and internet and it is a public network) ...i scanned with AVG and it revealed i have a trojan virus (comprising of 3 files - divxinstaller.exe ; and two others with characters in the strings that, i'm not sure are lowercase L's or capital i's, they are: divxinstaller.exe:\$[i or L]\y_toolbar.exe ; divxinstaller.exe:\$[i or L]\y_toolbar.exe:\$[i or L]K).

when attempting to clean the infection, AVG says something about the size of something being larger than the log file (?) and it does nothing... i don't know if that is a trick of the virus or, AVG wants to backup before making changes and can't do so for some reason.
i have run AVAST, AVIRA, TREND HOUSE CALL - avast and avira do not pick up anything, trend turns up *4* (instead of 3) "vulnerabilities" that i am not sure if they are related or something else entirely. the only details available about the threats are: MS07-023, MS07-025, MS07-036, MS07-042 ...on repeat, AVG still says i have the virus .

do you think this is real bad? if you think there's... Read more

A:what to do about trojan virus divxinstaller.exe generic L13 ?

16 more replies

I?ve had a virus now since Monday February 20th, it?s now Friday 24th February 2012.

Since obtaining this virus I?ve installed McAfee and PCTools, both have virus removal software, a scan takes around 2 to 4 hours and always finds a bunch of viruses.

I can run the Scan, delete the viruses run the scan again and it will find more viruses.

One virus that is always in the list is - Generic Backdoor!dxx PC Tools and McAfee both always ask me to restart the PC to remove this virus. If I do this, the PC will not restart, goes into Repair mode and the only way to get Windows 7 running again is to do a system restore meaning I still have the virus ? rinse and repeat, I?ve spent hours/days trying to solve this now.

Another problem which is probably related is if I launch FireFox, I have some kind of Google redirect virus, if I search something on Google like ?hello? and then click on one of the results, it takes me to a site called Dgame.info and then redirects me to another page.

Is this all related, can anyone offer me any suggestions or advice here?

I noticed that on lot?s of forums people say to do a System Restore, my restore does not go back far enough now, all restore points contain the virus.

A:Generic Backdoor!dxx Virus help needed

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

2 more replies

I have the same issue. I just got the generic.dx virus upon login this morning. I also get a virus called weby[1]. The second shows up in my temp internet files even though I cleaned the file out prior to logging off.

Logfile of HijackThis v1.99.1
Scan saved at 11:04:07 AM, on 4/7/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

More replies

Hi. I am hoping you may be able to help. I was using Youruninstaller (which I now think was infected) to uninstall a programme. I noticed the CPU usage and processor were working overtime. I did a scan with Spyware Doctor and it detected Email-worm.Zhelatin which I removed and thought I was in the clear.

I then tried to uninstall Youruninstaller with Revo Uninstaller. When doing this Kaspersky internet security quarantined riskware Trojan.generic.

I did another Spyware doctor scan which detected no further virsuses. However, the processor is still working overtime and often spikes, making the computer slow. Also, I cannot install new programmes without getting a error message.

What should I do to restore the system? I have deleted TEMP and TIF files and enabled Show Hidden Files & Folders. Thank you for any help.

Here is my DSS report

DDS (Ver_09-01-07.01) - NTFSx86
Run by Family at 18:40:26.73 on 08/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.1790.1181 [GMT 0:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss

A:Riskware Trojan.generic & riskware worm.P2P.Generic

3 more replies

I have a serious computer problem I have read numerous posts to self diagnose and correct the problem. When I think it's good it comes back to haunt me, I am stuck with a computer that constantly freezes, Google redirects me to malicious sites and mostly everytime I try to run the control panel it freezes up on me. I also have this error messege that pops up and says "Generic Host process for Win32 services has encountered a problem and needs to close." Some additional info for that error message:SzAppname: svchost.exeSzAppVersion: 5.1.2600.5512SzModname: ntdll.dllSzModVersion: 5.1.2600.5755I have run Malware bytes numerous times quick scan, full scan it will detect then I will remove and when I restart the computer and run it again it's back on there! I am getting to my witsends over this I don't know what to do and need some help please! here is my HiJackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:52:09 AM, on 11/30/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17091)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

A:Google redirect virus, generic host process win32 error messege, constant virus removal with malware bytes

2 more replies

Dear friends at Bleepingcomputer.com,I am using AVG Anti-virus free 9.0.725, and at least once a day i get the following AVG popup:Infection - Virus identified Worm/Generic.ASTZ C:\System Volume Information\_restore{1E528D1F-E05D-444F-A25D-0812EDA4F13D}\RP9\A0004321.exeEach time i select "send to vault", but it is not removing the worm as it pops back up some hours later.So, to borrow a line from the cinnamon-buns-for-hair Carrie Fisher: "This is our most desperate hour. Help me, Obi-Wan Kenobi; you're my only hope." The dirty details are below:DDS (Ver_09-12-01.01) - NTFSx86 Run by gamera at 22:34:28.54 on Mon 01/11/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.108 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:&#... Read more

A:Virus identified Worm/Generic.ASTZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

2 more replies

Hi,

My computer recently crashed to blue screen and there appeared to be problem with the hard drive. I booted from disk and fixed the errors.

Subsequnetly, I have experienced a couple of viruses, one which I found by accident when using the online Bit Defender scanner - that was Trojan Generic 591310 (this has since re-appeared), and the other V2P6 virus was found by McAfee (an old version) but it said that it could not be removed. I then quarantined and deleted. This seemed to get rid of it.

The V2P6 virus was found in Documents and settings/Applications/Skype/plugins

Do you have any advice on what might be the underlying cause - could it be Skype. This is a useful program, since I have relatives abroad. Would you reccomend updating my virus software? If so, what is a good package, there are so many different programs available, I don't know where to start.

I set out below my HIJACK THIS LOG:

Northyorki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:32, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE

A:Trojan Generic 591310 and V2P6 virus

This is a repeat from an earlier thread - Nobody has come back to me and my computer is now crashing regularly. Please help!

Hi,

My computer recently crashed to blue screen and there appeared to be problem with the hard drive. I booted from disk and fixed the errors.

Subsequnetly, I have experienced a couple of viruses, one which I found by accident when using the online Bit Defender scanner - that was Trojan Generic 591310 (this has since re-appeared), and the other V2P6 virus was found by McAfee (an old version) but it said that it could not be removed. I then quarantined and deleted. This seemed to get rid of it.

The V2P6 virus was found in Documents and settings/Applications/Skype/plugins

Do you have any advice on what might be the underlying cause - could it be Skype. This is a useful program, since I have relatives abroad. Would you reccomend updating my virus software? If so, what is a good package, there are so many different programs available, I don't know where to start.

I set out below my HIJACK THIS LOG:

Northyorki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:32, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe