Tech Problem Aggregator

Warning: Kazaakrypton trojan horse program

Q: Warning: Kazaakrypton trojan horse program

From Privacy Software Corporation Security Advisory Sunday, February 16, 2003:
KAZAAKRYPTON TROJAN HORSE PROGRAM

SYNOPSIS:

KAZAAKRYPTON (and similar programs such as IGLOO KAZAA) are the beginning of a new trend in trojan horse backdoors which take advantage of people downloading "cracked" or "free" software, music, or pornography from Kazaa and Kazaa-like file sharing servers on the internet. KAZAAKRYPTON, IGLOO and a few others we have seen in the last few days all share a commonality. These backdoors depend on people downloading an executable file or archive of interest and then end up opening up a hidden backdoor server on their machine which then joins the file sharing networks, serving up more copies of the trojan among whatever files "innocent" users add to the "collection."

Analysis of these new trojans has determined that once initiated, they begin making multiple copies of themselves into a subfolder of the main "Windows" folder on the affected machines. The files produced tend towards 6 new copies of the original trojan per minute, rapidly filling up the hard disk of the victim with deliberately named filenames of differing size. The resizing of the copies and the filenames, often containing names shown above in order to entice downloading, makes it extremely difficult for a Kazaa or similar file sharing host to be able to determine which files are legitimate and which are backdoors. Because of the manner in which antiviruses function, it would also be difficult for a pattern match of files to succeed as the sizings and spacings of the contents of the files containing the backdoor can be unpredictable, and therefore potentially elusive.

On machines which contain KAZAA, the backdoor trojan adds an entry to the registry as follows:

HKEY_CURRENT_USER\Software\Kazaa\LocalContent "Dir6"
which points to a folder called:
C:\WINDOWS\User32
which contains the multiple copies of the trojan under numerous "interesting names" in order to entice parties visiting the Kazaa server to download the trojan. In our testing, an average of 6 new files were created every minute.
On machines that do NOT contain Kazaa, these backdoors will open port 113 and 30201 and behave LIKE a Kazaa server, setting up shop in the same location in the registry and broadcasting their availability irrespective of whether the "victim" is running a file sharing server or not.

When running, the KAZAAKRYPTON and similar tools utilize tremendous amounts of CPU time, resulting in an obvious slowdown of the victim's computer with rest periods of ten seconds or longer between file creation salvos. Slowing of internet access on broadband systems is also noticeable, especially when the victim is not running Kazaa or similar "file-sharing" software.

Proliferation of this backdoor depends on people with less than the most honest intentions "reaching for the low-hanging fruit" of obtaining paid licensed software for free, the warning signs of suspicious content being "cracked registration keys," "full version downloads of commercial software," "cracked music CD's," and popular gamingware. The filenames of the infected files (as evidenced by the screenshot of a victim machine above) are designed to entrap casual software/music consumers looking for a "freebie."

The KAZAAKRYPTON backdoor creates a process named "CMD32" which is visible in the task manager (Ctrl+Alt+Del) keys and can be stopped, whereupon the copying of more files to the C:\WINDOWS\User32 ceases. However, all files in such folder must be considered suspect and should be destroyed in total, especially if the "User32" folder exists on a machine that doesn't have Kazaa installed.

The IGLOO KAZAA trojan behaves in a similar fashion, but sets up shop in a folder called C:\WINDOWS\Sys32. Same situation, less prolific.

Privacy Software Corporation's BOClean 4.10 software, designed to detect and defeat trojan horse programs, is fully effective in removing these servers regardless of the filename or manner of delivery and, as is the case with other trojans, can also disable this program instantly upon detection. BOClean will also remove the files and registry hooks without the need to disconnect from the internet or reboot the victim's machine.
COPYRIGHTED MATERIAL:

Copyright (c) 2003 by Privacy Software Corporation.

A: Warning: Kazaakrypton trojan horse program

12 more replies
Answer Match 68.88%

Anti-virus company Sophos warned Friday (23 July) of a scheme that invokes
Osama bin Laden's name to convince people to open a file containing a Trojan horse
called Hackarmy. (From Google News)

A:Trojan Horse WARNING

Thanks for the warning. More "social engineering". This isn't the first time someone has tried to trick people by revealing a "secret" about developments involving bin laden. Looks like this time instead of inticing people to open an attachment, the rumor is being spread on message boards!http://searchsecurity.techtarget.com/origi...i995232,00.htmlA file posing as photographic evidence that Osama Bin Laden has killed himself is in fact infected by the Hackarmy Trojan horse, according to Sophos. The Lynnfield, Mass.-based IT security firm said thousands of messages have been posted on Internet message boards and Usenet newsgroups. It claims CNN journalists found the terrorist leader's hanged body earlier this week, but that the photographs have not been officially made public because the U.S. government wants to verify it's Bin Laden. The messages point to a Web site where a file can be downloaded, purporting to contain photographs. In reality the file contains the Trojan, which can allow hackers to gain remote control of the victim's computer.We'll keep a look out for any one posting such garbage here. According to Sophos this is not a new trojan--they've detected it since Jan.--just new social engineering. Here's their description of Troj/Hackarmy-A:http://www.sophos.com/virusinfo/analyses/trojhackarmya.html

1 more replies
Answer Match 68.46%

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

13 more replies
Answer Match 68.04%

Hi
I am a new member in here and don't know if am posting in the correct place.
When I try clicking on any folders on my drives, I get a warning which says " Some Trojan horses detected on your system, Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\ Windows. download protection now. Click ok to download the antispyware"
when i click on either of the YES or No options i am directed to a webpage which shows my system is infected with many trojans, and it has a repair option.
I did a boot time scan with an updated version of avast antivirus home edition but still the problem persists.
Can someone please help me out of this problem.

A:Trojan Horse Warning In Drives

Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=======
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

1 more replies
Answer Match 68.04%

Windows XP user. Some kind of trojan malware I think. I've ran the panda scan and hijackthis and pasted the logs here. Thank you in advance for the help. Also, Crtl + Alt + Delete Task Manager shows no tabs, just processes, but I've had that problem for about 6 months. I'm not sure if it is related.

Panda Scan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-20 12:15:55
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.526 7.5.526 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================... Read more

A:Trojan horse, Spyware pop-warning

^bump

11 more replies
Answer Match 67.2%

I am currently running WIN98SE on a PC and a laptop.

At bootup, the PC screen displays a Security Warning that Trojan-spy.HTML.Smitfraud.c is effecting IE. The message suggests running spyware and anti-virus software to remove this spy.

I have run Spybot and Adware spyware remover and several passes of Avast anti-virus. All programs have removed spyware and a virus infection. But the bootup security warning still displays each time the PC is booted.

I have a HijackThis log and have had it analyzed with the Hijack log analyzer, but I do not have the experience nor knowledge to understand what the analysis is tyring to tell me.

Please advise.

TIA for your help,

Manjo

A:Smitfraud.c Trojan Horse Security Warning

Hello Manjo and welcome to TSF,

Please post the HijackThis log here in this thread and we'll be happy to help rid you of this nasty Trojan, as it does require a special procedure.

3 more replies
Answer Match 67.2%

Today AVG popped with a warning 8 times that it had blocked trojan horse dropper.generic6.bzel. Did a scan with MBAM and it found nothing. Did a full scan with AVG and it found 4 more of the same. I'm not getting any visible effects such as redirects but I'm concerned all the same.

MANY THANKS IN ADVANCE.

Logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:25 PM, on 30/09/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDO... Read more

A:AVG warning trojan horse dropper.generic6

16 more replies
Answer Match 66.78%

Does anybody have any information on this virus in English, the only references are in Russian that I can find.

After AVG has scanned and healed the thing it comes up with warning box saying it has been found (Krepper.V) and to run AVG but it does not show up after scanning.

A:trojan horse virus and AVG healing THEN displaying warning

Sophos KrepperSee this link for info on Krepper from Sophos. There's also removal instructions but this means running Sav32Cli but this is command line based if you aren't happy using the command line I suggest using my tool RescueME see the sig.I would also suggest taking a hijack this log before and after cleaning and post both http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ here for analysis to ensure that you are clean.

3 more replies
Answer Match 65.94%

Hi

I will try keep it as short and simple as possible.

I accidently clicked an ad link while browsing and then my anti-virus (AVG 8.5) warned me of 4 files on my computer that read 'trojan horse'. I chose to remove the files and only 2 of them were sucessfully removed. I'm running a scan on the infected PC now and logged into a clean one to contact you.

I do alot of banking online and really need to be assured that the infected PC is clear before I start using it again.

Help much appreciated. Kind regards and Merry Christmas.

A:Anti-virus warning me of 'trojan horse' after clicking link

Hi, do you know which files it flagged as trojan horses? There should be a log somewhere in AVG (I haven't used AVG for a longggg time)Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update t... Read more

11 more replies
Answer Match 65.1%

my screen turned black with a flashing sign sayng "many viruses weer found on your computer such as: trojan horse, passcapture, ect. your personal information can fall into the third hands. plese check up the computer with a special software" what should i do? please help me!DDS (Ver_09-02-01.01) - NTFSx86 Run by HP_Administrator at 18:15:34.59 on Wed 03/11/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1323 [GMT -5:00]AV: Trend Micro AntiVirus *On-access scanning enabled* (Outdated)AV: Norton 360 *On-access scanning enabled* (Updated)FW: Norton 360 *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\WINDOWS\syste... Read more

A:infected with trojan horse and my screen is black with a flashing warning sign

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 65.1%

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 63.42%

Symantec Anti-Virus and Spy Sweeper keep appearing stating that the Downloader Trojan Horse or Trojan-Downloader.gen has been quarantined. Symantec rates it very low and Spy Sweeper rates it very high as far as risk level.
I scanned my computer with Spy Hunter, Spy Sweeper, Symantec Anti-Virus (in safe mode) and Trojan Remover, all with the latest definitions. No trojans or other problems found.

If you go to www.artray.com/quarantine, there are three .bmp files there that you can save to your computer that show the quarantined items and names together with the location they keep appearing in, which is c:\winnt\temp

Can someone please help me remove these trojans. I am on a pc running Windows 2000.

Bob
Email is ptaker at gmail dot com
===========================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41 PM, on 3/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\... Read more

A:Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen

Additional Information 3/10/2008 with Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-10 15:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:25 PM, on 3/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ICV\Binn\sqlservr.exe
C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\... Read more

2 more replies
Answer Match 61.32%

Hi,
My virus protection program, MicroTrend's pc-illin keeps on detecting this trojan horse program and is unable to clean it. I have repeatedly deleted the file it says are infected but it continuously reappears. It located in my temporary internet files, the exact location is....

c:\documents and Settings\my name\Local Settings\Temporary Internet Files\content.IE5\FAWR3XWX\

and now also in this location as well

c:\documents and Settings\my name\Local Settings\Temporary Internet Files\content.IE5\89NH33GV\

There are other subsequent .exe files in my C:\DOCUME~1\JOSHUA~1\LOCALS~1\TEMP location that are being brought up under as a virus as well but I am pretty sure they are related to the trojan horse I have as when I get one warning about about the upayb[1].int trojan horse, I get a warning about a virus detected in that temp folder as well....

Thanks a bunch!
 

A:upayb[1].int trojan horse program detected

I noticed that everybody else was posting HJT information so I thought I would add mine....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:59 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microso... Read more

1 more replies
Answer Match 60.48%

When I turn on the computer the virus alert screen came on with the High Risk caption right below it. Then the next sentence would be "Norton Anti Virus has detected a virus on your computer. Object name: c/PROGRAM FILES/SHARED/LIB.DLL Virus name: Trojan Horse Action taken: unable to repair this file." The forward backlashes in the object name should be towards the other direction, since I don't have that particular key on my key pad, I had to use this forward back lash.DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 14:11:04.56 on 01/29/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1471.952 [GMT -5:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System3... Read more

A:Infected with trojan horse (program files/shared/lib.dll)

Hi,* Please download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3 more replies
Answer Match 60.48%

Hey all, I have a virus on my computer that is acting through my actual Anti Virus that I use which is Trend Micro. So in the bottom right corner there is constantly a box that says "Trojan Horse Program Deleted (please restart computer). Then it wants me to click a "restart now" or a "restart later" button. It also wont let me run my firewall.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_16
Run by Strawberry at 23:40:07 on 2011-12-22
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.9206.6532 [GMT -8:00]
.
AV: Trend Micro AntiVirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro AntiVirus *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windo... Read more

A:Infected with Trojan Horse Program Deleted(Virus)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434102 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 60.48%

Trojan Horse Program Spews Fake Google AdsJanuary 9, 2006A Trojan horse program is churning out bogus Google ads promoting products Google eschews?gambling, cheap Viagra, girlie photos and adult dating.The ads, being targeted at small publishers, are identical to Google AdSense ads except that referral graphic buttons are being converted to text, apparently due to a bug in the Trojan, according to the publisher who reportedly discovered the Trojan.security.ithub.com

More replies
Answer Match 60.48%

Hi Guys

A few days ago, my free Edition AVG showed a trojan alert (Trojan horse Generic10.PWU, which it allegedly fixed) after i unzipped and installed a program. Since then, I keep getting error msg's that AVG launcher and WLLogin.exe stops working, every half hour and sometimes other programs like msnmsger. Besides that i can't browse in firefox or IExplorer (i can still browse in Safari and use MSN). And furthermore when i open IExplorer, it opens up fans with this address (don't know if it'ill do any good)
http://83.149.75.33/info.png?cmp=ghr...&lid=http&z=us
which it can't display, fortunately.
Now the virus alert have shown 3 times for the same trojan as well as something in the virus vault, AVG calls "Virus found Lop". AVG found 4 of those yesterday when i did a scan of the computer, all in Temp internet files dir except the last trojan which was found in C:\Users\Tr?ffel\AppData\Temp
So i ran through the self help tutorial you have here on the site and it helped get rid of the "fan pop-ups" in IE, but my computer is exeptionally slow even though i just upgraded its RAM.
One thing i could not do in the tutorial was to do the online scan, though i think that it was the site that has crashed and that it does not have anything to do with my computer, so i have scanned my computer a couple of times with AVG and Ad-Aware from lavasoft for spyware.

So, I don't really don't know where to go from here, i've googled it but that didn't do m... Read more

A:Browser+program malfunction - Trojan horse generic10.PWU

OMG - Now my AVG antivirus is finding another sort of virus in the deckard directory that I just downloaded :S :S :S in this directory C:\Deckard\System Scanner\USER\Tr?ffel\AppData\Local\Temp\ my AVG has found to cases of Trojan horse generic10.QLH which is a different sort than the others found on my computer :( please help me! I think my computer is getting seriously violated in the backdoor, so to speak!

14 more replies
Answer Match 60.06%

I have searched the forum and tried many things but still could not get rid of this blinking "Warning - Dangerous spyware - Following viruses were found on your computer: Trojan horse, PassCapture and etc....."
Please Help!

H/W & OS: Dell laptop D630 - XP Pro SP3

Symptom: Got many pop ups in IE and Firefox. Desktop screen gone black with a box with blinking "Warning" and text listed below:

"Warning - Dangerous spyware - Following viruses were found on your computer: Trojan horse, PassCapture and etc.
Your private information may be potentially transferred to third parties.
Please, check your computer using advanced software. Thanks"

Actions taken so far:

- Ran Spybots and Malwarebytes several times, deleted infected objects and rebooted laptop.
- Ran McAfee OnDemand scan few times and found no virus (???)
- Tried System Restore but does not work, even in Safe Mode Command Line, just can't click Next to restore any restore points.
- Ran Kaspersky's Online Scanner 7, found 7 objects infected
- Ran McAffe again and cleaned those infected object. Rebooted the laptop and the message still there....

Nothing works so far. Please help. Here are the logs:
=======================================

1) Malwarebytes' Anti-Malware Short scan found 7 infected objects. Removed & rebooted
Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 5.1.2600 Service Pack 3

5/16/2009 4:46:00 PM
mbam-log-2009-05-16 (16-46-00).tx... Read more

A:Blinking "Warning, Dangerous spyware...Trojan horse, PassCapture etc"

It got worse. I ran virus scan and Malwarebytes' Anti-Malware, Spybots again and it found adn removed about 8 more infected objects / trojan horse. Rebooted the laptop and now I cannot logon. It logs me out immediately from both user account and Administrator account.
Any suggestions beside reinsatll XP is appreciated.
 

1 more replies
Answer Match 60.06%

A hacker has managed to plant this virus in my system and therefore has all my MSN, Steam, Gmail and other account data. After sorta making friends with him on msn (was chatting with myself or him for awhile), I managed to find out the program he used to generate the virus is Codesoft PW Stealer. (This guy is from Germany too hehe) However, I am unable to generate the "proper" GMER log as all options above Services have been grayed out. Is there any other program I can use? If wanted, I below is also the url of the virus:removed malicious url.--ST.

A:Trojan horse PSW.Generic6.AEYO from Codesoft-built program

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

11 more replies
Answer Match 58.8%

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies
Answer Match 58.38%

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

12 more replies
Answer Match 58.38%

Version of Windows: Microsoft Windows XP Media Center Edition 2002 Service Pack 3Errors on Start-up: 1. QUOTELSASS.EXE memory allocation error cannot load command system halted.Errors on Shutdown I have to "End Now": QUOTEexplorer.exe, Connections Tray, Net Broadcast Event Window.2.0.0.378734, & MCI command handling window-My PC locks up when running the GMER scan & have to shutdown by powering PC off-I have had AntiVirus Soft multiple times even after removing w/ spybot search & destroy, ad-aware, Zone Alarm(Uninstalled), Norton(Current AV). It seems to reactivate the virus when I visit myspace.com apps. A java box comes on & all the sudden AntiVirusSoft is back in the start up & active. I reboot into safe mode, take it out of start up, reboot normally & do a spybot scan which seems to remove..But it keeps coming back like a cheesy horror movie character. -Have found QUOTE"Trojan Horse svchosts" in start up programs. I turned off & deleted. Scans didn't pick up virus??-When I reboot my pc my internet is being blocked for around 15-20 mins. The fw is off until the net gets unblocked by ??.-Games such as Resident Evil 5, Fallout 3, BF2 etc have been locking up & crashing since I got that lsass.exe error on start up. They are unplayable now. -Got that lsass.exe error a week ago after turning off start-up programs in MSConfig. Turned them all back on but error still stays. The MSConfig starts up automatically after a blue ... Read more

A:Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 58.38%

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 58.38%

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

19 more replies
Answer Match 57.54%

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

9 more replies
Answer Match 57.54%

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

16 more replies
Answer Match 57.54%

My son's Windows 7 computer has two trojan horse infections that were detected by AVG, but AVG was unable to quarantine or remove them
 Trojan 1.PNG   72.1KB
  8 downloads
 Trojan 2.PNG   55.63KB
  8 downloads. He has known about the infection for some time, but has continued to use the computer. I first became aware of the situation when he asked for help when, on boot up, he got a message "missing operating system." We were able to boot from the recovery disk, but now the infection remains and the system runs extremely slowly. We were able to download and run DDS; however, it does not create the dds.txt file, but only the attach.txt file. We ran it several times, and sometimes it creates the attach.txt file (version attached called attach2.txt
 Attach2.txt   811bytes
  4 downloads) and a couple of times it created a version which includes restore points (version attached called attach3.txt
 Attach3.txt   1.02KB
  3 downloads).
 
Internet connection on the computer has been intermittent. It was connected earlier this morning, long enough to download and run DDS and email the attach.txt files to me (I'm doing this post from my uninfected computer). Right now the infected computer is "not connected - no connection available." It should connect to the same wireless network in our home that my uninfected computer is connected to.  ****UPDATE**** The internet connecti... Read more

A:Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

Here are some more files that might help you. They are AVG Resident Shield results.
 AVG Resident Shield results 1.png   812.84KB
  3 downloads There are three more screen shots to this report, but it won't let me upload any more.

47 more replies
Answer Match 57.54%

I think my computer is infected. I ran AVG 8.0 free scan and it found the two trojans mentioned in the title. I deleted them. My computer is slow and acting strangely so I installed hijack this and ran it. Can you take a look and see if it is and what can I do next? I want to thank you for your time and efforts and tell you I appreciate it ahead of time. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:47 AM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Max Registry Cle... Read more

A:trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ

15 more replies
Answer Match 57.54%

I have probably been infected by trojan horse dialer for over a month so I cannot remember exactly how I got infected but I think it is because I was using IE but now I have permanently switched to Firefox. I have scanned my computer with Spybot search and destroy, adaware, avg antivirus, and vundo both in normal and safe mode. It seems as though I have gotten rid of trojan horse dialer with the vundo tool but then I became infected with trojan horse Lop.as. Everytime I do scan my computer with an antivirus tool the viruses and trojans usually show up in the internet cache or temporary internet files. That is probably why I cannot remove these viruses permanently. I regularly get those popups from AVG saying that they have detected the threat of trojan horse Lop.AS. I am running on Windows XP with SP2. The security tools that I run are the teatimer of Spybot, AVG real-time antivirus, and Zonealarm firewall. Now that I think I have gotten rid of Trojan horse dialer.COH my computer seems to be running at the previous speed before becoming infected. However, I still want to get rid of the Trojan Horse Lop.AS since the popup notice from AVG is so annoying. In conclusion, I have come to BC for a permanent solution.

A:I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses

http://www.bleepingcomputer.com/securityblog/2006/10/Unfortunately, though, this October when the latest batch of renewals and new awardees were admitted we found a new MVP who leaves a bad taste in our mouths. This awardee is Cyril Paciullo, otherwise known as Patchou, and is well know as the creator of Messenger Plus. As a program, Messenger Plus actually has some slick features, but our problem is that this program also comes with a known adware and Trojan called LOP.What is funny is when Microsoft Security MVP Derek Knight scanned the main executable for Messenger Plus, at the free scanning site VirusTotal, Microsoft was the only vendor that stated that the installer was a threat. --------------------------------------------------------------------------------Uninstall instructions in link below:http://www.bigblueball.com/forums/msn-mess...senger-6-a.html

4 more replies
Answer Match 56.7%

Hi all you wonderful people at bleeping computer!I'm hoping you might be able to help me with a Trojan I have on my laptop. AVG is picking it up occasionally and always on startup, but it keeps coming back.I've followed the preparation guide and am pasting and attaching the data requested... except...!My machine has crashed a number of times during the GMER scan so I've had to give up on that one. Let me know if there is something else I should do so the scan can complete.Here is my DDS log and the other file is attached.DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 19:00:38.24 on 07/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.333 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\LAUNCH~1\LManager.exeC:\Program Files\Common Files\Logitec... Read more

A:Nasty Trojan "Trojan horse Generic16.CNLB"/ "Trojan horse BHO.MFW"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

22 more replies
Answer Match 56.7%

My avg and avast has picked up these trojans trojan horse bho.eiz , trojan horse vund.t and win31/heur. I have tried the panda site but it wouldnt scan for me so then I came to this site to see if someone could help me. I have followed all the steps on the preparation page. When I did step 5 it didnt find anything and wouldnt let me copy a log to paste to you.MAIN.TXTDeckard's System Scanner v20071014.68Run by AuSSie` on 2008-06-15 07:48:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-06-14 16:17:42 UTC - RP145 - Windows Update10: 2008-06-14 09:57:20 UTC - RP144 - Windows Update9: 2008-06-14 09:43:37 UTC - RP143 - Restore Operation8: 2008-06-14 09:31:30 UTC - RP142 - Restore Operation7: 2008-06-14 06:26:17 UTC - RP141 - Windows Update-- First Restore Point -- 1: 2008-06-10 06:01:26 UTC - RP134 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as AuSSie`.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:34 AM, on 15/06/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL&#... Read more

A:Infected With Trojan Horse Bho.eiz Trojan Horse Vundo.t Win32/heur

HiFirst ... you should NOT be running 2 anti-virus programs, they will conflict ... choose between AVG8 & Avast ... keep one & uninstall the other ...Second ... with the malware showing in your log, I find it hard to believe that the Kaspersky Online Scan found nothing if set to scan My Computer ... If it was not set to scan My Computer, please run it again...THEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteamEDIT ... What are th... Read more

2 more replies
Answer Match 56.7%

Hi, thanks for taking a look, AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH I have no idea how dangerous these are I think they have been on my laptop for a week or so.
How do I remove them?
Many Thanks
MrP
 

A:AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH

bump
 

1 more replies
Answer Match 56.7%

Both of these trojans found through AVG. First, Backdoor.Generic11.BBDE a couple of weeks ago, now Crypt.HOS. All moved to Virus Vault except for file c:\windows\system32\drivers\asyncmac.sys; AVG states object is white-listed (critical system file not to be removed). I Goggled to research these and it's made me worried/parnoid about all the banking and bill paying I do online. One site said to change all passwords via another computer. Should I? I've gone through my Add/Remove Programs and do not see anything unusual installed.

I have a Dell Desktop Dimension 2400 40GB hard drive, 1 GB RAM, Windows XP Pro Version 2002 SP3, Intel Pentium 4 2.66 GHz.

I installed, uninstalled, and reinstalled three times Malwarebytes Anti-malware and keep getting "Error 703, 0, 13".

My Hijack This log follows. Any help and advice is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.... Read more

More replies
Answer Match 56.7%

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

5 more replies
Answer Match 56.7%

I have been struggling with this for a couple of days now. Some kind of malware(?) that keeps warning me that I have a virus and need to buy their anitvirus software. I have use Adaware, SmitFraudFix, Vundofix, CCleaner, and Ewido which seemed to find and clear a bunch of stuff. I thought I had got rid of it, but it keeps coming back. I seem to have gotten rid of some of it though as I'm not getting the "warning" messages all the time. My AVG keeps telling me I have a trojan (Trojan horse Dropper Agent.BTI and Trojan horse Pakes.U) but can't seem to fix it. I have no idea what to do!! Please help!

A:malware Trojan horse Pakes.U/Trojan horse Dropper Agent.BTI

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\ewido.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Di... Read more

17 more replies
Answer Match 56.7%

Trojan horse SHeur2.BEKQ infecting bogogife.dll and Trojan Horse Generic14.AXEW infecting logon.exeI was minding my own business on the net and the resident shield alert pops up telling me I have infections...I clicked to try to delete them and it said it wasn't recommended. so here I am again...I seem to get infections alot and don't know what Im doing wrong. Please HelpHere are the documents requested:DDS (Ver_09-07-30.01) - NTFSx86 Run by Twiss at 17:53:58.56 on 17/09/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1261 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\OEM02Mon.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\New Java\bin\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOW... Read more

A:Trojan Horse SHeur2.BEKQ & Trojan horse Generic14.AXEW

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

5 more replies
Answer Match 56.7%

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

1 more replies
Answer Match 56.7%

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\eh... Read more

A:Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

3 more replies
Answer Match 55.44%

Hi
i guess general discussion is the right place because it's not closely related to drivers

well i have installed Softperfect Ram Disk last version

i used revo uninstaller pro , to track this program

well during the installation i got a warning about the installation of the Softperfect Ram Disk driver

i let Softperfect Ram Disk installs its driver

i uninstall it , and reboot it

i remove manually files and registry keys related to Softperfect Ram then i reboot

now , i re-installed Softperfect Ram Disk , but i did not get any warnings

why? i have cleaned every files , registry , inf

can i reset this warning ?

thanks

A:install program driver warning ,can i reset the warning?

hi
i guess i found something that can be helpful for other users
View or manage your certificates
https://technet.microsoft.com/en-us/.../cc754841.aspx

1 more replies
Answer Match 55.44%

Hi
i guess general discussion is the right place because it's not closely related to drivers

well i have installed Softperfect Ram Disk last version

i used revo uninstaller pro , to track this program

well during the installation i got a warning about the installation of the Softperfect Ram Disk driver

i let Softperfect Ram Disk installs its driver

i uninstall it , and reboot it

i remove manually files and registry keys related to Softperfect Ram then i reboot

now , i re-installed Softperfect Ram Disk , but i did not get any warnings

why? i have cleaned every files , registry , inf

can i reset this warning ?

thanks

More replies
Answer Match 55.02%

Hi,I've had issues with pop up ads every few minutes. I scanned my computer using AVG Anti-virus and it found these trojans that were all moved to the virus vault:Trojan horse Generic3_c.YIMTrojan horse PSW.Generic7.BMRDTrojan horse Dropper.Small.IAUTrojan horse Generic16.AQOGTrojan horse Generic16.AQOGTrojan horse Generic16.AQOGI'm still getting pop up ads, though.Below are my DDS log details (I also added my HiJackThis log) and I've attached the Attach.txt file per your Guidelines (http://www.bleepingcomputer.com/forums/topic34773.html). Any help you can offer will be great. Thanks!DDS (Ver_10-12-05.01) - NTFS_AMD64 Run by Elena at 14:38:42.91 on Tue 12/07/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2117 [GMT -8:00]============== Running Processes ===============C:\PROGRA~2\AVG\AVG10\avgchsva.exeC:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC: ... Read more

A:Trojan horse Generic3_c.YIM, Trojan horse Generic16.AQOG

Do you still desire help?

24 more replies
Answer Match 55.02%

Hello,

First, two thumbs up for the good work you guys do here!!

Second, MY PC has several related/non-related "issues".

-- Within the past month, I have eight instances of the Trojan Horse PSW.Generic.MYP in my AVG Vault (I attached a csv file) and 3 instances of Trojan Horse Gneric 5.100 as well as one instance of Trojan Horse Agent DYC

---My PC takes 3 times as much time to Start-up as it used too.(few minutes in regular mode and 15+ in Safe Mode)

---I run AVG anti-spyware once every day. EVERY TIME I do, I get AT LEAST four THOUSAND traces and over 30+ objects. I attached a copy of a scan that was run 4 days ago just as a point of reference. (Scan-20070730.txt)

I recently(ironically one month ago) went through a nasty break-up with a very computer savy ex girlfriend. Not that it is important but it seems after looking up these particular Trojans, they all seem to be geared towards password theft. Please take a look at my logs below. Also if there is anything else you might suggest to prevent password theft in the future please let me know! THANKS

***************************************************
Logfile of HijackThis v1.99.1
Scan saved at 9:00:31 AM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svcho... Read more

A:Password stealing Trojan Horse?? Trojan Horse PSW.Generic.MYP

No responses....hmmm? Can someone please tell me (PM or in open forum) what I did wrong here? wrong forum, wrong format, or just plain wrong? lol I really would like to solve the issues I'm having related to malware/spyware etc

THANKS
 

1 more replies
Answer Match 55.02%

The computer takes a long time to open up, sometimes the desktop item disappear but will reappear upon reboot, I often find it impossible to go from one part of a web site to another, and my google popup blocker stopped working, and clearing the count didn't make a difference. Ran Spybot R&D, AVG, did a defrag, and a cleaner, ran CCleaner, CCleaner Register cleaner All to no avail. Here's my HiJack results:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:07:32 PM, on 6/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\CyberLink&... Read more

A:May Have Virus, Repeater Trojan Horse, Or Plain Trojan Horse

Doesn't anyone ever read this site?

26 more replies
Answer Match 55.02%

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

A:Infection of Trojan horse Generic15.AULT and Trojan horse BH0.JEW

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

16 more replies
Answer Match 55.02%

Hi all
 
I appear to have picked up some viruses.
 
An AVG virus scanner keeps detecting the trojan horses as detailed in the subject field, however is unable to remove the threat. There appears to be loads of unusually named folders in AppData/Roaming and I keep getting popups asking me to run a java.bs.
 
In addition there are numerous processes in task manager which are using CPU memory and slowing the system down hugely. These are svchost.exe and iexplore.exe.
 
Can anyone help please?
 
Many thanks!

A:Trojan Horse SHeur4.BSNO & Trojan Horse ScreenLocker_s.WI

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

1 more replies
Answer Match 55.02%

ok, i got some viruses/spyware messing around with my system, my avg keeps finding these virus

trojan horse BHO.BDJ , .BDP, .BCD, .BBY
obfustat.plc
trojan horse downloader generic4.fhs

i have already scanned with avg, avg spyware, adaware.... im at a loss of how to get rid of these things.

heres my hijackthis log any help would be appreciated.....

Logfile of HijackThis v1.99.1
Scan saved at 9:53:24 PM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ok5wgwugp.exe
C:\Program Files\Microsoft ActiveSync\WCE... Read more

A:trojan horse bho, obfustat.plc, trojan horse downloader generic4.fhs

16 more replies
Answer Match 55.02%

Hi, I've had this virus on my computer for about a week. It's mostly disabled my internet, and made most programs extremely slow or hard to use. I've tried running malwarebytes, superantispyware, AVG, etc but havn't had any luck. The only thing that even detected it was avg, which doesn't remove it.

I'm running a Toshiba Satellite A505 with Windows 7 on a 64 bit operating system(So I can't post GMER logs). Any help would be appreciated! Thanks.

This is my DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Ian at 19:52:24 on 2011-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2334 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows�... Read more

A:Trojan Horse SHeur3.CFMY & Trojan horse agent3.CHE

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411630 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

2 more replies
Answer Match 55.02%

Hello all,I have noticed my computer freezing and going to sites (www.abigaildiets.com) so fat loss site I didnt click, So I installed AVG 8.5 and PC-Tool Spyware docter, they pick up most of the viruses but there were 3 viruses that just wont go away, it detects it, but everytime i start up it picks it up again, as if it was never deleted.The 3 infections are (as detected by AVG Anti-Virus everytime I start up):Virus Identified Packed.NoperTrojan horse Generic14.ZYFTrojan horse SpamBot.wMy HJT is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:31 AM, on 8/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d .exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d.exeC:\WINDOWS\msd.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Pr... Read more

A:Multiple Trojans and Virus that just Won't go Away(Virus Identified Packed.Noper--Trojan horse Generic14.ZYF--Trojan horse...

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

1 more replies
Answer Match 54.18%

My computer is Windowns XP Service pack 3
I always use Firefox and never use Microsoft explorer.
My computer runs AVG 9.0.830 Free.

