Tech Problem Aggregator

Solved: unknown trojan - “Your computer was infected by unknown trojan”

Q: Solved: unknown trojan - “Your computer was infected by unknown trojan”

Just found this on my dad's pc and it's been giving me a real headache. I've googled about and tried all of the stuff i found, to no avail, norton's not detecting anything and i've deleted the directory it had installed itself under Program Files\Files-Secure but it's still popping up on outlook, IE, or explorer.exe

thanks for help in advance
Anyway, here's a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:32, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\Updates\sbsd152upd.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\Farm\LOCALS~1\Temp\is-HA5SA.tmp\sbsd152upd.tmp
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Farm\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btconnect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Business Broadband
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Media Player Codec - {54202673-BD70-423C-AE57-5B2354567629} - C:\WINDOWS\dsaip32b.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: F1U201.401.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131621030312
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4645/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 11527 bytes

A: Solved: unknown trojan - “Your computer was infected by unknown trojan”

here's a screenshot of it

3 more replies
Answer Match 93.66%

Help me pleeeeeeeeeeeeeeeeeeeeeeease!!I have a system error appearing that says "your computer was infected by unknown trojan. It's dangerous for your system. click ok to download the antispyware program" I can't remove it! I've tried at least 10 antivirus and malware scanners ... Here is my logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:26:09, on 02.03.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exed:\Programme\Alwil Software\Avast4\aswUpdSv.exed:\Programme\Alwil Software\Avast4\ashServ.exeD:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Programme\Google\Google Desktop Search\GoogleDesktop.exeD:\Programme\CA\CA Internet Security Suite\cctray\cctray.exeC:\Programme\Google\Google Desktop Search\GoogleDesktop.exeD:\Programme\Winamp\winampa.exeC:\WINDOWS\SOUNDMAN.EXEC:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program... Read more

A:Your Computer Was Infected By Unknown Trojan

Hello themadmax,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry k... Read more

2 more replies
Answer Match 93.66%

Everytime I open a folder I get this message... "Your computer was infected by unknown trojan. It's dangerous for your system(critical files can be lost!) Click OK to download the antispyware program to clean your system(recomended).

Please help.

Logfile of HijackThis v1.99.1
Scan saved at 1:11:06 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton An... Read more

A:Your computer was infected by unknown trojan...

Run HJT again and put a check in the following:

O2 - BHO: Sysem Player - {D70E28A7-AA79-4D62-A59F-87024840BB62} - C:\WINDOWS\sysvol32.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Close all applications and browser windows before you click "fix checked".

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software&q... Read more

1 more replies
Answer Match 93.66%

Hi there,

I was wondering if anyone could assist me please? I am receiving a pop up window stating 'your computer was infected by unknown Trojan,

It?s dangerous for your system (critical files can be lost)!

Please find below a copy of log files for Hijackthis as well as Combofix, any help will be greatly appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:07:28, on 25/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\Explorer.exe
C:\Pr... Read more

More replies
Answer Match 93.66%

I have a bug on a Windows XP/SP2 laptop that throws this error whenever I open a web page or change to another web page:-------------------------------------------------------------------------------------------------System Error!Your computer was infected by an unknown trojan. It's dangerous for your system (critical files can be lost)!Click OK to download the antispyware program to clean your system! (Recommended)---------------------------------------------------------------------------------------------------I have followed your step by step doc and does these steps:1) Cleaned out all temp files2) Ran Adaware + SpyBot3) Ran Stinger4) Ran Trend Micro House call (this detected something 'unknown' but could not remove it.5) XP Firewall is enabled6) Patches are downloaded7) I have run HJT and here is the log file:thanks for any help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:39:40 AM, on 3/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS&... Read more

A:Your Computer Was Infected By An Unknown Trojan

I got it fixed. I uploaded my hijackthis log to http://HijackThis.de and they do an instant analysis.They flagged this entryO2 - BHO: Media Player Classic - {486D0362-657B-4771-B56D-AE29AA31B78B} - C:\WINDOWS\ausctv32a.dllI deleted it with HijackThis (closed all Web Browser windows and Windows Explorer sessions 1st).I have opened lots of Web Browser sessions and the popup error does not occur anymore....Thank you Jesus!Hope that Helps some people.

2 more replies
Answer Match 93.66%

This is on my mother-in-law's computer. I can usualy find the solution to removing viruses and whatnot... but this one has me stumped and it's the first time I've used hijackthis.

Pretty much every time IE 7 requests a new page, there's a popup saying "your computer was infected by an unknown trojan...." I've seen several other postsings around on the
net about this, but no definitive answers... and tried a few of the solutions proposed, but wasn't able to find any of the DLLs listed on the box... but it is Vista... so while it's trying to helpful... who knows.

I scanned with adaware, spybot, norton, stinger, & windows defender - nothing other than the usual "tracking" cookies.

Here are my smitfraud and hijackthis reports. I ran smitfraud before hijack this and I am still getting the popup error.

I appreciate any help - Thanks - Peter

--------------------------------------------------------------------------------------
SmitFraudFix v2.299

Scan done at 9:37:36.79, Sun 03/02/2008
Run from C:\Users\Patty Swanstrom\Downloads\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

???????????????????????? Killing process
???????????????????????? hosts
127... Read more

A:Your Computer Was Infected By An Unknown Trojan

Hi,Rightclick HijackThis.exe and select to run as an administrator. Important!Then, click the scan button and check next entry in it:O2 - BHO: MS Video Control 1.0 - {708F8B95-4012-4A3A-9494-5EEE5F8CC89E} - C:\Windows\msvidc32.dllClick the Fix checked button below.Let me know if that solved your issue.

2 more replies
Answer Match 93.66%

Hi,
Can someone help me remove the virus/trojan. I keep on getting this message:

"Your computer was infected by unknown trojan. It is dangerous for your system (critical files may be lost)...."

Here are my Hijackthis traces:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:48 PM, on 2/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\sy... Read more

A:Your Computer Was Infected by Unknown Trojan

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 5:02:34 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545785
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 84318
Number of viruses found: 2
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 02:16:29

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{55B781F0-060E-11D4-99D7-00C04FCCB775}\setup.ilg Object is locked skipped
C:\Program File... Read more

2 more replies
Answer Match 93.66%

Hello all,

I have had the 'Your computer has been infected by an unknown trojan" message for about a week now. I researched several different forums, it seemed that SmitFraudFix was the answer in most cases.

So I ran that last night, I cleaned the registry by answering 'Y', all in safe mode, and I restarted. When I restarted, I noticed two things. One, my wallpaper was gone, and two, I couldn't connect to the internet anymore. I tried the basics, restarted my modem, troubleshooting my connection, etc. Nothing seems to work.

Obviously without an internet connection, it makes it tough to seek answers. Please help if you know what I do next!

Thanks! Steve

A:'your Computer Has Been Infected By An Unknown Trojan"

Hello please do these thingsTo repair the internet connectionDownload LSPFix and save to your desktop.alternate download site alternate download siteDisconnect from the Internet, go to the LSPfix file and extract (unzip) LSP-Fix into its own folder such as C:\lspfix. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.Open the lspfix folder and double-click on LSPFix.exe to start the program.Check the "I know what I am doing" checkbox.Select (highlight) all instances of BAD.dll in the left column under "Keep".Click the arrow >> so it goes over to the right column under "Remove". Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.Restart your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Delete the following files:
C:\Windows\system32\BAD.dll
C:\Windows\system32\BAD.dllRestart your computer normally and post a new HJT log.For instructions with screen shots, see the "Using LSP-Fix Tutorial".This warning comes with SmitfraudFixWarning : running option #2 on a non infected computer will remove your Desktop backgr... Read more

5 more replies
Answer Match 92.82%

Hi,My son downloaded a video codec & unwittingly installed a trojan popup (Trojan.Downloader.Codec.E?) which appears whenever you move around in windows explorer or open a new page in internet explorer. I have tried to get rid of it but failed and I would appreciate your help.I have followed the preparation instructions and Bit Defender found a trojan it couldn't delete in msvidc32.dll. I am reluctant to try and remove this myself without your advice.Below is the Bit Defender report followed by the Hijack This reportchrisssScanned File Status C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Disinfection failed C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Deleted C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Disinfection failed C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Deleted C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf Detected with: Application.MWS C:\WINDOWS\Downloaded Program Files�... Read more

A:System Error! Your Computer Was Infected By An Unknown Trojan (trojan.downloader.codec.e?)

Hello chrisss,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry key... Read more

12 more replies
Answer Match 92.82%

I need a little help.

Getting Error:
Your Computer was infected by unknown Trojan. Its Dangerous for your system (Critical Files can be lost)
Click OK to Download the antispyware Program to clean your system!

I have ran Norton and Spybot and I am still unable to to find and remove this.

A:ERROR 'Your Computer was infected by Unknown Trojan'

Hi damon4105,

Have you taken the time to familiarize yourself with the following sticky before posting?

(Updated!) IMPORTANT - Read This Before Posting A Log

Please go through the 5 steps outlined in the link below and post back the requested logs in this thread.

1 more replies
Answer Match 92.82%

My desktop computer has been infected for about a month now, however even though I had suspected it earlier I have not looked into it until recently as unusual things kept happening on my computer. My main e-mail had been compromised somehow and everyday my e-mail would be subscribed to about 20 different websites saying "welcome to <site goes here>!". I figured at first someone had just sold my e-mail, however then GMail had showed me a warning message that both my e-mail accounts had an unusual visitor trying to login, thus I changed my passwords. Then today, I received replies from many random ad posters on Kijiji showing that someone on my e-mail account had been insulting random ad users on Kijiji.I have scanned with Spybot S&D, Malwarebytes Anti-Malware and Avast! (free) but to no avail. Here are my computer specs:Intel Pentium Dual Core E2140 @ 1.60GHz4GB RAMATI HD4830 Video CardWindows 7 Professional 64-bit SP1=========================================DDS Log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31Run by eklypze at 18:05:34 on 2012-07-09Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1932 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Proces... Read more

A:Computer Infected with Unknown Rootkit/Trojan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459981 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

10 more replies
Answer Match 91.98%

Hello,

Thanks in advance for your help.. it is greatly appreciated. I have already gone through the 5 steps prior to posting, and was unable to run one.. Panda online scan. I have also exhausted the malware self help on this one.

On opening or using Internet Explorer we get this:

System Error!
Your computer was infected by an unknown trojan.
It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your system! (Recommended)

It's a winxp machine with AVG Antivirus Pro & Windows Defender. All efforts have failed so far.

Deckards log:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-01-17 11:45:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-17 17:45:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:46 AM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\sy... Read more

A:[SOLVED] IE infection "Your computer was infected by an unknown trojan"

72 hour bump... thanks for any help you can provide!

4 more replies
Answer Match 91.56%

when i open my browser i get this prompt"System Error: your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the antispyware program to clean your system! (recommended)"i ran housecall and cleaned my system then i ran smitfraudfix and cleaned my system. the prompt is gone but i woud like to know if there is anything else i need to do. thank you for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:38:53 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\Program Files\AIM6\aim6.exeC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\run... Read more

A:"system Error: Your Computer Was Infected By Unknown Trojan.

Hello sum wun, I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\Viewpoint*******************you need to realize that you are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer. I recommend you download the free Avast or AntiVir orAVG antivirus Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously! Post the log from the antivirus program, a fresh Hijackthis log and tell me how your computer is running.

2 more replies
Answer Match 91.56%

I am at my wits end. I've tried everything to get rid of this pop-up. I tried smitfraudfix.exec and it did not get rid of it. I tried to find hijackthis.exec and every site takes me to some software place. I ran the combo exec and still it comes back. I ran a bunch of spyware software. Cleaned registars, deleted temp files. I am running windows XP. Here is my Rapport. txt. I ran it tonight. 02/19/2008.Help!I ran hijackthis.... see below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:02:32 PM, on 2/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files... Read more

A:System Error! Your Computer Was Infected By Unknown Trojan

This problem is fixed. I ran SuperAntiSpyWare. It deleted MSVIDC32.DLL located in my Windows folder. It also removed key 2A4601BC-8376422D-A2FC-DDF0A40570BD. I bought Spy Sweeper and it said it removed something but it did not remove the IEDEFENDER Tojan. SmitfraudFix did not find this. As you can see NOW! It is located in the HJT log:

O2 - BHO: MS Video Control 1.0 - {2A4601BC-8376-422D-A2FC-DDF0A40570BD} - C:\WINDOWS\msvidc32.dll

Smarter and wiser!

2 more replies
Answer Match 90.72%

Hi, how are you?

Everytime I open anything from folder to 'my computer' I get this error.

"Your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your system! (Recommended)"

I ran ad-aware, and mcafee. Still Nothing.

I ran hijack and this is what I get. Any help would be really appreciate it! Thank you so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:08 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:... Read more

A:System Error: Your computer is infected with unknown trojan popup

9 more replies
Answer Match 90.72%

Hello,
 
I've already been helped by another user and redirected to the preparation guide.
Some of it is in dutch(sorry about that) if you have any questions please ask.
Is it ok if i reinstall the op?
 
Also i just got another message from avast that an attack has been blocked from the windows folder.
 
Slowshootin

A:Computer infected with unknown (virus, trojan, spyware, malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove MyBestOffers using the Add/Remove programs applet.MyBestOffersToday 007.246 (HKLM-x32\...\mbot_nl_246_is1) (Version: - MYBESTOFFERSTODAY) <==== ATTENTION===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CreateRestorePoint:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-1855744329-2542374384-547676269-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 cizodyde; No ImagePath
S2 HP Supp... Read more

15 more replies
Answer Match 90.72%

Hi, I keep getting this pop-up window message whenever I click on any link in my Internet Explorer:System ErrorYour computer was infected by an unknown trojan. It's dangerous for your system (Critical Files can be lost!). Click OK to download the antispyware problem to clean your system (Recommended).It has also highjacked the yahoo and google search results so I have to now copy and paste them to the browser.Please let me know what should I do to clean this...Please help!!! Please let me know if you want me to post it in some other forum. Thanks!I am attaching HIjackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:32:00 AM, on 2/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwlt... Read more

A:Ie Popup System Error: Your Computer Was Infected By Unknown Trojan..

Is this the problem line?? I have no clue but just browsing through web i gathered this, i may be wrong...thanks!

O2 - BHO: Sysem Player - {2AE4C401-AAC4-4F41-9665-1EC88C3BDD7D} - C:\WINDOWS\sysvol32.dll

2 more replies
Answer Match 90.72%

Hello,
 
My computer is infected with something that is causing multiple (anywhere from 18 to 32) dllhost.exe*32 com surrogate processes to be running at any time.  The infection also seems to be flooding my computer with temporary internet files, which has stalled every scan I have attempted (with the exception of avast!), regardless of whether or not I even have a single window of Internet Explorer open.
 
Any help would be greatly appreciated!  Here is my DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16545
Run by matt.baun at 14:48:24 on 2014-04-28
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3977.2012 [GMT -4:00]
.
AV: System Center 2012 Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: System Center 2012 Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetwor... Read more

A:Computer infected with unknown virus, trojan, spyware, or malware

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

29 more replies
Answer Match 89.88%

I was stupid and followed a dodgy link, now every time I open a folder or open IE there's a pop-up box that says "System Error: your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the antispyware program to clean your system! (recommended)"Now when I run Spybot there's 41 problems and even if I fix them they just come right back.Obviously some malware has been installed and this is part of it.I ran Hijack This and this is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:47:41, on 13/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\... Read more

A:Help! Windows Displays "system Error: Your Computer Was Infected By Unknown Trojan"

anyone?

4 more replies
Answer Match 88.62%

Hi,

This is my first post on the techsupportforum, so i go...

Recently I've been getting popup message when I'm using IE or I'm on my local hardrive, the message says:

Your computer was been infected by unknown trojan.

It's dangerous for your system (critical file can be lost)!

Click Ok to download the antispyware program to clean your System!

and then i click cancel.

------------------------

Here is the log. Extra is attached

Deckard's System Scanner v20071014.68
Run by Alex on 2008-03-21 10:13:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-03-20 23:13:12 UTC - RP91 - Deckard's System Scanner Restore Point
66: 2008-03-20 11:12:12 UTC - RP90 - Removed Personality Voices
65: 2008-03-20 11:11:38 UTC - RP89 - Removed Female Voice Pack
64: 2008-03-19 08:58:37 UTC - RP88 - System Checkpoint
63: 2008-03-18 08:28:58 UTC - RP87 - System Checkpoint


-- First Restore Point --
1: 2007-12-21 23:31:16 UTC - RP25 - Installed DirectX


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-21 10:16:11
Platform: Windows XP Service Pa... Read more

More replies
Answer Match 84.42%

Hi everyone. I seem to have gotten an "Unknown Backdoor Trojan" on my computer detected by an online Pest Patrol scan at http://www.pestpatrol.com/. None of my spyware scanners have detected this but the online scan did. It says that it goes by these aliases:

Backdoor.Lixy.h [Kaspersky]
Trojan.BAT.DeltreeY.bs [Kaspersky]
Trojan.Win32.Fynben.b [Kaspersky]
Trojan.Win32.TalkStocks.a [Kaspersky]

I had detected this trojan on my computer yesterday after doing a scan and then had to format my computer and reinstall everything to get rid of it. I updated everything and installed two firewalls plus Windows firewall and two anti-viruses (Norton and AVG) and I still have the trojan! Last night I scanned with Pest Patrol after the format and it wasn't there. Then my computer started acting up this morning and I scanned again and the trojan was back. I have now idea how I am getting this trojan! I use Webroot Spysweeper, Spybot Search and Destroy, Adaware (Spybot and Adaware are not yet downloaded and installed again), and Spyware Blaster. How on earth am I getting this thing?! What can I do to prevent it from coming back? I have 1 year of computer networking training and as far as I know I am not doing anything risky that would make me get this. Please help!

Here's a link to the page that Pest Patrol gave me about all this:

http://pestpatrol.com/pestinfo/U/Unknown_Trojan.asp#Detection and Removal
 

A:Solved: strange noise from computer was Unknown Backdoor Trojan -

16 more replies
Answer Match 82.74%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:38 PM, on 3/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Win... Read more

A:"Your computer was infected by unknown trojan" System Error

Hi Dr_Omels

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a business computer or a computer from a work place then please advise your IT department of the concerning issues before commencing further.

Please follow these directions in the order they are set out for you.

On with the fix.....

Please download Malwarebytes' Anti-Malware from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is che... Read more

1 more replies
Answer Match 82.74%

Hello -
I'm a getting a pop-up sting when I try to open internet explorer and some other programs that says "Your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download antispyware program to clean your system! (recommended)"

My Internet Explorer now gives me a message that says "Internet Explorer has encountered a problem and needs to close........."

I did a full system scan with my antivirus software loaded on my computer bu it did not find anything infected. It is Norton and not currently up to date, unfortunately I had not kept up on the renewal.

I was going through the 5-step checklist but can not get Explorer to open so unfortunaltely I could only get through step 1 and did not find any of the files listed, or anything unusual in my Program Files.

So I'm stuck. I would go out and purchase some off the shelf anti-spy software but not sure if that will fix my problem.

Please advise!

More replies
Answer Match 82.74%

A quick scan of the internet shows that I am not the only one to get this during the last several days. When I try to access Control Panel > Fonts, I get a popup reading "System error! Your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the anti-spyware program to clean your system! (Recommended)"

Then I get a message to the effect that Windows Explorer has encountered an error & must close. So I never get to Fonts.

What it wants to download, I gather, is the rogue antispyware program "Files-Secure." Of course, I haven't pressed the button to download it, but I can't get rid of the damned thing--AVG, A-Squared, Bit Defender, AdAware, SpybotS&D--and not one of them zaps it.

Here my log from SmitfraudFix, which I just ran:

SmitFraudFix v2.274

Scan done at 12:57:45.40, Fri 01/18/2008
Run from C:\Documents and Settings\Stephen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Av... Read more

More replies
Answer Match 82.32%

HiI thought PC Tools was suppose to find and eliminate these kind of threats,but it does not i am usingAVG 8 FreePlease help me find and fix this problem manually...When I click on "My Computer" and any other folder this thing pop up twice. "System Error!Your computer was infected by unknown Trojan.It's dangerous for your system (critical files can be lost)!Click OK to download the antispyware program to clean your system! (Recommended)" then it open my internetto:http://spywareadvancedscanner.com/2008/3/_freescan.php?aid=880202Or Click on Cancel which does not cancel but also open my internet to:http://spywareadvancedscanner.com/2008/3/_freescan.php?aid=880202How do I remove it?MY hijack this Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:08:02 AM, on 7/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20815)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.ex... Read more

A::angry: "system Error! Your Computer Was Infected By Unknown Trojan. It's Dangerous For Your System (critical Files...

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

2 more replies
Answer Match 81.9%

This error message used to open whenever i clicked on something aswell as a message bubble on the taskbar. Which would then open a website for some "spyware removal tool". I have managed to get rid of the website link, however the message is still popping up.

Error Message as follows: "Your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost!)
Click OK to download the antispyware program to clean your system! (Recommended)"

I deleted these system files in safe mode which got ride of the website link:
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe

But as far as the rest i have no idea. ANY HELP WOULD BE APPRECIATED!!

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:34 PM, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.... Read more

A:Virus Error Message "Your computer was infected by unknown trojan." Vista Home prem.

Hi,

The tool I have a link to below with directions will run on Vista, but you may have to use "RunAs- Administrator" if you do not understand that, let me know.

Please read all through the info so you know what will be done.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------​
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please... Read more

1 more replies
Answer Match 81.9%

I was at a hotel a few weeks ago, and afterwards firefox kept redirecting me to ad sites. I ran Microsoft Security Essentials and detected and removed (partially?) a program called Nimda, but the redirects continued. None of my security software indicated any other problem, and the redirects seemed to be to fairly harmless sites, so I figured I'd wait for my programmer brother to get home for thanksgiving to fix the issue. Today, firefox redirected to a site with the words "please wait, loading." I immediately closed out but my computer was already infected. A program called "privacy.exe" in taskmanager started up- it's your typical faux-security program that prompts you to "clean your computer" presumably by downloading all kinds of other awful crap. This particular program kept closing down taskmanager after a couple seconds every time I tried to open it, automatically closed security essentials, closed all my other background programs, and wouldn't let me open hijackthis or firefox. I restarted in safe mode and ran security essentials, which found and removed something called "VirTool:JS/Obfuscator.CE," then restarted normally, but the situation hadn't changed. After some trying, I was able to open taskmanager and manually shut down "privacy.exe" before it shut me out, and that's as far as I've gotten. Keep in mind when reading my DDS log that I shut this program down already, because it prevents me ... Read more

A:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

2 more replies
Answer Match 81.9%

There is a file in my documents, an AVI file that won't delete. I believe its the trojan I have, and any time I try to reconfigure my internet options or my router it just closes the ipconfig prompt. Deckard's System Scanner v20071014.68Run by Luis Mejia on 2008-04-06 01:34:00Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore ---------------------------------------------------------------- Last 5 Restore Point(s) --18: 2008-04-06 05:28:07 UTC - RP587 - Deckard's System Scanner Restore Point17: 2008-04-06 01:51:06 UTC - RP586 - Installed AVG 8.016: 2008-04-06 00:48:02 UTC - RP585 - Installed AVG 8.015: 2008-04-06 00:29:00 UTC - RP584 - Deckard's System Scanner Restore Point14: 2008-04-05 23:40:05 UTC - RP583 - System Checkpoint-- First Restore Point -- 1: 2008-03-22 06:35:13 UTC - RP570 - Removed Microsoft Office Visio Professional 2007Backed up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-04-06 01:38:13Platform: Windows XP Service Pack 3, v.3264 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Pr... Read more

A:Infected With An Unknown Trojan I Believe

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.If you think you have similar problems, please post a log in the HJT forum and wait for help.Hello and welcome to the forumsMy name is Katana and I will be helping you to remove any infection(s) that you may have.Please observe these rules while we work:1. If you don't know, stop and ask! Don't keep going on.2. Please reply to this thread. Do not start a new topic.3. Please continue to respond until I give you the "All Clear" (Just because you can't see a problem doesn't mean it isn't there)If you can do those three things, everything should go smoothly :D ----------------------------------------------------------------------------------------I apologize for the delay in responding, but as you can probably see the forums are quite busy.Unfortunately there are far more people needing help than there are helpers.If you still require help please post a fresh HJT logClick here to download HJTinstall.exeSave HJTinstall.exe to your desktop.Double click on the HJTinstall.exe icon on your desktop.By default it will install to C:\Program Files\Trend Micro\Hijack This.Click I acceptClick on the Do a system scan and save a log file button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then... Read more

7 more replies
Answer Match 81.9%

keeps closing everythingLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:18:55 PM, on 12/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\Program Files\Trend Micro\BM\TMBMSRV.exeC:\WINDOWS\system32\dllhost.exeC:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\eHome\e... Read more

A:Infected With With Trojan Unknown

Hello mcswainhouse,Welcome to Bleeping Computer Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),Also remove the checkmark from the the Lock Desktop Items box if it is checked.Apply.Apply and Exit Display properties.Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won?t be able to access the Internet to view these instructions.Please download AVG Anti-Spyware Free Edition and save that file to your desktop.This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.The update will start and a progress bar will show the updates being installed.Once the update has completed (the progress bar will display "Update successful!") selec... Read more

5 more replies
Answer Match 81.9%

I'm running Windows Vista, and was recently infected with an unknown malware. The first symptom I saw was ad popups from Internet Explorer 8, even when IE wasn't running. I ran MalwareBytes, and found 1 infected registry key. Here's the log:Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert)I removed the key, but it keeps reappearing on every reboot.I also ran Norton Antivirus 2010, and it identified a whole bunch of Rootkit and Trojan viruses. These were quarantined, and I don't seem to see the popups anymore (though it's too early to say for sure). Norton also found about 75 tracking cookies, which it deleted. However, these cookies still keep reappearing with every reboot. The Norton log is shown below:Category: Resolved Security RisksDate & Time,Risk,Activity,Status,Recommended Action5/8/2010 2:02 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action5/8/2010 7:03 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action5/6/2010 6:31 PM,High,"Risks in compressed file \"xemocasnrw.exe\" detected by Virus scanner",Quarantined,Resolved - No Action5/6/2010 6:31 PM,High,"Risks in compressed file \"oxnrwsamce.exe\" detected by Virus scanner",Quarantined,Resolved - No Action5/6/2010 5:23 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action5/6/2010 5:33 AM,High,imiyus.exe (Trojan Horse) detected b... Read more

A:Infected with unknown Trojan

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

16 more replies
Answer Match 81.9%

"Your computer was infected by an unknown trojan. It's dangerous for your system (critical files can be lost)!Click OK to download the antispyware program to clean your system! (Recommended)"OK links to iedefender.com and tries to download setup2.exe, the popup is really annoying.It just suddenly happened when I turned on my other computer!!!here's my HJT Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:57:09 PM, on 3/18/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\rundll32.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIA.EXEC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Windows\System32\rundll32.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Common Files\Logishrd... Read more

A:"infected By Unknown Trojan..."

Hi,RIGHTClick HijackThis and choose to Run as administrator.Then click scan.Check next entry in it:O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - C:\Windows\ausctv32a.dllClick Fix checked below.Then reboot.Then, navigate to and delete the following file if still present:C:\Windows\ausctv32a.dllDon't worry if you can't find the file anymore - normally HijackThis should already deleted the file, but it's better to doublecheck.Let me know if that solved your issue.

2 more replies
Answer Match 81.9%

I got a message saying that I had been infected with an unknown trojan and to download some anti-virus software. I clicked the button and downloaded the file "setup.exe" and saved it, but did not run it. I realized this was some sort of virus so started searching the web for information. When I would google the information (or anything else for that matter) I would get a legitimate return then and "Error!" message telling me my computer had been hijacked and wanting me to click to download a program I think it was called "File-Secure". Also below this error message was always a YouTube search return with a pornographic picture. Below this would be more legitimate returns. At one point Even the legitimate returns for the search would not go anywhere. Fortunately, I downloaded Norton and ran all of the scans suggested by this website prior to running making this post and I do not have these symptoms anymore, but am fearful it still may be somewhere on the computer. Any ideas what I have (had). Below is my HiJack log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:19:46 PM, on 1/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.e... Read more

A:"you Have Been Infected By An Unknown Trojan"

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

1 more replies
Answer Match 81.9%

Hello,
I recently started getting unwanted popups while using Firefox or IE. The performance of the computer got slower and slower and eventually it would not boot completly. It would get to the desktop background, but no icons, menus, etc will display. The only way I could get online was by booting in safe mode. While in safe mode I downloaded and installed a spyware scanner (Spybot SD), which detected a trojan called Virtumonde and "fixed" it. However, it couldn't clean some parts of the registry and after a day the popups were back. I can now boot as normal and everything seems to work with good performance, but I know that trojan is still hiding out in there somewhere. Thank you for your help with this.

Also, I installed Spybot after I contacted your site, so the information your scanner collected is from before I did any cleaning.

DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by Administrator at 17:56:46.70 on 02/09/2009 Mon
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1014.710 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Spyware Doctor\... Read more

A:Infected with a unknown Trojan

Hi Again,
I decided to just do a system restore and re-load Windows, so don't worry about responding to my problem.
Thanks

2 more replies
Answer Match 81.9%

Long story short, my system somehow got infected and was sending out spam. Cleaned it up with Norton and Webroot, but there is still something there that shows an icohn in the tray and sends me to a site, usually antispywaremaster.com. No idea what it is as the three things I am using can't find it so I can't remove it. Here are the two logs from DSS. Help!Deckard's System Scanner v20071014.68Run by Tim on 2008-05-21 17:52:01Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-05-22 00:52:05 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Tim.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:53:26 PM, on 5/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Syma... Read more

A:Infected With An Unknown Trojan - Help!

Ignore this thread now please. A little update, my VPN connection stopped working since this problem so i tried reloading it and still had the same problem. I uninstalled it completely and upon the required restart it came up as ntldr missing. Going to put the drive in another pc to recover the data and then rebuild from scratch. Hopefully whatever it was doesn't get carried over into the rebuild.

2 more replies
Answer Match 81.9%

Hi all,I recently downloaded an application and installed it unwittingly. This caused a trojan to be installed. The trojan caused my broadband internet option to be disabled, along with all the network driver. Also I am now unable to use my windows media player 11.0, and the message says my version is incompatible. Also the winlogin screen has been changed from the xp design to a black screen. Here is my HJT file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:22:16 AM, on 2/21/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\GEARSec.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program file... Read more

A:Infected with unknown Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 81.9%

Hello everyone,
I hope someone can help me. Here are the symptoms: Hijack of browser, pop-ups, all previous restore points erased, so system restore is useless, unable to scan disks, (getting error message sometimes) Unable to download some files, system dump once in awhile and computer restarts. I've run McAfee, found 2 trojans, quarantined 1 and got rid of the other, when I tried to find out which ones were found, there was no record of that scan. The information had disappeared. When I rescan it finds nothing. Trendmicro Housecall and Trojan Remover found nothing. Spybot won't run. I've never encountered anything like this. Any help would be greatly appreciated. Attached are my HJT files. Thank you very much.

A:Infected with unknown Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

5 more replies
Answer Match 81.9%

Hello. I did everything you mention in your preparation guide, but after several executions of ad aware, spybot, avert, etc, my computer still has problems, every time I click on a link or manually type a web address, a system window appears that states the following:System Error!Your computer was infected by an unknown trojanIts dangerous for your system (critical files can be lost)Click Ok to download the antispyware program to clean your system!Can you help me with this problem? Im pasting the hijack this log below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:26:46 a.m., on 27/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ActivCard\acautoreg.exeC:\Program Files\Common Files\ActivCard\accoca.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files�... Read more

A:Infected With Unknown Trojan

Hi,Please read and perform the instructions posted here:http://www.lavasoftsupport.com/index.php?showtopic=13521Let me know if that solved your issue.Also, install an Antivirus asap, because how would you be able to prevent malware?

2 more replies
Answer Match 81.9%

This trojan may or may not be related to a previous case I had - http://www.bleepingcomputer.com/forums/topic441608.htmlSymptoms started 2 days ago, with a random restart. After the restart, I used the Windows Event Log to find the source of it, which was C:\Users\Jophuz\AppData\Local\Temp\arg217111.exe. When I navigated to the folder, the file was gone, but two similar files, arg40982.exe and arg60470.exe were there.I did a quick scan with MBAM and it found 8 files infected, including svchost.exe and registry keys. I did not attempt to remove them, I only saved a log.I was also prompted a few times by firefox to install a "Performance Cache" extension, which I declined. I'm not sure if this was related or not. My internet has also been randomly cutting out only on this computer. It will stay connected but does not work and I must reconnect to fix it.No other symptoms have occurred yet.The computer will be kept offline for now (unless otherwise instructed) to avoid further problems. I have another PC I can use in the meantime.Looking forward to resolving this issue. Thanks in advance, JH -------------------------------------------GMER logs are not attached as I am running 64-bit Windows 7.DDS Log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30Run by Jophuz at 18:28:08 on 2012-04-03Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.3122 [GMT -5:00].AV: AntiVir Desktop... Read more

A:Infected with Unknown Trojan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448757 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

18 more replies
Answer Match 81.9%

My AVG anti-virus caught a trojan from a .rar file I downloaded and I deleted it. I didn't think it did anything until my next scheduled scan when it picked up another trojan and removed it. I then did a system restore back to 2 days before I got the trojan. I just want to make sure I don't have any other malware or spyware in my system. Thanks.

Here is my DDS scan -

DDS (Ver_09-07-30.01) - NTFSx86
Run by weirdwons at 1:39:23.99 on Thu 09/17/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_05
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2037.879 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsv... Read more

A:Infected with unknown trojan

I'd also like to add that I noticed ebay and paypal being much slower and seem to freeze firefox, I don't remember this ever happening before I got this trojan. Other sites I go to don't seem to be affected. Because of this, I haven't logged on to either ebay or paypal incase there's a trojan.I don't know if this is due to any trojans or spyware, if you could find out and let me know I would really appreciate the help. Thanks.Hello soopy,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

12 more replies
Answer Match 81.9%

I have a multi user computer. It is a Dell Optiplex Pentium 4 running Windows XP Professional with SP2. The computer has been having ongoing problems with trojan infections as identified by McAfee, Malwarebytes Antimalware and Spybot Search and Destroy. Some trojans are successfully removed and quarantined but problems persist.When using Internet Explorer 8 the following 2 problems occur.1). The Internet Explorer 8 will automatically open a new window and attempt to connect to an unauthorized web site. Sometimes the web site will be on the restricted web site list contained in IE8. The full list of restricted web sites from the Immunize function of Spybot's Search and Destroy has been implemeted in IE8.2). When attempting to use any search such as Google, Yahoo or Bing the search results web page links produce random results when clicked. The IE8 does not go to the selected web site, it instead gets redirected and jumped to various random web sites.When doing deep scans with a number of scanning software products McAfee, Malwarebytes Antimalware, Spybot Search and Destroy A-squared and Norton no virus infection is found!Help please.DDS (Ver_10-03-17.01) - NTFSx86 Run by ivhm at 21:26:52.07 on 04/02/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.194 [GMT -5:00]AV: Active Security *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: McAfee VirusScan *On-access scanning enabled*... Read more

A:Infected with unknown Trojan/Bot

Hi,Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

19 more replies
Answer Match 81.9%

Windows defender has been quarantining a "trojan" for the last month - I'm made aware of every instance and it is approximatley 6x/hour. It can be quarantined but not removed through the program. I cannot even run Symantec on my computer and nearly all my browsers have been corrupted (I cannot open Firefox or Chrome anymore, only IE). I have followed all the instructions prior to posting and my computer has become increasingly slow over the course of the day. The GMER scan was run 4x because it shut down the computer 2x and another 2x I was unable to save the scan b/c the computer froze.I appreciate any advice on next steps.Sincerely,TroublesDDS (Ver_10-03-17.01) - NTFSx86 Run by ferriso_a at 14:40:49.25 on Sun 04/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1216 [GMT -4:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\Program Files\Bit9\parity.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMg... Read more

A:Infected w/ unknown trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

7 more replies
Answer Match 81.9%

I got the unknown trojan virus (the one that always gives me the message "your computer was infected by unknown trojan". I have tried every single antispyware and spyware removal program out there and I have tried the manual removal steps on websites but I couldn't find any of the files or registry keys associated with the virus. Here's my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:31 PM, on 20/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\savedump.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exeC:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXEC:\Program Files\Shaw Secure\Common\FSMA32.EXEC:\Program Files\Pure Networks\Network Magic\nmsrvc.exeC:\Program Files\Shaw Secure\Common\FSMB32.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\S... Read more

A:Infected With Unknown Trojan

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Answer Match 81.9%

I recently downloaded an application and installed it unwittingly. This caused a trojan to be installed. The trojan caused my broadband internet modem to be corrupt, along with all the network driver which I viewed in device manager . Also I am now unable to use my windows media player 11.0,. Also the winlogin screen has been changed from the xp design to a black screen. Here is my HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:16 AM, on 2/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\O... Read more

A:Infected with unknown trojan

Hello and welcome to TSF.

HijackThis is no longer the preferred initial scanning tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 81.9%

Referred from: http://www.bleepingcomputer.com/forums/t/243529/pc-is-drawing-a-ton-of-bandwidth-trojan/ ~ OBWe have a PC at our office running XP that is pulling more bandwidth from our network than any other PC. Every time we run Malware or Ad-Aware or Spybot it comes up that a Trojan is in the computer. When this computer is plugged in the the network, none of our other computers run well; we can't access the internet quickly at all. When we unplug it, every other computer runs fine. We remove it the trojan, but it comes back. I don't know how to get it out. Can someone help us? Thanks.Here is our DDS log:DDS (Ver_09-07-30.01) - NTFSx86 Run by Administrator at 9:28:18.07 on Thu 07/30/2009Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.140 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Adobe\Acrobat 7.0\Read... Read more

A:Infected with Unknown Trojan

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest ve... Read more

34 more replies
Answer Match 81.9%

Hi. I got infected from a website last week (18-Feb-2009). I used the Malwarebyte's Anti-Malware program to remove most of the bad stuff:Files Infected:C:\Documents and Settings\Matthew Farr\Local Settings\Temp\winvsnet.tmp (Rogue.Installer)C:\WINDOWS\system32\Drivers\mmfsvbwb.sys (Rootkit.Agent)C:\WINDOWS\system32\senekaxrjvtebo.dat (Trojan.Agent)C:\WINDOWS\system32\senekaongdhcmc.dat (Trojan.Agent)C:\Documents and Settings\Matthew Farr\Local Settings\Temp\winsinstall.exe (Trojan.Downloader)C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader)C:\Documents and Settings\Matthew Farr\Local Settings\Temp\prun.tmp (Trojan.Downloader)C:\WINDOWS\system32\senekajushlplg.dll (Trojan.TDSS)C:\WINDOWS\system32\senekaglwyuvor.dll (Trojan.TDSS)C:\WINDOWS\system32\senekakughppej.dll (Trojan.TDSS)C:\WINDOWS\system32\drivers\senekalfwebyck.sys (Trojan.TDSS)C:\WINDOWS\system32\mlJcyYqp.dll (Trojan.Vundo)C:\WINDOWS\system32\urqPgdaX.dll (Trojan.Vundo)C:\WINDOWS\system32\wvUKDwvV.dll (Trojan.Vundo)C:\WINDOWS\system32\kcjrjnri.dll (Trojan.Vundo.H)C:\WINDOWS\system32\akbvid.dll (Trojan.Vundo.H)C:\WINDOWS\system32\cJQBdMoq.ini (Trojan.Vundo.H)C:\WINDOWS\system32\cJQBdMoq.ini2 (Trojan.Vundo.H)C:&... Read more

A:Infected with unknown trojan

I think I have fixed this problem. I did some searching using IE for "clickfraudmanager" and found this geeks to go thread. Someone else had the same problem. I used the GooredFix program that he mentions in post #22. He says the problem was "the new variant of the XUL Cache infection."Looks like my redirect problem is solved. Thanks!