On 6/30/10 my computer detected Trojan horse Clicker.AJSF. This was followed immediately afterwords with the detection of Trojan horse Downloader.Agent2.YIZ. This was accompanied by the noise of clicking anywhere from every 10 seconds to 2 every minutes. This went away after a few runs of AVG. Occasionally the volume would balance would lower itself to zero. The Trojan horse Clicker.AJSF was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\119889546
C:\Documents and Settings\corboybp\Application Data\Sun\Java\deployment\cache\6.0\4\3c0ae\784-3513414
the Trojan horse Downloader.Agent2.YIZ was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\loader.exe
C:\Documents and Settings\corboybp\Local Settings\Temp\smss.exe

All was quiet until 7/7/10 when Trojan horse Downloader.Agent2.YIZ showed up again however no symptoms were notable. it was located in the following places:
C:\System Volume Information\Microsoft\smss.exe
C:\System Volume Information\Microsoft\services.exe

Today the scan discovered Trojan horse Downloader.Agent2.YIZ located in the following locations:
C:\System Volume Information\Microsoft\smss.exe (1064)
C:\System Volume Information\Microsoft\smss.exe Result: object is inaccessible
C:\System Volume Information\Microsoft\servic... Read more

A:Trojan horse Clicker.AJSF "congratulations you won!" Trojan horse Downloader.Agent2.Y

Hi,

Please do the following:

Download Bootkit remover to your desktop
This is a rar file if you do not have a program to open it then download and install PeazipExtract Remover.exe to your desktop
Double click Remover.exe to run it
It will show a Black screen with some data on it
Right click on the screen and select > Select All
Press Control+C
Now open a notepad and press Control+V
Post the resultant log here please



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and... Read more

8 more replies
Answer Match 52.92%

One of mycomputers is infected and I need help. I ran Hijack This and it created a text file. I will post if below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:52:38 PM, on 4/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\system32\LxrJD31s.exeC:\WINDOWS\System32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcs... Read more

A:trojan horse sheur2 and trojan horse vundo

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

2 more replies
Answer Match 52.92%

Hi I would appreciate some help please removing these TrojansLogfile of HijackThis v1.99.1Scan saved at 19:18, on 06-08-29Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exec:\windows\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\windows\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\SyncroSoft\Pos\H2O\cledx.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\BuyPin Software\Advertising Killer\akiller.exeC:\Program Files\POP Peeper\POPPeeper.exeC:\WINDOWS\system32\ctfmon.exeC:\www\Apache2\bin\ApacheMonitor.exeC:\www\Apache2\bin\Apache.exeC:\Perl\bin\perl.exeC:\Program File... Read more

A:Trojan Horse Dialer.28a Trojan Horse Pakes.u

By removing O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll in safe mode the problems seem to be resolved, would someone check the new log and confirm all is ok please.Logfile of HijackThis v1.99.1Scan saved at 06:52, on 06-08-30Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exec:\windows\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\windows\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\SyncroSoft\Pos\H2O\cledx.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\BuyPin Software\Advertising Killer\akiller.exe... Read more

3 more replies
Answer Match 52.92%

Hi
I have an infection with Trojan Horse Small.BVI and Trojan Horse SpamTool.EVL. AVG 9.0 Free Resident Shield reports the infection in the file C:\Windows\Temp\****.tmp\svchost.exe (**** seems to be a random combination of characters, eg xurk). I removed the unhealed infections and the threat disappears, but at some point later the threat reappears. I know that svchost.exe is a system file and theres typically about 10 instances of it running in the Task Manager, but CPU usage appears fine.

Things Ive noticed:
* This happens only when my laptop is connected to the internet as Ive not received any threat while offline.
* The two trojans are detected by AVG at almost exactly the same time.
* I have run Super Anti Spyware, MalwareBytes, AVG, SpyBot Search & Destroy, Dr.Web CureIt, and Temp File Cleaner (TFC.exe). These detect a threat but are unable to prevent it happening again.

I have attached the Attach.txt and Ark.txt as requested, and a hijackthis.txt too.
Any help would be much appreciated!

Below is my DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Will at 14:07:27.16 on 20/12/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_16
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2047.988 [GMT 4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: AVG Anti-Virus ... Read more

A:Trojan Horse Small.BVI and Trojan Horse SpamTool.EVL

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

3 more replies
Answer Match 52.92%

I've been infected with the Trojan horse Agent_r.XJ and Trojan horse Generic22.LOZ viruses. I ran a scan with AVG. There were some viruses that could be removed but this is what was left over in inaccessible objects:

"C:\WINDOWS\system32\svchost.exe (1876):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\system32\svchost.exe (1876)";"Trojan horse Agent_r.XJ";""
"C:\WINDOWS\explorer.exe (1088):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\explorer.exe (1088)";"Trojan horse Agent_r.XJ";""
"C:\Program Files\Mozilla Firefox\firefox.exe (4800):\memory_001b0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\Program Files\Mozilla Firefox\firefox.exe (4800)";"Trojan horse Agent_r.XJ";""
"C:\Documents and Settings\Connie\Application Data\2DBF29BD99DB6FC99391D58322FEDAD9\arg70techsdk.exe";"Trojan horse Generic22.LOZ";"Moved to Virus Vault"

After the SpyBot search & destry listed below AVG reports this:
"C:\WINDOWS\system32\wuauclt.exe (4472):\memory_001b0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\W... Read more

A:Trojan horse Agent_r.XJ, Trojan horse Generic22.LOZ

Is this the right forum to post my virus problem in or should I post it somewhere else?

11 more replies
Answer Match 52.92%

Hi,
 
I've been handed a computer by my partner to look at that has a rather charming trojan horse hider.mpr on it.
 
Unfortunately it seems to have blocked me from accessing malwarebytes and avg that were installed on it. On closer look it has also 
blocked access to most websites.
 
Can anyone offer any guidance on where I should start to get rid of this, any support would be much appreciated.
 
Cheers
 
 

A:Dealing with a trojan horse "trojan horse hider.mpr"

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/502769 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

44 more replies
Answer Match 52.92%

Hi there. Was wondering if anyone could help.I am running Windows 7 and had initially become infected with a rougue application of AV8.exe. I downloaded MBAM and managed to clear the infection. I have also since downloaded and ran AVG 2011 with the latest virus databases.However, since then whenever I try to load a website (am using firefox as browser mostly) the browser begins to be redirected and AVG Online Sheild Alert flashes up with a warning: "Threat was blocked! File name: unsecured-sites.com/block.php?url=X (X being the url of the site i originally tried to access)Threat name: Trojan horse Fakealert.UD" When I scan with AVG it finds 2 infected files: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5200):\memory_00010000C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5200)both are infected with : Trojan horse Adload_r.AKJThe 2nd file is removed and healed, but the 1st file says "object is inaccessible"I ran MBAM and it found nothing this morning - here is the report:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4787Windows 6.1.7600Internet Explorer 8.0.7600.1638510/10/2010 12:00:23mbam-log-2010-10-10 (12-00-23).txtScan type: Full scan (C:\|)Objects scanned: 222800Time elapsed: 31 minute(s), 8 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: ... Read more

More replies
Answer Match 52.92%

How do I get rid of these Viruses.

Trojan horse Lop.AS, always in Temp Internet Files\Content.IE5

Trojan horse Dropper.Agent.CMA

and

Trojan horse Downloader.Generic2.TUJ

these where found by AVG anti-virus, free edition
Thanks in advance guys

Here is my Hijack This log :-

Logfile of HijackThis v1.99.1
Scan saved at 15:58:59, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:... Read more

A:Solved: Help.. 2 Trojan horse EXE files and a trojan horse Lop.AS

Nevermind, Have just finished a fresh install of XP.

I am now using Zone Alarm free Firewall,
AVAST! Anti Virus and
Ad-Aware SE.

Cheers
 

1 more replies
Answer Match 52.92%

Hello,

Vista home, AVG....finally able to install malware and got it to run (kept getting "windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them" puked at me and yes I was logged as admin). I "think" I got the problem taken care of hopefully (rid of the trojan) but not sure, still had a hard time getting hijackthis to run as it was giving me the same error. I hope I gave you enough info, this is my daughter's laptop having the problem. IE seems to be running a bit slow as does start up whereas before it was fast. Thank you so much for your help in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:39 PM, on 9/6/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Google\... Read more

A:b.exe, trojan horse congac, trojan horse zoeken

anyone out there?
 

1 more replies
Answer Match 52.92%

AVG keeps popping up with Trojan Horse Agent.EX & Trojan Horse Clicker. When I tell AVG to do anything, it says 'Requested action is not available for this object. Access to the file has been denied.' I keep getting porn sites added to my favorites list, and occasionally get a blinking yellow shield with a black exclamation point in my taskbar. Half the time when I click on websites I don't go to the website I get taken to some other stupid site. Have run Ewido, Ad Aware, Spybot, and AntiVir. Logfile of HijackThis v1.99.1Scan saved at 1:28:00 PM, on 11/22/2005Platform: Windows XP SP1MSIE: Internet Explorer v6.00 SP1Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Nhksrv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\WINDOWS\System32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\ewido\security suite\ewidoctrl.exeC:\WINDOWS\... Read more

A:Trojan Horse Agent.ex & Trojan Horse Clicker

Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was _____________________Download KillBox here: http://www.downloads.subratam.org/KillBox.zipSave it to your desktop.DO NOT run it yet._____________________Go to add/remove and uninstall UnSpyPC_____________________With IE closed, run Hijack This again. Put a checkmark on these entries and hit "fix checked":O4 - HKLM\..\Run: [dmkqv.exe] C:\WINDOWS\System32\dmkqv.exeO4 - HKLM\..\Run: [dmpme.exe] C:\WINDOWS\System32\dmpme.exeO4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"O9 - Extra button: Quik - {06B3FCA0-E208-4E3F-BC4D-392EC157720D} - http://www.azob.quik.com (file missing) (HKCU)O14 - IERESET.INF: START_PAGE_URL=http://www.azob.quik.com _____________________Boot into Safe ModeDouble-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle... Read more

18 more replies
Answer Match 52.92%

Hi all,

First of I'd like to say that it is very noble of you professionals who volunteer your otherwise precious time in helping out clueless people like me with their computer problems. I'll greatly appreciate any help I can get.

Well the situation is as such, recently I started my new job at a new workplace. And I believe the previous employee went to certain undesirable websites and was not aware of the implications to the computer terminal.

I installed an anti-virus programme (AVG), for safety purposes, and almost instantly it detected these trojan horses in the system.
Trojan horse Lop.4.k
Trojan horse BackDoor.Hupigon3.wyw
As my workplace is an off-site location, I do not have tech support. The computer is also unnaturally laggish in starting programmes. I have tried running AVG both in safe and normal mode but to no avail.

Also, I apologise for not being able to attach the Panda scan log but for some reason this terminal does not allow me to scan it via Panda scan.

Without further ado, here is the DSS log:


Deckard's System Scanner v20071014.68
Run by AdminNUS on 2008-06-10 11:39:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as AdminNUS.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39 AM, on 10/06/2008
Platform: Windows XP SP2 (W... Read more

More replies
Answer Match 52.92%

have a problem with pop ups recently. Have tried to clean it out but it is not working for me.

AVG finds Trojan horse collected11.B and trojan horse Generic5.GQ.

I ran VundoFix and was able to heal mllmm.dll

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was c:\windows\system32\mllmm.dll

The second filepath entered was c:\windows\system32\mmllm.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------
Killing PID 372 'smss.exe'

Killing PID 1544 'explorer.exe'
Killing PID 1544 'explorer.exe'
Killing PID 576 'winlogon.exe'
Killing PID 576 'winlogon.exe'
Error 0x5 : Access is denied.

--------------------------------------------------------------------------------------

c:\windows\system32\mllmm.dll Deleted sucessfully.
c:\windows\system32\mmllm.* Deleted sucessfully.

Fixing Registry
----------------------------------... Read more

A:Trojan horse collected11.B and trojan horse Generic5.GQ

If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control ce... Read more

1 more replies
Answer Match 52.92%

Greetings!

After working on trying to help my webmaster clean up a new site design, I went to hibernate my laptop to move into the bedroom. It hadn't finished by the time I made the short trek, so I left it on the bed. When I returned, it wouldn't power on, but when I plugged it into the power supply, it booted up fine with a message about plugging it in so I didn't lose any files - the message you get just before the battery dies. At the time, didn't see any issues. I chalked it up to user error on my part even though I'd clearly seen the window indicating the laptop was about to hibernate.

About an hour later of working, I went to hibernate the laptop again and discovered that it wouldn't let me do so. It displayed the 'about to hibernate' message and then came back with the desktop. At the time, I looked at the task manager and didn't see any programs I had running/open, so I tried hibernating from there. Same message. The laptop eventually let me shut down through the task manager. Doing so from the Start Menu only brought me back to the desktop after the initial 'hibernating' message.

The following day, I noticed that when I clicked any link in Google, it redirected me to various search engine sites and then some porn sites. I tried running a virus scan at that point and I couldn't bring up AVG. I disconnected from the internet (I have wireless; I just disabled the radio), pulled it up in safe mode and ran the AVG co... Read more

A:Trojan Horse 'generic', Trojan Horse 'Cryptic'

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Answer Match 52.5%

Hello,

My AVG keeps coming up with my infected alerts on in C/Windows System32services.exe with Trojan horse Patched.c.LYT, and antoher in Windows/assembly/GAC/Desktop.AUGH with Trojan horse Generic28.AUGH. From what I've learned is they they are very dangerous, so far I've ran my AVG with no luck, MalwareBytes, and Advances System Care 5 also with no luck. Starting to read through these threads I downloaded and ran ComboFix but it stopped half way through so doubt it did anything, and now after reading more on these great forums it's probably for the best.

I've run Defogger, attached the DDS files, but the GMER scan freezes up every time when it gets tp Software\Microsoft\WindowsNT\CurrentVersion\Perflib\009, so I'm not sure why.. so I've stopped it during the scan process and attached that.

Any help would be greatly appreciated!!

Cheers
Logan
DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
Run by Logan at 11:53:11 on 2012-07-29
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3032.1675 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\... Read more

A:Trojan Horse Patched/c/LYT and Trogan Horse Generic28.AUGH infected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462944 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

7 more replies
Answer Match 52.5%

Hi,

I saw that my automatic updates was not on but when I try to turn it on in the system it stay off. I am also getting pop ups asking me to download varuious virus proctection/scan software. When I re booted my machine AVG found the following

Trojan Horse Genericll.AKAA,
Trojan Horse Vundo.t
Virus found - win32/heur

Any help would be most apprecited. I have noted my log file below. I have run the panda scan but can not seem to attch it to this email.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:21, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\P... Read more

A:Trogan Horse Genericll.Akaa - Trojan Horse - Vundo.T, several pop ups and Windows Aup

Bump, Please help

9 more replies
Answer Match 51.66%

Hi, please help!!

My computer infected with 2 types of trojan horses. Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG.

I updated all my antivirus and antispyware, boot to safe mode and manage to find and remove the trojan horses, but it come back after I boot to normal mode.

My antivirus and antispyware are AVG antivirus, AVG anti-spyware, Spybot, Ad-aware.

here I include my HijackThis logfile.
Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svcho... Read more

2 more replies
Answer Match 51.66%

I have read that several people also have trojan horse agent.AABY and trojan horse agent.AACL like I do. Is there a straight forward solution?

There is AVG 8.0 free, SpyBot Search and Destroy, and Mawarebytes on my computer up to date and are getting run many times a day. I have searched hidden files and run all programs in safe mode as well. It keeps coming back!

Please help, this is driving me crazy.

A:Trojan Horse Agent.aaby And Trojan Horse Agent.aacl Infection

They are finding nothing? Have you tried scans from Safe mode woth the AVG and SpyBot? MBAM is stronger in normal mode. Do you have SpyBot's Teatimer function enabled ometimes that will interfere witha scan. Here's another tool to run...Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows... Read more

10 more replies
Answer Match 51.66%

Logfile of HijackThis v1.99.1Scan saved at 21:38, on 1/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Grisoft\AVG Anti-Spyware... Read more

A:Infected With Trojan Horse Downloader.generic2.muz And Trojan Horse Downloader.generic3.hxl

Hello what-the? and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

Can you post the log files from, or write down the information about, whatever program is finding these 2 things and where they are being found (like what files and file locations)?

Cheers.

OT

1 more replies
Answer Match 50.4%

Desktop Sony Vaio, Windows XP + SP3, 1GB RAM.These four infections - HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE periodically try to execute and Norton Security Suite BLOCKS them all. Along with these four, about 16 files are also blocked, all associated - fpq52.tmp (TROJAN HORSE), fpq4b.tmp (HACKTOOL.ROOTKIT), fpq4c.tmp (TROJAN HORSE), fpq4a.tmp (TROJAN.PANDEX), fpq4f.tmp (TROJAN HORSE), fpq4e.tmp (TROJAN.VUNDO), etc.I am presently running Norton Security Suite 4, F-PROT Antivirus, IObit Security 360, SpyBot-SD Resident, SuperAntiSpyware, Malwarebytes and Secunia PSI. These will not eliminate the infections.This PC is a neighbor's which originally had the Windows firewall OFF and greyed out, Firefox Google Hijack and the following infections, which are all now repaired -- HIJACK.WINDOWSUPDATE, Hiloti.B.gen!Eldorado, Trojan2.HZYZ, WORM.BDQA, TROJAN.AGENT.APHZ, ROGUE.AGENT/GEN-NULLO(dll), WORM.BLAH. (I mention these to provid a little background info). There were about 50 Windows Updates that were blocked but now installed.Thanks in advance for your assistance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Leah at 13:31:16.40 on Thu 06/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.95 [GMT -5:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: F-PROT Antivirus for Windows *On-access scanning enabled* (Updated) {3... Read more

A:Infected with HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

47 more replies
Answer Match 49.98%

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

A:Trojan Horse Backdoor Generic6 and Trojan Horse IRC Backdoor Sdbot2

12 more replies
Answer Match 49.98%

Hello everyone. I had a problem with my PC once in the past & someone here was really nice & showed me how to fix it so here I am again with another problem hoping that someone can help me again.