2 more replies
Answer Match 81.9%

There is a continuous pop up that says my computer has been infected by an unknown trojan. I have followed all the steps noted on this site and it still continues. How do i remove it?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:24:51 PM, on 1/13/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.e... Read more

A:Infected By An Unknown Trojan

Hi,Please read and perform the steps posted here:http://www.lavasoftsupport.com/index.php?showtopic=13521Let me know if that solved your issue.Also let me know why you don't have an Antivirus installed, because you really need one!

2 more replies
Answer Match 81.48%

I'm a n00b with a problem.
With nearly every click of the mouse,
I get a nasty popup:

Your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!

Click OK to download the antispyware program to clean your system! (Recommended)

it comes from 89.149.227.195

so far I sort of followed this thread:
http://www.techsupportforum.com/security-center/hijackthis-log-help/226377-am-i-trouble.html

The problem is still here,
but now you have something to work with. ;)

spybot, VirusScan, RegScrubxp, spyhunter3 all didn't work

Can anyone help me?
please?:(
------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 016, on 25-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\V... Read more

A:"Your computer was infected by unknown trojan."pop-up

I have a quick question:
will the simple solution of making the system go back in time to the checkpoint of last friday work?

2 more replies
Answer Match 81.06%

Hi everyone. I recently discovered a trojan/worm on a friends computer. Any help you could provide would be very appreciated. ------------------------RootRepealROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2010/01/17 16:41Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: dump_atapi.sysImage Path: C:\WINDOWS\System32\Drivers\dump_atapi.sysAddress: 0xAA43A000 Size: 98304 File Visible: No Signed: -Status: -Name: dump_WMILIB.SYSImage Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYSAddress: 0xF8A79000 Size: 8192 File Visible: No Signed: -Status: -Name: rootrepeal[1].sysImage Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sysAddress: 0xA8F12000 Size: 49152 File Visible: No Signed: -Status: -Hidden/Locked Files-------------------Path: C:\hiberfil.sysStatus: Locked to the Windows API!Path: C:\WINDOWS\Temp\simg_t_ts3582073b05294a2035f4e9c81ffc8658c867695jpg85[1]Status: Locked to the Windows API!Path: C:\WINDOWS\Temp\mcmsc_ICHWzHYhdGn5hfyStatus: Visible to the Windows API, but not on disk.Path: C:\Documents and Settings\Rah Sealey\Local Settings\Temporary Internet Files\Content.IE5\42TXN7NC\QR0TCA7Q65T0CAIGRVQZCASVACXYCA1NSCCUCAYF3L9ICAVI4GI3CASCC975CACZFPUUCAS0HFJLCA25A0G4CAH8LHIMCAQKKIXTCAA2TXTZCAK... Read more

A:Infected with unknown Worm/Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 81.06%

Hi everyone, I'm new here. I've got a Dell computer with XP Home SP2 that I'm trying to clean up for a friend. I'm usually pretty good at this, but this one has me baffled.The symptoms: processes will be created (that show up in the task manager) that have "spaces" in the process name. For example: wmpscfgs.exe, wmpscfgs .exe, wmpscfgs .exe, and so forth. Other process names will show this also.Here's what I've tried so far: I've run Spybot, AdAware, McAfee, Sophos, Malwarebytes, IObit Security 360, SuperAntiSpyware, and SDFix. They have cleaned some of the infection, but when I reboot it shows up again. I have even pulled the drive and hooked it up as a slave and scanned it from a clean system, but it still has some infection.I've downloaded and run the DDS.SCR file and also theRootRepeal file. I've also attached the "attach.txt" and "ark.txt" files to this post.The DDS log contents are below:DDS (Ver_09-12-01.01) - NTFSx86 Run by Cecilia at 9:35:36.65 on Sat 01/16/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.150 [GMT -6:00]AV: AntiMalware *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\Program Files\Lavasoft\Ad-Aw... Read more

A:Infected with unknown malware/trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

31 more replies
Answer Match 81.06%

Hello,I've had a great deal of unusual activity on my Windows 7 install that would seem to indicate backdoor/rootkit activity.I followed the steps in the prep guide, and here's the requested information. DDS log pasted here, attach.txt and ark.txt are attached.Thank you for helping.DDS (Ver_09-12-01.01) - NTFSx86 Run by user at 23:13:19.24 on 07/02/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1443 [GMT 1:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\OEM02Mon.exeC:\Windows\System32\MAFWTray... Read more

A:Infected with unknown rootkit / trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script ... Read more

5 more replies
Answer Match 81.06%

Hello,
 
I have a laptop that is running Windows 7 Home Premium 64-bit.
 
Symptoms:
Norton anti-virus "stopped" attempt by "Trojan.Poweliks!gm". (This used to happen roughly every 10 or so minutes)
Roughly 9-12 processes named "gdzalotqjgek.exe" running in the task manager with a discription of "Goggle Chrome".
Cannot upload/download anything through the internet browser. (I can transfer needed files with a flash drive to repair it)
 
 
I have not run anything other than Norton and Malwarebytes the first time I saw it was infected. It was fine for roughly one day, then it started happening again.
Completely unsure of what it could be infected with.
 
Please note, I am not the main user of this laptop so currently I am unable to comment on what the user may have been doing at the time of the first sign of infection.
 
Thank you in advance for any asssitance you can provide.
 
-Matt

A:Infected with an unknown (Was Trojan.Poweliks!gm?)

Welcome to BC !
 
Scan using the Eset Tool below that can find and remove poweliks. Let us know if poweliks was found or not.
There is likely other unwanted adware/ malware, too. So, if the Eset scan gets rid of poweliks, I'll have further comment.
Please download Powelikscleaner (by ESET) and save it to your Desktop.
Double-click ESETPoweliksCleaner.exe to start the tool.
Read the terms of the End-user license agreement and click Agree if you agree to them.
The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
The tool will produce a log in the same directory the tool was run from.
Please copy and paste the log in your next reply.

 

13 more replies
Answer Match 81.06%

I have IE and get a Syetem Error popup"Your computer was infected by unknown trojan.It's dangerous for you system (critical files can be lost)!Click ok to download the antispyware program to clean your system! (Recommended)Please help. Here is the log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:08:22 PM, on 2/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\McAfee.com\Agent\mcagent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer... Read more

A:Your Compute Was Infected By Unknown Trojan ..

I finally killed it. It was the item below!!!

O2 - BHO: MS Video Control 1.0 - {C3253D15-672D-46D5-8FE1-3FAB8E291E4F} - C:\WINDOWS\msvidc32.dll

3 more replies
Answer Match 81.06%

I must have clicked on something I shouldn't have and vaguely remember seeing one of those odd virus warning signs and warning I should download xxx program (yes stupid me). That was the start... Over the past two days since then, I've been seeing odd behavior on my PC such as the following:1) Avast! Home edition warned of various trojans found including Win32:Agent-LAP[trj], Win32:Tiny-IF[trj], and Win32:Rbot-ETN[trj]2) Internet Explorer 7: fake antivirus etc popups are few but do occur. Would get suspicious warnings of being offline. Most frustrating, my custom cookie settings (prompt for all cookies) keeps getting reset to "accept all"3) WinXP Start Up bar seems to be acting suspicious. Hard to explain, but it appears to be loading up differently at start up (one time getting some warning to download "StorageProtector"...)4) Yahoo Messenger & Windows Live Messenger may have been hijacked. Settings do not appear to stay despite having them set not to remember or automatically log me in. I ended up uninstalling both...5)Spybot SD (which I downloaded after the problems started) seems to be acting funny. It refuses to check for upgrades (just closes). Sometimes it won't even run and I'll have to click it a few times before it actually runs.6) noticing the PC in general is acting sluggish (I might just be paranoid at this point)I've been doing some research online and have tried to run various programs like smitfraudfix, vundofix, virtumundo,... Read more

A:Need Help: Infected By Unknown Malware/ Trojan(s)

Hello and welcome to BC.

Sorry for the late response. If you have not received help elsewhere already and still need help, please post a fresh HijackThis log and I'll be happy to help you.

4 more replies
Answer Match 81.06%

Hello, I've recently picked up a rather annoying virus. It causes occasional popups and redirects my searches to ads,usually multiple times in a row before I make it to the site I clicked to begin with. It has also altered my Windows theme twice playing a midi version of a song or Beeping loudly and trying to connect to my webcam. All my anti spyware,Malware and virus programs cant find anything or they find something but don't fix the problem. Luckily its only a minor problem now But i want to get rid of it before it escalates to something worse please help! Gmer crashed before i could save but it did not initially warn me of anything when it started.update: I believe it may be related to lsass.exeDDS (Ver_10-03-17.01) - NTFSx86 Run by Michael MacDonald at 14:40:48.29 on Fri 04/09/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.434 [GMT -4:00]AV: avast! antivirus 4.8.1368 [VPS 100409-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS ... Read more

A:infected with unknown malware/trojan

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please run RootRepeal, a rootkit scannerWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.First LocationSecond LocationThird LocationOpen on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

8 more replies
Answer Match 81.06%

Hi,

Thanks for taking the time to look at this in advance! Now, i had my online gaming account hacked on saturday, they made a very bad mess of it. Im a high level player in a high level raiding guild. It has probably earned a chinese gold seller hundreds of pounds! After the account was hacked, i ran what i thought was a decent clean up, updates, virus scans changing of passwords etc. The gaming company restored all of my loses last night, but this morning i get several notifacations from email/game/online banking that my passwords have been changed, now you can imagine my horror!

Nobody else has acces to my pc, so it is somone remotly accessing it, and due to the second hack, there are able to see/read my activities when i use the computer. I normally work on Linux, and game on windows. So i have used a seperate linux machine to recover my online bank accounts, gaming account email etc. I am sure these are now secure. As i am not logging into any of these from this infected windows machine now.

So now comes the clean up, that is why i am seeking you help, the professionals!! i use windows xp, it is upto date, with firewall and avg antiviurs, running a scan with the anti-virus reveals nothing. I have installed and scanned with spy-bot search and destroy, again nothing, adware remover, nothing, again! So i am unsure how to proceed. i am hoping someone will be kind enough to look at these logs and see if something is amiss.