I got a result in my AVG Anti-Virus scan that had 10 infected files that were not removed.
These are the files:

C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038551.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A003851.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038556.exe
Trojan horse Generic11.AV
C:\System Volum... Read more

A:Trojan horse Generic 11.AV & Trojan horse Dropper.Generic.AAMD

9 more replies
Answer Match 49.98%

Hi there!Like many others lately my laptop has been infected with Bamital Trojan.Date of infection: 2nd, October 2010Detected by: AVG 9 Infected Files: Explorer.exe with Trojan horse Patched_c.JEE and Winlogon.exe with Trojan horse Patched_c.JESAVG Result: "Object is white-listed (critical/system file that should not be removed)"OS: Windows XPThe only things i can remember leading up to the infection was...1. My IE browser sometimes opens up different sites on other tabs2. I had downloaded a part of a movie3. I updated AVG 9 (even though it was just updated approx 2 days prior)Attempted Resolutions:1. I've updated and ran malwarebytes but it couldn't detect the virus.2. I realised my google search results are constantly being redirected to dodgy sites so i've run tdsskiller to remove the malware (but it keeps coming back, not sure if bamital is responsible for this)Additional Notes:1. This is the topic the that notified me that i am dealing with the Bamital infection : htttp://www.bleepingcomputer.com/forums/topic351001.html 2. Users in the topic has suggested the use of Kaspersky Tool to remove the infections but i'm not confident to do it on my own3. This is my friend's laptop so i don't have a copy of his Window's CD...e4. I cannot close AVG as it keeps detecting the threats over and overYour help is much appreciated!! Thanks in advance!! DDS (Ver_10-03-17.01) - NTFSx86 Run by Albert Chung at 22:29:04.35 on Wed 06/... Read more

A:Trojan horse Patched_c.JEE & Trojan horse Patched_c.JES / Bamital Infection

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

29 more replies
Answer Match 49.98%

Edit: Trojan Horse BHO.HJE infection post Trojan horse generic 12 infection (by post i mean after)Trojan Horse BHO.HJE infection AFTER Trojan horse generic 12 infectionI have resolved or am in the process of resolving this trojan horse generic 12 infection when AVG informed me that i now have trojan horse BHO.HJE. I ran a malwarebytes smart scan and nothing found. Here are the results of HJT scan:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:15:02 AM, on 2/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\DigitalPersona\Bin\DpHost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin&... Read more

A:Trojan Horse BHO.HJE infection post Trojan horse generic 12 infection

Hi sharma10,Welcome to the BleepingComputer forums.We apologize for the delay in responding to your request for assistance. Every one of our team members is a volunteer and unfortunately, there are often just not enough to keep up with demand. Thank you so much for your patience.If your issue has been resolved or you have received help elsewhere, please post a reply here and let us know so that we can close this thread.If you still need assistance, my name is SpotCheckBilly (SCB for short) and I will be happy to help you.===Very Important===The instructions in this thread have been specifically designed for THIS USER'S MACHINE ONLY . You should not use these instructions to clean your machine. Doing so could cause irreparable damage to your machine. If you need assistance, please start your own thread.=================A few things which will make our fix go more smoothly.Please >> DO NOT<< run any scans/tools or other fixes unless I ask you to.Please DO NOT install any software while we are working.Please Do not skip any steps. With some infections skipping a step can be disastrous.If there is something you don't understand or or are unsure of -- please stop and take a moment to ask about it. If you are running P2P filesharing program(s). My recommendation is you uninstall it/them.Remove any cracked/pirated software. I will immediately stop helping you if I discover any.The most important thing to remember is to be patient. Very seldom can we remove the ... Read more

1 more replies
Answer Match 49.56%

Lately my computer has been exceptionally slow. Blue screens a time or two. Ive recognized a few other suspicious things such as 'Service Distribution Software 3.0' trying to install at 3 am for the past 2 weeks. I also looked at my ReportingEvents.log and noticed that even though Microsoft updates were downloading successfully they were not installing since 6-10-2010 (i went ahead and attached a copy of that as well). Also, Firefox was acting really funny. Taking a huge amount of time to load. I also found that even if I shut Firefox down, it was always running. Even if I went to Task Manager to kill firefox.exe, it was very difficult to get it to finally stop running.I even saw a post here saying: ------------------------------------------------------------------------QUOTELets check your HOSTS file.It's located at c:\windows\system32\drivers\etc\hosts.You can open it up in Notepad.If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it.Lets check your HOSTS file.It's located at c:\windows\system32\drivers\etc\hosts.You can open it up in Notepad.If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 local... Read more

A:Trojan horse Vundo.JW - Trojan.Mebroot. Mebroot/Sinowal Infection, Trojan.Tracur, Trojan.TDSS or what?

Hi deetheis,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - MBAMOpen Malwarebyte's Anti-Malware.Under the Updates tab, click Check for Updates. Let the updates install (if any).After that, under the Scanner tab, click Perform Quick Scan and then Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBA... Read more

2 more replies
Answer Match 49.14%

I have AVG on my computer - with Windows XP I keep getting messages saying that there are infections. I have tried everything to remove them. I have gone through all of your steps and am extremely frustratedVirus name: Trojan Horse Clicker.PHKPath to file: C:\WINDOWS\system32\dswaven.dllVirus name: Trojan Horse BHO.RC:\WINDOWS\system 32\asycfiltm.dllI have been trying to solve this for months now and have tried everything. I would greatly appreciate if someone could tell me what this is and how I can get rid of it.Thanks.NRK Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:39:44 PM, on 8/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG&... Read more

A:Trojan Horse Clicker.phk, Trojan Horse Bho.r

When can I expect to get a reply - its been 11 days.
Thanks.
NRK

35 more replies
Answer Match 47.88%

Can somebody please help me remove this virus from my computer without taking it somewhere and paying out the ass? Please? I don't know much about computers but this site came up when I googled the name of the virus.

A:Trojan horse crypt.anvh Help, I have a virus and dont know what to do!! trojan horse crypt.anvh

Hello, I moved you to the Am I Infected forum.Please run these.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1 <<<== Use this one first.Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to sc... Read more

1 more replies
Answer Match 47.46%

Hi... Before I go into more detail I wanted to let you know my issue was originally posted here asking for help with this problem and they after many attempts at removal recommended I come here. Here is the link: Trojan Horse Generic8.yaf (c:\windows\system32\compstu.dll), This will not go away no matter WHAT I do!!!Here's a summary of where I started and where I am now:I am utilizing AVG antivirus as my main AV. I also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program. The problem is that AVG keeps locating a virus and lists the following: OBJECT: C:\Windows\System32\compstu.dll RESULT: Trojan horse Generic8.YAF STATUS: Infected. I downloaded MBAM and utilized it. This did clean out the "house" however, it did not see the compstu.dll and as a matter of fact I don't even recall having seen it scan the file as I observed the entire process. The file ALWAYS comes back. The AVG error that pops up is "Threat Detected! While opening file: C:\Windows\system32\compstu.dll Trojan horse Generic8.YAF.The file has also been identified as Trojan. Download-Gen/N_BHO by another of my programs. Since my original post, SAS, ATF, and SDFix have been downloaded and utilized according to the instructions I had received from Chewy and others. Many of the logs would come up clean one time and then dirty the next with various registy entries, and of course the ever prese... Read more

A:Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll)

Hello Spunky3174 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the la... Read more

13 more replies
Answer Match 47.46%

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

2 more replies
Answer Match 47.46%

http://www.bleepingcomputer.com/forums/t/176020/avg-error-after-trojan-removalhijack-file/

A:AVG error after trojan removal/hijack file, was infected with trojan horse psw.agent.vqa

Helped here, closed.

1 more replies
Answer Match 47.46%

Hi i have a bit of a problem my avg has found trojan horse Generic3.AOP & Generic3.ANV on my system Also i had a previous problem with MBS Account Manager that was previously sorted out by MFDnSC here at BC for some reason this problem is back and i don't know why Kaspersky Online Scanner Report shows me this C:\!KillBox\mbssm32.exe Infected: Trojan.Win32.Agent.afiAnd now my hijackthis logLogfile of HijackThis v1.99.1Scan saved at 01:09:57, on 18/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS ... Read more

A:Trojan Horse Generic3.aop, Trojan.win32.agent.afi & Mbs Account Manager

Hello,Kaspersky Online Scanner Report shows me thisC:\!KillBox\mbssm32.exe Infected: Trojan.Win32.Agent.afiDon't worry, you killboxed that file previously, that's why Kaspersky is flagging this file present in the Killbox folder.So you may delete the C:\!KillBox - folder.I don't see anything suspicious in your log.

6 more replies
Answer Match 47.46%

Hi,

I've run SpyBot and AVG Anti-Virus programs and Trojan Horse BackDoor.Generic11.HCO (corresponding to C:\Windows\system32\ativvax.dll) and several tracking cookies are picked up. Yet, I'm still not able to remove the listed items. Can anyone assist me?

A:Trojan Trojan Horse BackDoor.Generic11.HCO and Tracking Cookies/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

2 more replies
Answer Match 47.04%

Hello guys, Thanks for the help with this.
I get a Norton AV window that pops up all the time with file names like $055C6D52.t$m for example. When I look in the quarantine folder I find Hacktool, Trojan Horse, w32.Spybot.Worm, Trojan.Startpage, Downloader.Lop,Bloodhound.Overpacked, Infostealer.Wowcraft, Backdoor.Graybird as files in quarantine. I would like to eliminate whatever it is that keeps attempting to re-infect my machine.

I'm running Norton and AVG, Spybot, and Windows Defender.
I appreciate any help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:45 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\... Read more

A:Hacktool, Trojan Horse, w32.Spybot.Worm, Trojan.Startpage, Downloader., Multiple Infe

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

10 more replies
Answer Match 47.04%

Evening...I realize that this is a strange way of going about this, but I think in the long run it will be easier to understand. Below is an explaination of what was happening with my PC as of a few days ago. At that time I intended to request your help in ensuring I'd succeeded in removing all malware, however, after having performed all your prep scans, everything appeared to be fine, and since my PC was behaving in no way suspiciously, I thought, perhaps, I wouldn't have to bother you after all, unfortunately, that may have changed. This morning, while removing a couple of unnecessary start up processes via Msconfig, AVG alerted to a virus and then a short time later, to two more, this is what it "healed" and vaulted: C:WINDOWSsystem32Obfustat.EVN C:ProgramFilesLogMeInx86 C:ProgramFilesLogMeInx86update3-00-600bakx86 From what I've been able to glean online, I now suspect that this could be a false positive and somehow was brought about by what I was doing at the time...possibly? I haven't yet deleted these three "viruses" from my virus vault, and hesitate to do so if they aren't actually viruses at all. However, please read on... I originally wrote the following a few days ago, before I ultimately, decided I might just be in the clear. Fortunately, I hadn't discarded it yet. I apologize for how long and convoluted this is... "Hello... Before we begin, I should point out that my comprehension re computer issues is minimal, at best. So, please bear w... Read more

A:Recent Trojan Horse Downloader.generic5.biu (outerinfo, Yazzlesudoku?), Troj_puritysc.bl Type Trojan & (possible) Obfustat...

Hello alassnsane and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Thanks,Johannes

12 more replies
Answer Match 47.04%

Hi,
My computer has really slowed down ever since I got these viruses. It also crashes randomly and gives me a blue screen. I tried to do a system restore but failed. Bitdefender 2011 keeps on telling me that its blocking a virus called "Trojan Generic" and also another one called "Trojan Horse" but the box keeps on popping out every 10 seconds or so. I have scanned my computer with HijackThis and will post the resulst below. I will appreciate any suggestions anyone out there has since I've tried on myself for a week to remove it with programs like Malwarebytes, Spyware Doctor(actually bought it 2 days ago but it did nothing), Bit Defender 2011, AVG 2012, and have failed to remove it. Thank you for your time!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:35:09 PM, on 10/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Gabriel DLT\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)... Read more

More replies
Answer Match 47.04%

Okay, for the past few days I've been having issues with these viruses. I have seen posts here before asking about how to get rid of the same things but since I have those 3 I don't know if there is a better way to do this.

I keep getting random pop ups. I tried downloading VundoFix but it keeps coming back of course. I ran Spybot Search & destroy and the same thing happens.

The Anti-Virus I'm using is Norton AntiVirus Corporate Edition Full version 7.60.926 if thats even necessary. It is up to date and the description it gives me for each one is..

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1\valera[1]
Location: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wed Sep 19 23:37:08 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\CHER4DUR\lkjh[1]
Location: Quarantine
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Wed Sep 19 23:37:10 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\Documents and Settings\s... Read more

A:Virus issues, Downloader, Trojan.Vundo, Trojan Horse

oh god..okay i should probably mention that right now, my antivirus notification is at 89 notifications and counting the same message over

"Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\WINDOWS\system32\byxxutr.dll
Location: C:\WINDOWS\system32
Computer: STARRSCOMPUTER
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Thu Sep 20 00:15:34 2007"

by the time im done with this message its up to 99 notifications total and still counting.
103 now

im trying to delete it but it says the file is busy and im trying to disable anti virus but i cant figure out how
 

3 more replies
Answer Match 47.04%

Hello,

I did some regular scans on my mothers computer and I found some viruses like Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo. In addition to these viruses my mother had her startup to SELECTIVE startup!!!! I do not know why and it shouldn't have been that way. So I put it back to normal, and startup is ridiculous, and I was just wondering what can we do about getting rid of these viruses and cleaning up random junk from starting on startup.

Thank you in advanced, you guys are awsome,

Steve

p.s. should I post a hijackthis log, if so how should i. save to desktop and scan only?

A:Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.First, please do not post your HijackThis log here as they are NOT permitted in this area of the siteLets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is ... Read more

16 more replies
Answer Match 47.04%

Did scan and picked up these virus,says most are inbedded.Here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:12:01 PM, on 8/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeoplePC\ISP6000\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6000\Browser\PPShared.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HiJack This\HijackThis v 1.99.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\... Read more

A:Help: Have Trojan Java/class Loader and Trojan Horse Proxy.16z

8 more replies
Answer Match 47.04%

Hello: It would be much appreciated if someone could help me. I got these a few days ago, and have tried just about everything.

Booting in safe mode and running norton, ad aware, ewido. When I boot up in normal it still comes back...here is the Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 9:01:59 AM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\Syma... Read more

A:Solved: Trojan Horse, Trojan.Zlob & Dialer.Kotu

11 more replies
Answer Match 47.04%

picked up these bad boys when i was stupid and launched an .exe that i wasn't too sure of in the first place. anyway, nothing i have is getting rid of them. the following is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:19 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windo... Read more

A:Solved: trojan.vundo/trojan horse/downloader virus help.

14 more replies
Answer Match 47.04%

Please help!!!! I don't know which to keep and which to destroy. What should I do next?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:58 PM, on 4/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\netdde.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\clipsrv.exeC:\WINDOWS\SYSTEM32\imapi.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\System32\M-AudioTaskBarIcon.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\DellSuppor... Read more

A:Trojan Horse Vundo. GC & Trojan Downloadergeneric8.AFPS dropper

I can still get on the internet, but my Antivirus AVG won't distroy or delete so it keeps running up my processers. Sooner than later the virus will take over my entire system and I'll have to reinstall everything if I don't figure this out.

3 more replies
Answer Match 47.04%

My browser keeps redirecting to various sites. From google and other sites.

AVG has detected that ../system32/services.exe is infected with trojan horse patched_c.lxt
It has also detected that ../windows/assembly/GAC_32/desktop.ini is infected with trojan.generic15.axla

Malware bytes detected that a file in the windows/installer/ folder was infected with trojan.dropper.bcmilner and healed it.

problem Still remains please help!

DDS and GMER logs are attached.

Below is the DDS log.

Any help is much appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by LesH at 14:26:59 on 2012-06-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4001.1993 [GMT 1:00]
.
AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\W... Read more

A:services.exe infected trojan horse patched_c.lxt, and ../windows/assembly/GAC_32/desktop.ini with trojan.generic15.axla

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

16 more replies
Answer Match 46.62%

Since detecting Trojan.Zlob that's infected file byxvspq.dll from C:\WINDOWS\system32\ . I'm unable to delete it or clean it through Symantec AntiVirus Corporate Edition. It keeps saying that the file byxvspq.dll is currently used.
I've managed to manually delete it. Since then, there's a significance drop in using any browser. There's always a constant lag and when this happens the CPU usage is 100%. I can't pick up where there is being used.

After a couple of "try outs", googling on how to fix this problem thru downloading various anti-malware methods. While using the Deckard's System Scanner performed on safe mode. I've picked up another Trojan Horse infecting files:

lompqlbb.dll - locared in C:\WINDOWS\system32\

A0000010.dll - located in C:\System Volume Information\_restore{0041F8C1-BEF7-47C9-B410-DBFC02855A8C}\RP2\

Both these files are successfully quarantine.

Please advice.

So here's the log files:

Deckard's System Scanner v20070729.57
Run by Administrator on 2007-08-06 at 17:32:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:01 PM, on 3/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\syst... Read more

A:Slow Browser - Trojan.Zlob, Trojan Horse

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

14 more replies
Answer Match 46.62%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:45:48 PM, on 8/2/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Bonjour\mDNSResponder.exec:\dbssys\DBSNTS.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\WinLivePatch.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\svchost.exeC:\program f... Read more

A:Hijackthis Log: Please Help Diagnose - Backdoor.trojan / Trojan Horse Etc.

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

30 more replies