If it helps, allthough... Read more

A:Infected with unknown trojan/keylogger

Ok i just finished a scan with mbam, and it gave an interesting result......Malwarebytes' Anti-Malware 1.39Database version: 2426Windows 5.1.2600 Service Pack 314/07/2009 15:58:04mbam-log-2009-07-14 (15-58-00).txtScan type: Full Scan (C:\|E:\|)Objects scanned: 245111Time elapsed: 1 hour(s), 5 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\WindowsServer2003-KB889101-SP1-x86-ENU.exe (Trojan.Agent) -> No action taken.When i tried to "fix" selected problem, the scanner quite with a memory error, i assume maybe the trojan was trying to stop itself being deleted. I have now deleted this by hand. So i "think it is gone" could it be this easy? I remember downloading this package when i was trying to make a usb boot disk, could it be someone has modified the windows server cab to include a trojan? But that then means the hack against my warcraft account was not specific, but random, maybe the info was sold onto someone with an interest in hacking these accounts? again your... Read more

3 more replies
Answer Match 81.06%

On wife's computer, was looking for info and pics of Osama while in Google image search. Then, I clicked on one of the photo's in Google Image, then the whole desktop/IE browser dissappeared and an unknown program popped up which appeared to be downloading something. I did not X out of the window, I did attempt to hit esc key, but that did not work, then attempted to hit alt+cntrl+del to bring up task manager and there appeared to be 4 or 5 internet explorer programs running in the background and I was unable to shut any of them down. So, I simply did a cold shut down on the system. Upon reboot, I ran a full scan in both Malwarebytes and Superantivirus, but they did not find anything. My Zone Alarm appears to have been tampered with as a result of whatever happened, although it appears to be running ok now. And, my KeyScrambler proggy was temporarily turned off for some reason, but that now appears to be working now as well. I ran an ESET Scan, and it found quite a few viruses in the Trojan family of viruses, but I cannot recall their names at the moment. System appears to run intermittantly slow at times. I think I may have acquired some sort of virus, and I am unable to remove it with the current software I have. I now am in need of your assistance for help. Thank you.

***************************************************
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Janina Joy at 16:48:17.09 on Tue 05/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows X... Read more

A:Infected with unknown Trojan Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

19 more replies
Answer Match 81.06%

For some unknown reason someone downloaded an activeX video codec and now I keep getting the message
"your computer has been infected with unknown trojan. It's dangerous for your system (critical files can be lost)
Click OK to download antispyware program to clean your system! (recommended)

Of course i have not done this.
I have done a complete scan with McAfee and spysweeper and done a McAfee Stinger check.

IE brings up youtube porn site whenever i search for anything, but have jst installed Firefox and that is OK
My hjts log is

Logfile of HijackThis v1.99.1
Scan saved at 11:22:33, on 09/02/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\DELL\E-Center\EULALauncher.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Pr... Read more

More replies
Answer Match 81.06%

My laptop is a HP Pavilion dm1, and has become extremely slow in the past few days. Also, there are some unknown processes shown in task manager, and some extensions in chrome that random pop-up tabs suggesting I may also like t read the following etc. This usually comes on Google results, YouTube, and other news articles.

I don't have access to the boot cd unfortunately.

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by hp at 21:18:08 on 2014-03-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1641.256 [GMT 3.5:30]
.
AV: AVG Internet Security 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\W... Read more

A:Slow computer + unknown processes + unknown extensions in chrome

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Object Browser<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files (x86)\Object Browser

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Check for additional security risks: Please download CKScanner? by askey127 and save to your desktop.
Double-click on CKScanner.exe and click Search For Files.
After a very short ti... Read more

12 more replies
Answer Match 80.22%

The symptoms:

Seems to have been infected with some form of the autorun bug. When clicking on the drives I would get the recycler....blah...com ... I installed Autorun Eater and it fixed the registry entries for that.

When searching in IE -- search redirects to some www.info.com site. Also, DNS entries are wacked. I first found that DNS was hard coded to specific DNS addresses. I cleared them and it seemed to take.. They havent re-appeared. But, the registry and hijack this had reported they were still in the registry in various places. I then ran hijack this and removed the DNS entries -- then reran hijack this and they were gone.

The weird thing is firefox doesn't seem to be impacted.

Another problem.. When I right click on any file to open it, Windows Installer pops up and trys to do something and then clears. Spybot installed, but wouldn't execute. AdAware froze in the middle of the install. This could be bad.. and to think I just rebuilt this thing. I believe the infection came from external hard drive.

I also tried to install the malwarebytes software, but it wouldn't launch (same as spybot).. just hands after you double click it.

I really appreciate any insight. Worse case, another rebuild!

Here is the requested DDS:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Trannie at 12:39:12.87 on Fri 03/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1328 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access s... Read more

A:Infected with Unknown Virus/Trojan/Malware

Needed to decide whether to re-format and start over or attempt a fix..

Ran Combofix. It found a rootkit installed and scanned and removed/quarantined several files.

After reboot, i could launch programs again. I ran Spybot (latest) and Malwarebytes. It found more stuff and removed. After several reboots I reinstalled Symantec Endpoint Protection and ran a full scan. It quarantined some of the other program's quarantined items, but was a clean scan otherwise. Google search redirects in IE are gone.

Thanks very much for the great tools!

Skip

2 more replies
Answer Match 80.22%

Hi, I have a problem with my Windows 7 computer in which I here random advertisements through my speakers. Also, in Google chrome, I can't sign in to Google (nor could anyone in my family) so I press the "can't access my account" button and it comes up with this red screen that says:

The site's security certificate is signed using a weak signature algorithm!
You attempted to reach support.google.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).
You cannot proceed because the website operator has requested heightened security for this domain.

I've used Malwarebytes to remove viruses but they just keep coming back when I reboot it doesn't help. Malwarebytes says there is a Trojan.Dropper.BCMiner.

I've also ran AVG and the DDS program. Here is the log from the DDS:

Thank you for your help.
Tyler
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tyler at 21:14:18 on 2012-06-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8109.7061 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* post:27335239
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* post:27335238
SP: Windows Defender *Disabled/Updated* post:27335237
.
============== Running Processes ===============
... Read more

A:infected with trojan.dropper & unknown audio ads

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

36 more replies
Answer Match 80.22%

Cannot get rid of whatever this is... Have formatted and clean installed Windows multiple times and still have this thing.
Any insight will be greatly appreciated..

*EDIT* I have no clue what this infection is... no AV or anti-spy/malware progs have indicated any problems. Panda found the superhidden entry, but HouseCall, AVG, MBAM, F-Secure, Eset, BitDefender, come up clean. HJT shows some weird folder redirects. Began a couple weeks ago now with a DDoS attack (my dlink router indicated that) it also had it's firmware downgraded 1 step. Unfortunately, I did not have the presence of mind to get the logs saved. Now it seems that some form of Active Directory/Group policy is at work, but I am using Win 7 Home Premium which should have neither from what I understand. Rather than plaster this thread with logs, I will await a response, please inquire for whatever you need. I have a thought that this may be some sort of government surveillance as I youtube as Anon... no haxor, just messenger... whatever. Gotta get rid of this thing pronto. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by P at 20:55:00 on 2012-03-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2694 [GMT -6:00]
.
SP: Spybot - Search && Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running... Read more

A:Infected with unknown trojan/worm/backdoor

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad... Read more

51 more replies
Answer Match 80.22%

My computer got infected with what I'm guessing to be a trojan over the past couple of days, probably yesterday.
Basically what it does is open a pop up window whenever I start Firefox or IE. And I failed to take notice of it, so I'm not sure if it is due to the virus or some other problem, but the software for my ATI Radeon x1650 is completely shot. The card runs, but the Catalyst Control Center attached to it doesn't even run. I tried reinstalling it to no avail.
I'm not getting any error messages.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ignacio at 23:46:36.70 on Mon 01/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2495 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcS... Read more

A:Infected with unknown pop-up spyware/trojan/virus

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.
Regards,

Rosty.

2 more replies
Answer Match 80.22%

Logfile of HijackThis v1.99.1Scan saved at 6:56:19 PM, on 6/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\PROGRA~1\McAfee\MPS\mps.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Photodex\ProShowGold\ScsiAccess.exeC:\WINDOWS\System32\svchost.exeD:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:&... Read more

A:Infected With Unknown Trojan/lots Of Popups

Hello r3dh3adkid,Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

2 more replies
Answer Match 80.22%

I have been infected with different and malware/spyware that have begun to really worry me because despite my attempts to clean them with every online scan, local scan, and adware/malware cleaners nothing has worked. I am still infected and there also seems to be something always connecting to the web and transmitting/receivng data. Also, it appears that my firefox browser has been hijacked which is weird because I thought firefox was not succeptable to that. But obviously there is something out there that is sending me to random search pages when I look for something in Firefox. It redirects using a search through "webelight.com" adn then ends up at "favorite.com". Also, my browsing speed is at least cut in half and sometimes cannot connect at all.

I have attached a HJT log and also another programs log that I was recomended by someone else. I am not sure if that log will help at all but I figured I would send it just in case.

Please let me know if there is anything else that you need.

Thank you

David

A:Infected By Unknown Regenerating Trojan/malware

Hello DavidNC and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

1 more replies
Answer Match 78.96%

Hi Bleeping Computer people,About three weeks ago I started having a problem with Firefox. Every now and again (about every 30 minutes) Firefox would open a new browser (or sometimes a new tab of an already open window) and direct itself to websites like "bizrumour.com.au" and "mainstories.com". I often leave my laptop on overnight and in the mornings I would find an open firefox browswer window with 5-6 tabs of the above websites. (example URL: http://www.mainstories.com/index.php/remedies)I am running Vista with windows firewall enabled. I have AVG anti virus and ad-aware - both updated. AVG doesnt pick up any viruses and Ad-Aware picks up tracking cookies but nothing too out of the ordinary. This is my first time posting to bleeping computer so hope you are all doing well,cheersWPOSTED DDS REPORT:DDS (Ver_09-10-13.01) - NTFSx86 Run by John at 13:34:29.59 on Sun 18/10/2009Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.61.1033.18.2549.1395 [GMT 11:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\win... Read more

A:Infected with Unknown Trojan/Virus (firefox related)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

2 more replies
Answer Match 78.96%

I am unable to install/run any antivirus programs. I have tried AVG, Avast, Kaspersky, Spybot Search and Destroy, and Spyware Doctor, but they give me errors or they are unable to connect to a server. IE sometimes redirects me to cliccker.cn, and sometimes blocks websites such as this one, kaspersky, google search engine results, and crashes on startup. Firefox works. The only successful programs I were able to run were Malwarebytes which removed 13 items, however I was still unable to connect to update it. Microsoft Malicious Software Removal Tool detected 1 file but only partially removed it. Windows Defender removed Trojan:Win32/WinwebsecMalwarebytes found items such as Malware.Trace, Trojan.Downloader, Trojan.Downloader, Trojan.Agent. There used to be a popup at startup that Windows could not open a file named net.net, however that has disappeared after I ran Malwarebyte.Rootrepeal gives me an error when I start it, so I was not able to get a ark.txt17:14:28: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000fc)17:14:28: DeviceIoControl Error! Error Code = 0x1e717:14:28: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000fc)DDS LOGDDS (Ver_09-07-30.01) - NTFSx86 Run by Julian at 17:09:33.41 on Wed 08/19/2009Internet Explorer: 7.0.6000.16809 BrowserJavaVersion: 1.6.0_07Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1918.836 [GMT -4:00]AV: Kaspersky Anti-Virus *On-access scanning disabl... Read more

A:Infected with unknown virus. Trojan:Win32/Winwebsec?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 78.12%

I am massively under attack and seemed to have unknown connection to my machine with key loggers.

Please find below my hijack log.

I need help to make sure i don;t have any malicious ware on my machine.

Is their any way to make sure i don;t have a connection from a hacker on to my machine.

Would you recomment any software to monitor the current connections.

I have got Fileclab as a fire wall and previously used sygate firewall.



Logfile of HijackThis v1.99.1
Scan saved at 15:42:45, on 05/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\System32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINXP\System32\PGPsdkServ.exe
C:\Program Files\CA\eTrustITM\eaps.exe
C:\WINXP\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Progra... Read more

A:Infected with trojan/ malware unknown remote access / key logger.

Please also find a dump of netstat -a for your reference



Active Connections

Proto Local Address Foreign Address State
TCP AhsanU-C640:epmap AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:microsoft-ds AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:1025 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:1026 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:3261 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:3617 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:3754 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:3762 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:3763 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:3764 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:3765 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:3980 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:4494 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:4501 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:4510 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:4511 AhsanU-C640.concur.concurtech.org:0 LISTENING
TCP AhsanU-C640:4514 AhsanU-C640.concur.concurtech.org:0 ... Read more

1 more replies
Answer Match 78.12%

An unknown Trojan (assuming due to the infections detected by AVG) has infected my pc. I am running XP, use Firefox to browse, and have AVG Free updated and full system scans run.

AVG is finding and cleaning programs, ("Fm9.exe", e.g.) but there are new ones each time I scan.

Symptoms include popup windows, and bogus "antivirus" download popups "antimalware" was one I saw.

I saw another post that mentions "whitesmoketoolbar", this is currently installed on this pc...is it the issue?

I can provide screen shots or whatever is most useful. Please let me know your questions.

THANKS FOR READING!
Jake

P.S. I've been trying to post to the Virus, Trojan, Spyware, and Malware Removal Logs, but it won't work...am I forbidden for some reason?

A:Infected with Unknown Trojan, causing popups, system instability

I think I put this in the wrong forum by accident. I am looking, but do not see a way to move it. Sorry for the inconvenience.
Thanks,
Jake

1 more replies
Answer Match 78.12%

==== Installed Programs ======================

?Torrent
7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Blender (remove only)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Choice Guard
Dual-Core Optimizer
Dystopia
Eternal Silence
GoldWave v5.25
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Malwarebytes' Anti-M... Read more

A:Infected with PAKES trojan/rootkit and possibly other unknown malware

Hello.Very nasty infection you have. You may want to consider formating/reinstall. If you don't, let me know and we will begin the disinfection process.Backdoor ThreatIMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.With Regards,Extremeboy

1 more replies
Answer Match 78.12%

Hopefully someone can help me. I think I have a virus or trojan, and I am afraid my personal information will get hijacked!!! I wouldn't be so worried, but my daughter has used this computer and I am afraid of her information getting out too. This is the first time I have ever posted a log, so please bear with me. I think I have followed the forum instructions.DDS (Ver_09-12-01.01) - NTFSx86 Run by ErinF at 12:43:26.79 on Wed 02/10/2010Internet Explorer: 8.0.6001.18702AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ============================= Pseudo HJT Report ===============uSearch Page = hxxp://www.google.comuDefault_Search_URL = hxxp://www.google.com/ieuSearch Bar = hxxp://www.google.com/iemStart Page = about:blankmSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexploreuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: {0f95c031-074f-4a0d-9623-9239c9a02b96} - yakafani.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dllEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [ctfmon.exe] c:\windows�... Read more

A:Infected with unknown Trojan or virus, Browser barely loading

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINTClick the "Run Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.

2 more replies
Answer Match 78.12%

DDS (Ver_09-12-01.01) - NTFSx86 Run by Matt Osborne at 13:23:54.84 on Sat 01/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.162 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\PROGRA~1\Intel�... Read more

A:Computer Infected (unknown)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

12 more replies
Answer Match 77.28%

Referred by Nasdaq

http://www.bleepingcomputer.com/forums/topic444767.html

I have had to reimage (again) since the last post on the above thread. This problem started with DDoS attack and access control problems and access denied messages. I am seeing strange programs and file names. Also, i am on a stand alone, windows 7 home premium machine yet I am seeing group policy is installed among other things. I am unable to start windows firewall at the moment which prompted me to start here. I fear a trojan/rootkit hiding itself in valid windows programs. I cannot find a Antivirus or anti malware program that identifies anything as problematic, but I am quite sure something has infected my machine.

Please advise... Thanks

A:Infected with unknown trojan/worm/backdoor... refered from Malware forum

All suspicions aside...exactly what is wrong with the system today, right now?

What are the exact indications that trigger your ideas that something is amiss?

Louis

5 more replies
Answer Match 77.28%

I am trying to disinfect my friends PC, which is the one I am using right now. He says that he knows there are viruses on it, but we just don't know which ones. I found this out after my paypal account got hacked into soon after using his PC. We're hoping something comes up in the log files we created after using the preparation guide on this site.
DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 12:46:11.70 on Mon 09/21/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.300 [GMT -7:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\... Read more

A:Computer infected with unknown(possible various) virus(es)

sorry, but, BUMP.

12 more replies
Answer Match 77.28%

A few weeks ago a website I use for work put up a notice that they had been infected by a virus, but failed to tell anyone what that virus was or how to remove it. My computer's been terribly lagging ever since, and is blocking certain programs from loading. I've attached my log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:36:11 AM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\progra~1\novell\zenworks\nalwin32.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\novell\zenworks\naldesk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe ... Read more

A:Computer infected by unknown virus.

Bump?

8 more replies
Answer Match 77.28%

Hello,
 
I have a laptop running Windows XP and am a very cautious user.
 
In addition I have Panda Free Antivirus and Windows Firewall running and then MalwareBytes, SuperAntiSpyware, and Panda Cloud Cleaner for removal.
 
My computer started running VERY slowly and that was followed by the occasional hijacked page. 
 
I have run rkill and all three removal tools separately and removed anything they found, but there is still something wrong - it's just not as blatant as some other viruses I have encountered.
 
Any help would be very much appreciated.
 
Thanks,
 
Sarah
 

A:Computer infected, virus unknown

The virus has shown itself again - micropctek.  I'm going to see what I can find on here about how to remove it.  The usual tools I use aren't working.

13 more replies
Answer Match 77.28%

Hi I'm on my Dad's computer here. He says that he doesn't use this computer much but it's been infected for quite a long time. Computer is EXTREMELY slow, programs randomly crash will running, and virus scans normally show infections. I've attached the DDS and attach.txt.....I tried to create a GMER log, but while running a scan I got a giant blue screen with the following message:"A problem has been detected and windows has been shut down to prevent damage to your computer. The problem seems to be caused by the following file: pwldapog.sys"The rest of the screen basically told me to shut down my computer and seek help. Can you guide me in what to do next? Thanks!DDS (Ver_10-03-17.01) - NTFSx86 Run by N Garg at 15:12:17.48 on Fri 05/28/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.51 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explor... Read more

A:Computer infected with unknown viruses

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore... Read more

22 more replies
Answer Match 77.28%

Hello, I was directed to this site from trend after doing a google search on the problem I have on my desktop. I am ok following directions to a point. Old guy, and don't know much about how computers do what they do. Here is what I am seeing:My screen saver was removed and replaced with:Warning!Spyware detected on your computer!Install an antivirus or spyware to clean your computer(Above was on an orange background)(below was on a white background)Warning! WIN32/Adware.virtumonde Danger!(in red) WIN32/PrivacyRemover.M64 detected on your computer Danger!(in red)Please activate your antivirus software to clean your computer(with a box around it)All of the above was in a windows type box with a dark green outline around the lower half and light green outline around the upper half)I am missing the Desktop Background and Choose a Screensaver options from apperance and themes.If I let the screen saver pop up, it is a blue background with white text:A problem has been detected...Bad...pool...then the bottom of the screen goes restarting...At that point I hit the escape key to go back to the desktop.I have run hijackthis, and here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:56:29 PM, on 8/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC... Read more

A:Unknown Malware Has Infected My Computer

Please delete original post.
Thank you
Patrick

2 more replies
Answer Match 77.28%

so, heres whats going on...the computer will randomly attempt to launch an internet explorer window at varrying intervals. i'm talking hours, not minutes. it's attempting to connect to an ip address, however i've set ie to work offline so it doesn't connect. i've avoided typing any sensitive information just to be on the safe side of things, i've also ran full scans on both avast and ad-aware, the later of which will not open now. also, i'm unable to download anything at all with firefox unless i use downthemall. heres the hijackthis log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:26 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~... Read more

A:Computer Infected With Unknown Adware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

11 more replies
Answer Match 77.28%

computer is very slow plus, no program will open without first showing a box titled "opens with" and the message "choose the program you want to use to open this file". I then found this command on the internet "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f" and tried to run it but the dos command window was blocked from opening so i ran it in safe mode with success and now I can open programs without the "opens with" box opening. Then I ran a trial of Kaspersky Internet Security 2009, which found and eliminated a bunch of stuff. I then uninstalled Kaspersky Internet Security 2009 and was finally able to install spybot which also found and eliminated viruses and trojans. This is the state the computer is in now however some of the things that are autoloaded on start are identified as viruses/trojans and the computer is still very slow.********************************************************************************************************************************************************************HIJACKTHIS LOG:********************************************************************************************************************************************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:28:11 PM, on 8/10/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180... Read more

A:Computer Infected with a unknown virus

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2 more replies
Answer Match 77.28%

I'm working with another computer that I believe is infected with malware of some sort, though what malware specifically I cannot identify. My reasons for this belief are that the computer cannot shut down properly (it will take about 5 minutes to get out of the logging out screen, and will remain on the shutting down screen indefinitely unless force booted), cannot access existing antivirus programs that it claims are running, states that conflicting firewalls that have not been installed are both turned off while the installed firewall is working, and dds.com fails to complete its analysis outside of safe mode (<40 minutes stalling out at 2/3rds mark). In safe mode the computer works fine, and so the dds log here is from safe mode.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2
Run by S at 6:14:22 on 2013-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.3152 [GMT -7:00]
.
AV: EarthLink Protection Control Center *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: EarthLink Protection Control Center *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\syst... Read more

A:Computer infected with unknown malware

Please attach the logs or make sure word wrap is off in Notepad as all the lines are run together making the log impossible to read.Please run the following:Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

32 more replies
Answer Match 77.28%

I just came to visit my grandparents and their computer is very slow, freezes often, they are supposed to have Trend Micro on the computer, but if you click on the program, nothing opens. I have 2 weeks to try to get this fixed.

I was told it is a new computer. It does not have any dust inside and the fans are all working.

I can not get DDS to finish. It freezes after the 1st line, and will not do anything else.

A:Infected with Unknown - Grandparent's computer

Update: Possibly ICKiller trojan, said port 1028 was open, and a few others.

Google seems to be giving false leads, also.

61 more replies
Answer Match 77.28%

Dear Sir

I am on Windows XP, I got a virus which started a fake scan, I ran Malwarebytes (log attached), but this didn't help. All the programs like Word, Excel, Outlook, Firefox etc and the computer keep on crashing.

I ran combofix (I didn?t know about the rule of not running Combofix until advised). Whilst Combofix was running I got messages about PEV.3XE and CATCHME.EXE. Combofix hasn?t helped and the problems persist. The only way I can work on the computer is with safe mode without networking.

I enclose the DDS report as advised and attach the report from GMER

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Run by Abraham Green at 14:47:00 on 2011-08-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.789 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = https://ibank.barclays.co.uk/olb/u/LoginMember.do
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7... Read more

A:Infected - name unknown, computer crashes

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Your problem look similar to these Fake malware programs.

Follow the instructions on this page.

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

You may be able to download the tools from your infected computer. If not then use a clean computer and copy the files to a flash drive as suggested on the link.

Just to make sure run the Malwarebytes again once you have completed the first steps of the fix.

When this is all done Run the Combofix tool and submit the log is you can.

If at any time you need help to proceed please ask.

10 more replies
Answer Match 77.28%

Hi,A few days ago I have antivirus system pro on my computer. I used malwarebytes antimalware to clear it out. However, ever since then my internet connection has been spotty and I seem to be uploading a large number of packets. I also tried running spybot and avira and this doesn't seem to help. I can't start windows in safe mode (i get the blue screen of death) and while I can connect with DSL I can't connect via a straight up ethernet connection anymore, both wired and wireless. I also cannot connect to windows update and everytime i run malware I get the same file coming up (certstore.dat). Clearing my DNS cache is also problematic and shutting off that service makes no difference.Here's my Hijack this log: any help would be greatly appreciated.Scan saved at 4:12:24 PM, on 7/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program ... Read more

A:Computer infected with unknown problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 77.28%

About 4 days ago, I was on my computer with youtube, myspace, and google running. My computer randomly froze, so I decided to just let it sit, figuring it was just a hiccup. After about 10 minutes it was still frozen, so I did a hard shutdown. When I started my computer back up, I got 3 the error notifications asking me to send an error report. Two of them were for "Google Installer" and the other one was for "ViewMgr." All 3 showed up right away as my profile started loading. Imediately after that, my computer said there has been a hardware change that required me to re-activate windows and that I had to do it in 3 days. Nothing has been changed in my computer, so that couldn't be true. I decided that I was going to try to do a System Restore. The system restore wouldn't and still won't go past the "Confirm Restore Point Selection" page. I click the Next button countless times, and nothing happens. I decided to then try a system restore in safe mode. It wouldn't go past the same page. I restarted and ended up just re-activating it.

Since I've done that, I can't sign into my normal profile straight from start up. I have to run safe mode first, then restart and go to my normal profile. If I try to start without going to safe mode first, my system will hang at the "Windows is starting up..." screen. When I do start it up on with safe mode first, the system will still hang at the "Windows is starting up..." screen before going... Read more

A:Unknown Virus has infected my computer

bump.

2 more replies
Answer Match 77.28%

Yesterday, my computer started acting wierdly. Explorer.exe no longer loads and i am left with a black screen. Also, when I am able to load explorer it is unresponsive. Windows complains about not being able to start certain services and my cd drive no longer works. OS is windows vista sp2.Here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:30:01 AM, on 6/22/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Windows\helppane.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM... Read more

A:Computer Infected with unknown virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instruction... Read more

2 more replies
Answer Match 77.28%

I have an infection that keeps coming back after I have run Malwarebytes, SuperAntiSpyware, and SpyBot SD. I remove everything that comes up on these scans, while in safe mode, but after my computer has been restarted and running for a while, it starts to run very slowly. Below and attached are the logs from DDS and GMER that I was asked to post from my previous thread My link Thank you in advance for any help. I appreciate it.---DDS LOG---.DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 8.0.6001.18702Run by Administrator at 18:48:55 on 2012-04-27Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.644 [GMT -5:00].AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.sony.com/vaiopeopleuSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/keyword/%smSearchAssistant = hxxp://www.google.com/ieBHO: {02478D38-C3F9-4efb-9B51-7695E... Read more

A:Infected w/unknown...computer lags bad

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

22 more replies
Answer Match 76.86%

I am infected by a Trojan/Virus that prevents me from updating my antivirus software as well as redirects any clicked links from a Google search. I've run Ad-Aware and it removed a trojan but apparently did not completely fix the problem. I have run online scans (Kaspersky and Panda) but the scan either didn't finish or my computer rebooted when the infections were trying to be removed. I've installed MalwareBytes but it will not execute. I've pasted the dds.txt log below and attached the attach.txt and hijackthis.txt logs.

I appreciate any help that can be given.

Thanks,
Brian

DDS (Ver_09-05-14.01) - NTFSx86
Run by brian at 20:38:36.45 on Wed 05/13/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3069.1563 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalS... Read more

A:Infected with an unknown trojan preventing updates to antivirus and causing google redirects

Just bumping this up. I'm still interested in getting some help if anyone is available.

I appreciate your time. Thanks.
Brian

4 more replies
Answer Match 76.44%

Hello...

I need help with removing a trojan on my machine. I have a Dell Dimension E510 desktop computer with Win XP Media Edition.

The problem started with false "your computer is infected" popups, which I was eventually able to remove. I had to restore the registry entry for booting into SAFE MODE. I ran so many antivirus/malware removal tools, I can't remember which one finally rid me of that symptom.

Since then, a variety of tools have identified trojans on my machine and supposedly removed them, but they keep returning, or some type of trojan remains. The latest trojan that appeared and was supposedly removed from Virtumonde.

I've experienced internet hijacking, which seems to have gone away. When my computer boots up, the desktop appears before the Windows startup jingle plays.

I have the following available for use, and have run them on my machine a number of times. Sometimes they find things, sometimes they don't.

Malwarebytes' Anti-malware
VIPRE - current antivirus along with Sunbelt Personal Firewall
SpyBot
SpyHunter

I appreciate any help you can give. This has been going on for two weeks.

Thanks.

Here is the DDS log...
DDS (Ver_09-07-30.01) - NTFSx86
Run by MomAndDad at 23:42:22.56 on Thu 09/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1271 [GMT -6:00]

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt Personal Firewal... Read more

A:Unknown trojan/malware on computer

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

2 more replies
Answer Match 76.44%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:11:40 PM, on 2/19/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files (x86)\AIM6\aim6.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exeC:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\AIM6\aolsoftware.exeC:\Program Files\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Softw... Read more

A:Unknown Trojan Found on Computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

25 more replies
Answer Match 76.44%

Hi there,
Lately my computer has been super slow so i have run avast, avg and my current ESET secuirty (one by one so they dont interfere with each other and then after emptying the quarentine, i have uninstalled all except ESET). They all picked up remnants of some kind of trojan which has been deleted but i dont think it is completely gone as my computer is super slow.
I did a combofix and here is the log for it:
ComboFix 09-11-05.05 - BHUDIA 06/11/2009 11:50.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.310 [GMT 0:00]
Running from: c:\documents and settings\BHUDIA\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\BHUDIA\Application Data\wiaserva.log
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_glaide32

((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-05 17:49 . 2009-11-05 17:49 -------- d-----w- c:\documents and settings\BHUDIA\Application Data\DivX
2009-11-02 00:13 . 2009-11-02 00:13 -------- d-----w- c:\program files\AVG
2009-11... Read more

More replies
Answer Match 76.44%

My computer turned VERY slow. I have avast, zone alarm, ad aware, spyware blaster, spybot, windows livecare, advanced system care. I have tried disk clean up, defragging, disabling indexing, numerous tweaks and tips, etc. I have removed all unnecessary programs, used c cleaner, run chkdsk, etc. I have dusted and cleaned the processor, etc. You and HijackThis are my last hope. I appreciate any help you may have! Thank you very much! (ps I uninstalled AVG antivirus many months ago)
DDS (Ver_09-02-01.01) - NTFSx86
Run by dean at 15:28:57.04 on Tue 02/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.151 [GMT 1:00]

AV: AVG 7.5.524 *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090210-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:&... Read more

A:Is my computer infected? (sorry, type of infection unknown, if any)

Hello chuckk1,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies