Tech Problem Aggregator

Downloader.Generic.FCB + PSW.Generic.DYD + others

Q: Downloader.Generic.FCB + PSW.Generic.DYD + others

Downloaded AVG?.

Found:
Trojan horse Collected Z C:\Windows\toolbar.exe
Trojan horse Downloader.Generic.FCB C:\Windows\tool1exe

Updated AVG files?.

Found:
Trojan horse Downloader.Generic.ITN C:\Windows\loadnew.exe
Trojan horse PSW.Generic.DYD C:\Windows\kl.exe
Trojan horse Downloader.Generic.ITN C:\Windows\1sv22cb9.exe
Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.exe
Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.dll
Trojan horse PSW.Generic.DYD C:\Windows\ibm00002.dll
Trojan horse Startpage.UN C:\Windows\paytime.exe

I then Rebooted?..

AVG Boot-up Scanner (ver 7.1)
Detected a virus
C:\Winstall.exe spyware spytrooper.G
Recommend reboot and restart system from virus free diskette then use AVG Rescue Disk and remove the virus by healing.

Did this and it found nothing.
Ran AVG found nothing.

Still detects [C:\Winstall.exe spyware spytrooper.G] on boot-up


HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:05:23 AM, on 11/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\WEBSHOTS.SCR
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=www.e4me.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

Thanks for any help.

A: Downloader.Generic.FCB + PSW.Generic.DYD + others

just a bump

14 more replies
Answer Match 102.9%

Hello, my husband's computer seemed to contract quite a few trojans lately according to AVG free. I tried to use it to get rid of them, but I just wanted to check if it had done the job and if there is anything still lingering. Also I would like to prevent thhese infections happening again, as it seems a bit weird to me to have 5 different trojans at once. Can anyone say how the following trojans managed to download?

In temp folder: trojan horse generic 14.ABXY & trojan horse SHeur2.APYR

In system volume information _restore: trojan horse Downloader Generic 8.BJPU & another 14.ABXY

In temp internet files: trojan horse generic 13.BUBK

Thanks a lot for your time and please let me know if you need anymore info!! I appreciate it

DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gerard Sabapathy at 21:40:44.50 on 25/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.319.64 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin&... Read more

A:Trying to get rid of trojans generic 14.ABXY, SHeur2.APYR, Downloader Generic 8.BJPU

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 102.48%

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

2 more replies
Answer Match 101.22%

McAfee found those files and I wondering if they are slowing down my computer. I am also having problems removing programs and installing Microsoft security updates. When ever I try to remove certain programs I get a message that says, "This installation is forbidden by system policy. Contact your system administrator." My computer is a stand alone and I have admin privileges . Here is my log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:38 PM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicen... Read more

A:Help removing Generic!Artemis, MK Recorder, and Generic Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 99.12%

First off, I'd like to thank everyone who contributes to this forum. I just found it and I've already learned a lot from the stickies and other posts. I really appreciate the time put into it.

Now, I have a problem I was hoping to get some help with. I'm running Windows XP and for the past week my McAfee SecurityCenter has been reporting a lot of trojans/viruses/PUPs that have been removed or quarantined or that could not be repaired. Since this has happened, I've noticed my computer (especially web applications) running incredibly slowly from time to time for no obvious reason. I've also occasionally been redirected from websites that I frequent to websites I've never been to.

Below I've included a list of the items detected by McAfee and the actions it took (minus duplications) and a current HijackThis log. Any help would be appreciated, thanks.

Generic Dropper (quarantined)
Generic.dx (quarantined)
Generic Downloader (quarantined)
Generic.dx (removed)
Generic Dropper (removed)
Adware-PurityScan (cannot be repaired)
Downloader-BCF (removed)
Adware-ISM (removed)
Adware-BHO.gen.c (cannot be repaired)
Generic Pup.d (removed)
W32/Sdbot.worm (quarantined)
FakeAlert-AB!htm (removed)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:24 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winl... Read more

More replies
Answer Match 95.76%

Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?)

I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =(

If you could help me that would be great!!!! Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Fi... Read more

More replies
Answer Match 95.76%

About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more

A:generic.dx and generic downloader.dx Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

6 more replies
Answer Match 95.76%

McAfee installed on computer but was "complaining" that the computer wasn't protected but when clicking fix - nothing changed. Finally tonight was able to get the updates and now it says machine is protected and it quarantined:

Generic Dropper.cx, Generic Downloader.x.

I can see from the logs that on 1/25 it supposedly removed Generic.dx. Obviously, this machine still had a problem so I ran dds and mbam - although in reverse meaning ran mbam first. Logs below. Perhaps MBam has fully resolved but I'd like an expert to confirm. Thank you.
*****************************************************************
Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 6.0.6000

2/6/2009 8:39:56 PM
mbam-log-2009-02-06 (20-39-56).txt

Scan type: Quick Scan
Objects scanned: 51894
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT... Read more

A:Generic Dropper.cx Generic Downloader.x

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 95.76%

I can't get rid of the the Generic Rootkit w. My virus software warning window keeps popping up saying the Trojan is detected even after I ran SDFix.

Generic Rootkit w
File: c\WINDOWS\system32|securetm.sys
Process: c:\Docume~1\Valerie\LOCALS~1|Temp|BNF6FD.tmp

Generic Downloader.x!i
File: c:\Documents & Settings\Valerie\Valerie.exe
Process: c:c:\Documents & Settings\Valerie\Valerie.exe
Thanks for your help,
Valerie
______________________________________

DDS (Ver_09-03-16.01) - NTFSx86
Run by Valerie at 9:30:34.68 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1283 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\V... Read more

A:Generic Rootkit w and Generic Downloader

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies
Answer Match 91.14%

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

2 more replies
Answer Match 85.68%

First of all would like to say hi to everyone at TSG!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\s... Read more

A:Solved: Help Removing Trojans : New Malware.j / Generic Downloader.f / Downloader-AYL

13 more replies
Answer Match 84.84%

First of all would like to say hi to everyone at Tech Support!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusche... Read more

A:Help Removing Trojans: New Malware.j / Generic Downloader.f / Downloader-AYL

Hello parry, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 ? TEMP... Read more

14 more replies
Answer Match 83.16%

i started dealing w/ the popups a week or so ago, my sister was visiting a page for myspace layouts, can't remember the name and clicked on a link when the firewall popped up saying it stopped trojan from downloading. however, that's when the popups started. i ran ad aware, remove it pro 4.1and ran norton antivirus (subscription expired months ago tho). did this several times, sometimes in safe mode, several things were removed including trojans, but the popups remained. mainly they were from outerinfo and winantispyware pro...but there are a lot of others from random websites. i found out how to uninstall outerinfo on their website, and have had no more problems with it, but the others keep coming. also, i noticed under the privacy tab of internet options the settings keep resetting to "accept all cookies". i've changed it to medium-high several times, it keeps resetting. a few times i have received a "buffer runtime error" message and the desktop reloads, sort of acts like the computer restarts but all of the programs stay on the screen.

panda log:


Incident Status Location

Adware:Adware/DnsInsider ... Read more

A:popups; Trj/Downloader.OZB, Generic Malware, Trj/Downloader.PCQ

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Once we've gotten a handle on the infection, we'll uninstall Norton (or you should renew the subscription) and get you a free Anti-Virus so the machine is protected. Having an outdated Anti-Virus program is almost like not having one at all.

---------------------------------------------------------------------------------------------
Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. ... Read more

19 more replies
Answer Match 81.48%

I have been infected by this trojan and i have no idea how to get rid of it. can someone help

A:generic downloader .bt

Hi b mercey and welcome to TSF

Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt back in this thread (do not attach it).
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box: C:\ComboScan\Supplementary.txt

Click Upload.

3 more replies
Answer Match 81.48%

Logfile of HijackThis v1.99.1Scan saved at 5:05:00 PM, on 10/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\program files\mcafee.com\vso\mcvsshld.exec:\program files\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Dell AIO Printer A940\dlbabmgr... Read more

A:Generic Downloader.c

1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exehttp://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall=========================Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop.When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.3. On the main screen select the icon "Update" then select the "Update now" link.o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".6. Under "Reports"o Select "Automatically generate report after every scan"o Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do Not ru... Read more

1 more replies
Answer Match 81.48%

[font=Verdana]I have tried to remove this Trojan, and everytime I reset my computer, it is back again!! When I try to Delete, Quarantine or clean this file, I keep being told that it is not possible to perform this action. I used the HiJack This program, but had a very hard time understanding the results and was concerned about deleting things I should not delete. Any help will be greatly appreciated.....Dash-mom

A:Generic Downloader.ab

I used the HiJack This program, but had a very hard time understanding the results and was concerned about deleting things I should not deleteHijackThis is an advanced tool that requires advanced knowledge about the Windows Operating System. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as your Internet no longer working or problems with running Windows itself. If you do not have advanced knowledge about computers you should NOT fix anything using HijackThis without consulting a expert as to what to fix. We may be able to remove this Trojan without using Hijackthis. Please try the following:If your using Win XP or Win 2000 download and scan with Ewido Anti-Malware v3.5Ewido Install and Scan InstructionsWhen done perform this online scan: a-squared Web Malware Scanner[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component]There are three options: Quick Scan, Smart Scan, Deep Scan and Custom Scan. The default selection is Smart Scan which is fast and scans the most important folders.1. Click "Scan Your PC".2. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click "Insall ActiveX component".3.... Read more

4 more replies
Answer Match 81.48%

Every Friday McAfee finds 1-3 files infected with Generic Downloader Trojan in windows/system32 folder. I've seen several blogs/forums addressing the issue, but I'm really PC ignorant and haven't been able to follow. It really hasn't affected my PC performance, but my firewall has detected strange programs attempting to access the internet.

Please help.

Thanks,
 

A:Generic Downloader.S

16 more replies
Answer Match 81.48%

I am running Windows XP Pro and IE7. I have McAfee anitvirus and Windows firewall behind a firewalled wireless router. AFter a recent Windows update, it removed the browser from the task bar and I can not find out how to get it back. Now every time I start Explorer, McAfee alerts that is has detected and removed viruses called "pws-wow", "generic downloader" and "online games." The files are different names but have been mf0824.exe, sl3.exe, db820.exe, sgxlxxaspf.080825.exe, us.exe, and dwbins.exe to name a few. Today it was "123123.exe". I have seen file paths to temp internet files/content/, local settings/temp, and documents and settings/administrator. I also occasionally get a window open for a porn site such as stickytube.com or letusshearch.com.I have run Adaware and shows no objects. Super Anti Spyware shows no objects. Spybot shows no objects. McAfee Stinger shows no objects.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:22:55 PM, on 8/27/2004Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\svchost.... Read more

A:Pws-wow, Generic Downloader, And Others

Hello Vmaxxed and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

1 more replies
Answer Match 81.48%

Caught this with mcafee scan but will not delete or quarintine. In file C:\WINDDOWS\SYSTEM32\xlibgfl254.dll -- any suggestLogfile of HijackThis v1.99.1
Scan saved at 4:53:09 PM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVD... Read more

A:generic downloader.bt -- win xp

7 more replies
Answer Match 81.48%

Last week, McAfee apparently detected a trojan on my computer. The scan logs contained the following information:

3/21/2010 2:41:40 PM Quick Scan Cannot be removed
One or more items were detected on your computer.
Detection name: Generic Downloader.x!dhy (Trojan), Generic Downloader.x!dhy (Trojan)
File: C:\WINDOWS\SYSWOW64\PACONSPE.DLL

3/21/2010 2:44:59 PM Real-Time Scan Repaired (removed)
One or more itmes were detected on your computer
Detection name: Generic Downloader.x!dhy (Trojan), (this detection name was then repeated 34 times)
Registry: C:\Windows\SysWOW64\paconspe.dll
Process: C:\Program files (x86)\Malwarebytes' Anti-Malware/mbam.exe
Process description: Malwarebytes' Anti-Malware

I have since run scans with McAfee, Ad-Aware and Malwarebytes. None of them has detected anything malicious. I ran HijackThis last night and can post that log if necessary.
My computer appears to be operating normally, but I want to confirm that I no longer have an infection.
Thanks in advance for any help.
(Edit: I am using Windows 7 Pro, 64 bit.)

A:Generic Downloader.x!dhy

Update:
I scanned the computer with ESET and it reported the following:
C:\Windows\Installer\127dcb.msi Win32/TrojanDownloader.VB.OIC trojan deleted - quarantined
I also ran SuperAntiSpyware, but it came out clean.
Please, can anyone advise what I need to do? Am I okay to use this machine now or should I still be concerned about possible infections?
Thanks.

5 more replies
Answer Match 81.48%

hello i need help,,,,i have a virus but cant remove it of comp. its called generic downloader.cits in c:\windows\system32\st3.dll. my comps runner slow loadin up anything pls help.Mod Edit: Moved topic to more appropriate forum, and resized excessive font and closed open tag. ~ Animal

A:Generic Downloader.c

Quickest solution is to post a log file of Hijack This.

2 more replies
Answer Match 81.48%

Recently AVG has been popping up showing a trojan downloader.generic.hgt on my computer. i'm not sure how to get rid of it and several other spyware/malware seem to be on my computer such as something called Look2me which windows defender keeps picking up.

Here is my hijackthis log file

Logfile of HijackThis v1.99.1
Scan saved at 7:10:04 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\regsvc.exe
C:\Program Files\TFTP Turbo\tftpt.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\defender22.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\w... Read more

A:Downloader.Generic.Hgt

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

18 more replies
Answer Match 81.48%

Hey guys,

I was here a good while back and you were able to help me out perfectly - thanks! But alas, I've a new problem. McAfee was detecting the generic downloader.ab and unable to delete it, it just kept coming back. I turned off system restore and ran a scan in safe mode and this seemed to work better, but it came back again. I had to go away for the weekend and my dad allowed one of the programs through the firewall (Microsoft MediaUpload? - bgates.exe) and now my computer is littered with phoney antivirus software and security alerts. The homepage has changed too. Here my hijack this log... any help would be greatly appreciated...

Logfile of HijackThis v1.99.1
Scan saved at 10:53:38, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system3... Read more

A:Generic Downloader .ab

Hey, I've tried ewido and spysweeper in safe mode since posting this... They detected reams of stuff, but the infection seems to be still there. Here's the latest HijackThis logfile...

Logfile of HijackThis v1.99.1
Scan saved at 14:57:01, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\... Read more

3 more replies
Answer Match 81.48%

Statistics:HP Pavilion a375c; 3.00 GHz Intel Pentium 4 with HT; 2.75 GB RAM currently installed. Microsoft Windows XP Home 2002, SP2. Automatically updated. Microsoft Internet Explorer Version 6.0.2900.2180.xpsp_sp2_gdr.070227-2254, SP2. (IE7 not used, due to incompatibility with an application on intranet for work.) Temporary Internet Files folder emptied when browser is closed. Cookies deleted frequently. History kept for 1 day. Home networked with spouse?s computer, using a NETGEAR wired router. NAT and SPI are enabled.DSL connection at 1MBps, with a local ISP.McAfee 3-User Internet Security Suite (10-in-1), with SiteAdvisor. This is the current version. All protections (except Data Backup) enabled, including real-time scanning. Firewall security setting had recently been changed from tight to standard, as there was trouble accessing certain things. Smart recommendations and startup protection enabled. Also automatically updated. Other anti-malware installed: Windows Defender, automatically updated; SpywareBlaster, Spybot Search & Destroy, and Ad-Aware SE Personal (now Ad-Aware 2007) ? all three updated 2-3 times weekly, and full scans run frequently.Infection History:The evening of 01 Feb 2008, McAfee?s real-time scanning engine automatically repaired (removed) two files, SiteAdvisor and ActiveSync, although NO alerts were seen. VirusScan DAT?s had been updated that day.The morning of 02 Feb 2008, when beginning a Google search, a McAfee alert popped u... Read more

A:Generic Downloader.af

Speedy TurtleSorry for the delay.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.

36 more replies
Answer Match 81.48%

Like many, I'm having problems with pop-ups. I've done a search on this board and maybe it's a Java update problem? Here's my Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:14 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox... Read more

A:Generic.dx Downloader BEA

11 more replies
Answer Match 81.48%

My McAfee anti-virus software is detercting a trojan caled Generic Downloader.z but it cannot clean, delete or remove it. Please advise me n how to remove it. I am using Windowns XP Profesional. Below is my HijackThis log. Thanks in advance for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:14 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\... Read more

More replies
Answer Match 81.48%

McAfee alerts me that C;\windows\system32\xlibgf1254.dll is infected with generic downloader.btt and that it cannot be deleted. I try to delete, clean, and quarantine, but none of these options will work because the file is protected (I think that is why it says it cannot be deleted).

I know practically nothing about computers, what should I do? Below is the HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 7:16:11 AM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\hkcmd.exe... Read more

A:Generic Downloader.bt

Hi cantillon,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here?s what we do first.


Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please download the Killbox by Option^Explicit and save it to your desktop.

NOTE: In the event you already have Killbox, this is a new version that I need you to download.
Please double-click Killbox.exe to run it.
From the main Killbox window, select:"Delete on Reboot".
"All Files".

Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C:

C:\windows\system32\xlibgf1254.dll

Return to Killbox, go to the "File" menu, and choose "Paste from Clipboard".
This is pasted into the "Full Path of File to Delete" field.
There?s a little arrow (drop-down arrow) next to that field. If you expand it, the lines that you pasted must be there together (if the files are present!).... Read more

1 more replies
Answer Match 80.64%

Hi all, Please could you help, I've reached the limit of my knowledge and can't fix a problem. My Wife's laptop has VIsta installed. She disabled windows update, as far as I can tell, well over a year ago. Recently the laptop has been behaving unpredictably. I use the firefox browser and periodically a new tab opens whilst I am browsing. I cannot run windows update, I get various error messages whenever I try. I've run the samsung recover software which reinstalls key files from a hidden partition, but this hasn't helped. I ran a full scan using AVG free edition. It reported several infections, most of which AVG said it removed. It couldn't remove 2 infections. This is what the AVG report said . . ."";"C:\Windows\System32\wuauclt.exe (1144):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""";"C:\Windows\System32\wuauclt.exe (1144)";"Trojan horse Agent_r.XJ";"""";"C:\Windows\explorer.exe (916):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""";"C:\Windows\explorer.exe (916)";"Trojan horse Agent_r.XJ";""I've managed to attach the ark.txt file, (EDIT)I've added the attach.txt file in a reply to this post as I was having probs getting it to work. Many thanks in advance for any help... Read more

A:generic trojan downloader and others

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

6 more replies
Answer Match 80.64%

As you can probably tell by my name, I am new at this and technically challenged. I run windows xp and use the free mcafee antivirus program. I recently received a mcafee popup indicating that I have the generic downloader.bt trojan. The first thing I did was do a system restore which was sucessful but did not get rid of the trojan. I went looking at some similar threads and couldn't really understand much of what was said. I tried to do another system restore and the computer said it could not do it. I chose another date, and it still couldn't do it. I tried downloading spybot search and destroy and it showed some things, but I didn't see this trojan and it also said that to use the program, I have to buy it. While I am not opposed to buying the program, I don't want to have to buy 5 programs in the hope that one will work.

Any help anyone can give would be greatly appreciated.
 

A:Generic Downloader.bt trojan

10 more replies
Answer Match 80.64%

I have this on my laptop and I really need help. Please help.
C:\windows\system32\xlibgfl254.dll is infected by the Generic Downloader.bt troajn
 

A:Please HELP!!! Generic Downloader.bt Trojan

16 more replies
Answer Match 80.64%

Hey guys, I recently turned on my computer and was greeted by McAfee's message about a trojan called Generic Downloader.z However, McAfee said it could not delete or quarantine the file. My computer is running alot slower and I have no idea what to do. I am home for the weekend for Thanksgiving before going back to college next week so I am hoping I can fix this as fast as possible. Thanks in advance for the help.

Here is my Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:33 AM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Expl... Read more

A:Generic Downloader.z/trojan?

14 more replies
Answer Match 80.64%

Norton never finds it, and AVG won't rid of it! Help! I REALLY need to get rid of it!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Ant... Read more

A:Trojan Generic Downloader HELP!

12 more replies
Answer Match 80.64%

I have recently managed to get a trojan virus ( trojan virus generic downloader )while using the internet, thinking i was downloading the latest version of flash player. Although i have loacated the file and deleted it, and when i run a scan on my computer it no longer picks it up, my computer is sill running quite slow and a lot of programs are not responding. At random i will start hearing vidoes playing in the background without any window being open. It usually sounds like a news channel playing in the background which repeats itself over and over. It all started when i got the virus which leads me to think they are linked.

I followed the steps you stated to do, by downloading GMER and DDS to get the necessary reports to display to you, i will attach them now

I would be very grateful if you could help me with this problem and hopefully we can resolve this issue i'm having

thanks
Conor


DDS (Ver_10-03-17.01) - NTFSx86
Run by Conor at 17:29:38.46 on 31/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.44.1033.18.959.153 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe... Read more

A:Trojan generic downloader

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

-----------------------------------------------... Read more

6 more replies
Answer Match 80.64%

Hi,
I need help please!!!
Tonight I got about 7 "Threat Detected" alerts on my AVG. The threats were trojan downloader, purifyscan and Trojan Downloader generic.
Each time I clicked on heal and it said they had been healed but I still cannot access some areas of my pc as I get a windows error saying access not authorized.

Here is my hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 00:46, on 2008-03-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Fil... Read more

More replies
Answer Match 80.64%

I've been dealing with some type of infection for a few weeks now. When I run my McAfee scan it runs smoothly until it hits about 35000 files that it has scanned and then every file after that it detects and names a detection. I've tried to let it run completely as it says it is either "quarantining" or "deleting" the files, but it would take days to let it run through every single file and complete the scan. The items that it is detecting are: Downloader-BEA (Trojan), Vundo (Trojan), Vundo.dr (Trojan), Generic.dx, and Generic Downloader.k. It started out with just the "Vundo" items which I thought I had gotten rid of. I had read another post on here an followed the directions by downloading and running the "VundoFix" program. It detected some infected files but apparently did not remove everything. Now there are even more files infected and even more types of infections that I don't recognize.

It doesn't seem to be affecting my computer too much. The only problem I'm having is with my disk drive. I can't seem to download new drivers (i.e. my printer/scanner and my external CD/DVD burner) and when I try to save anything to disk, it doesn't recognize that there is a empty disk in the drive. I don't know if this is related to the infection or not. I have considered redoing my whole computer, but I have many pictures and files that I need to save to CD before I can reconstruct my whole system.

Can anyone... Read more

A:Downloader-bea, Vundo, Generic.dx-i Can't Get Rid Of

Have you run any other scans besides McAfee?If not, I would recommend running a full system scan in Safe Mode with SuperAntiSpyware and then an Online-Scan or two:HouseCallBitDefender

2 more replies
Answer Match 80.64%

Please help. I've tried everything I know to do but am unable to get rid of the problems. McAfee keeps alerting me to generic.dx trojan and Downloader-BEA trojan. Also, winantiviruspro.com keeps trying to open up.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:10:53 AM, on 9/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\s... Read more

A:Popups, Generic.dx, And Downloader-bea

Download the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

7 more replies
Answer Match 80.64%

I've been dealing with some type of infection for a few weeks now. When I run my McAfee scan it runs smoothly until it hits about 35000 files that it has scanned and then every file after that it detects and names a detection. I've tried to let it run completely as it says it is either "quarantining" or "deleting" the files, but it would take days to let it run through every single file and complete the scan. The items that it is detecting are: Downloader-BEA (Trojan), Vundo (Trojan), Vundo.dr (Trojan), Generic.dx, and Generic Downloader.k. It started out with just the "Vundo" items which I thought I had gotten rid of. I had read another post on here an followed the directions by downloading and running the "VundoFix" program. It detected some infected files but apparently did not remove everything. Now there are even more files infected and even more types of infections that I don't recognize.

I have run other scans besides McAfee before. The scans that I've run include AdWare2007, PCPitstop Extermniate, RegCure 1.5.0.0 and XoftSypSE.

I have also run Ccleaner, scanned with Super AntiSpyware Free (in safe mode) and removed, reinstalled and scanned with the VundoFix again as someone had instructed me to do.

The results of the Super AntiSpyware Free are as follows:

Threat Detection/Detected Items

Adware.Vundo Variant (6)
Adware.Vundo-Variant/Small-A (12)
Trojan.Downloader-Gen/DDC (5)
Adware.Tracking Cookie (19)
... Read more

A:Downloader-bea, Vundo, Generic.dx-i Can't Get Rid Of

12 more replies
Answer Match 80.64%

mY OPERATING SYSTEM IS wIN xP PRO

I've updated MacFeee and have the lastest versions and Win Service pack 2

i HAVE A TROJAN NAMES gENERIC dOWNLOADER.BT

i'VE TRIED THE FOLLOWING :

i RAN A SCAN IN SAFE MODE WITH SYSTEM RETORE TURNED OFF

i HAVE mCFEE av

i'VE RAN mACFEE IN SAFE MODE

fILE IS: WINDOWS\SYSTEN32\XLIBGFL254.DLL

CAN I start system in DOS and delete this file ?
Get into correct directory and use the DEL command to delete this file ?


HERE IS MY LOG:

ComboScan v20070212.14 run by Terry Jackson on 2007-02-15 at 19:15:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis log (run as Terry Jackson.com) -----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:16:22 PM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDO... Read more

More replies
Answer Match 80.64%

I know for a fact I am infected with the Generic Downloader.g Trojan. McAfee keeps telling me the files that are infected, including jusched.exe. When it tells me that file is infected jusched.exe requests access tp the internet. Can somebody walk me through how to remove this trojan? Whenever McAfee removes all the infected files, I reboot, then its back. Here's my HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 6:03:40 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1134866458\ee\AOLSoftware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
... Read more

A:Generic Downloader.g HJT Log Incl.

Download win32delfkil.exe.
Save it on your desktop.

Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.

Close all windows then open the win32delfkil folder and double click on fix.bat. The computer will reboot automatically.

Post the contents of the log file c:\windelf.txt, along with a new HijackThis log.
 

1 more replies
Answer Match 80.64%

PLEASE HELP!!!

It appears that I have a virus called 'Trojan Generic Downloader.k' I am using McAfee Security Centre 7.1 and it detects it and tells me that it is deleting the Trojan, however when I restart my computer it is back. I am also getting some warning messages about possible un-authorized file changes or something??? There is also this icon name 'install' that keeps re-appearing on my desktop after each reboot and my firewall ends up having errors that I need to go to a Virtual Technician on McAfee website to fix. I've been reading forums for 3 days and trying everything I can find, nothing seems to be working for me. This is getting frustrating McAfee tech support forum suggested I come here and post my logfile, they said you guys were awesome... so I'm giving it a try

Thank you in advance!!!
Here is my logfile, (logfile could end up diferent after reboot??) hope someone can help me out.


Logfile of HijackThis v1.99.1
Scan saved at 6:17:41 PM, on 04/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\sts... Read more

A:Trojan Generic Downloader.k PLEASE HELP ME!!!!

Hi CaperJules,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

First of all, you didn't unzip/extract HijackThis. I strongly advise you to unzip/extract HijackThis because HijackThis will not be able to make backups when it is run from the zip folder.

How to unzip HijackThis:Right-click on the HijackThis zip folder and choose "Extract All".
An extraction wizard window will now open. Click "Next".
In the "Files will be extracted to this directory:" field, type C:\HijackThis. Then click "Next".
Click "Finish" to show your unzipped/extracted HijackThis folder. Run HijackThis.exe from here, or add a shortcut to your desktop.


NEXT:

Go to the Start menu, and click on Control Panel. Choose Add/Remove Programs and remove any of the following that are listed:

Lycos SideSearch
MySearch
MyWay
MyWay Search
MyWay Search Assistant
MyWay Speed Bar
MyWebSearch
MyWebSearch Bar
RXToolBar
Search Assistant ? MySearch
Search Assistant ? MyWebSearch
SideSearch


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

F3 - REG:win.ini: load=C:\WINDOWS\system32\fcsicgi\winlogon.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\fcsicgi\winlogon.exe
O2 - BHO: MyWebSearch Search ... Read more

8 more replies
Answer Match 80.64%

yea so i clicked a stupid youtube link and got this generic downloader virus. any help would be much appreciated. attached is the hijack log

ile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:20, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1... Read more

A:Generic Downloader Trojan!!! Please Help

bump
 

1 more replies
Answer Match 80.64%

Lately I've been getting a lot of popups and my viruscan thing keeps popping up saying it's deleted trojan vundo, generic dropper, generic downloader.
I did an online scan on window security and it picked up something called
"Trojan.Win32.Conhook.IK 41 process - high risk"
Here is my HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:43 PM, on 1/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\RunDll... Read more

A:Vundo, Generic Downloader,

10 more replies
Answer Match 80.64%

Please see Log below - my McAfee software cannot clean, quarantine or delete this trojan - please help - thanks:

Logfile of HijackThis v1.99.1
Scan saved at 12:32:19 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nhoxnl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\eqgcn.exe
C:\WINDOWS\system32\eqgcn.exe
C:\WINDOWS\system32\eqgcn.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO ... Read more

A:Generic Downloader.ab virus

Add remove programs - remove MyWebSearch - all occurences of Viewpoint

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

1 more replies
Answer Match 80.64%

I have run adaware & spybot all day long and still get popups and my home page gets hijacked. This morning I could run hijackthis, now I can't - hope you can help.I ran the following with Silentrunners:"Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Norton SystemWorks" = ""C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz" ["Symantec Corporation"]"dart cdrom" = "C:\DOCUME~1\NTValley.com\APPLIC~1\ACIDLO~1\Kind base pure.exe" [file not found]"winlogon" = "(empty string)" [file not found]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"Motive SmartBridge" = "C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" ["TELUS"]"ZkStarter" = "C:\Program Files\Zero Knowledge\TELUS Security service\starter.ex... Read more

A:Fakemsn888eta/generic.downloader.k/etc...

When you 'ran' hijack this' earlier, did it produce a log? If so, navigate to your HiJack This folder, open the log file and copy and paste the log into a new topic here: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/If it didn't save a log, try renaming HiJackThis to Analyze.exe and see if you can run the program and produce the log.After you post your log, do not make any further changes to your sytem: installing/uninstalling programs, deleting files etc. as this will make it more difficult for the HJT team to help you. If you have not had a response in 5 days, then add a response to this thread: http://www.bleepingcomputer.com/forums/topic14717.html and paste in the link to your post.Please note: if you still have not succeeded in either creating or posting an HJT log, please respond in this thread so someone can help you produce one.Orange Blossom

1 more replies
Answer Match 80.64%

running on windows vista premium home i have a log from hjt i am not too sure how long i want to be online with this disease ive got har harLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:05:40 PM, on 5/1/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Grisoft\AVG7\avgwb.... Read more

A:Trojan Downloader Generic 7.gc

oh also its so annoying but i get denied access into my most important system files , i cannot uninstall the items that caused this its awful thanks

4 more replies
Answer Match 80.64%

Several trojans keep reappearing. Any help is appreciated. I have attached my hijack log file. If I need to do anyting else let me know.

A:Generic PUP.x, FakeAlert, Downloader

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computerhttp://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.If you still need help, start by reading the directions, I posted them above for you.HijackThis will scan your system, and after it is done, Notepad will open with the log in it. In the Notepad window, click on the Edit menu and then click on the Select All menu option. All the text should now be highlighted. Click again on the Edit menu but this time click on the Copy menu option.Now post that HJT log in this topic using Add Reply and I will be glad to take a look.Thanks

2 more replies
Answer Match 80.64%

Hi, I have a Trojan that McAfee found and I cannot get rid of it.
It is Generic Downloader.b and the file is called aboxinst_int16[1].exe.
I cannot find the file anywhere, I did a search.
I have run Adaware and Spybot Search and Destroy. McAfee gives me a pop up window stating that it found the trojan but when I do a scan it says it finds nothing.

I ran Hijack this.
Should I post the log file or is there something else I should do first?
DGR
 

A:Generic Downloader.b cannot delete...help!

14 more replies
Answer Match 80.64%

Hello

McAfee is reporting the above trojan on the system but cannot delete, clean or quarantine the file.

We've not noticed any "symptoms" or problems yet but obviously would like to avoid any that may start.

Do you need any more info to be able to advise what we should do?
Thanks in advance for your help.

This is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:02, on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program File... Read more

A:Generic Downloader.z trojan

15 more replies
Answer Match 80.64%

The generic downloader.g trojan is attached to file t1157309568.dll. The location is C:\Documents and Settings\Owner\Local Settings\Temp. I've attached the hijackthis log. Thanks for the help

Logfile of HijackThis v1.99.1
Scan saved at 4:17:38 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MS... Read more

A:Generic Downloader.g Trojan

11 more replies
Answer Match 80.64%

Hi.I've have never posted to the site before so this is the first time and your help will be appreciated.I have problem with trojan horse downloader.generic.hgt.I run AVG free edition antivirus i try to fix it & it keeps coming back.Thanks.miltos




Logfile of HijackThis v1.99.1
Scan saved at 713 μμ, on 29/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Sys... Read more

A:NEW MEMBER NEEDS HELP!DOWNLOADER.GENERIC.Hgt

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *


I want to take a better look at this file

C:\WINDOWS\system32\ofwcw.exe


Please submit it at this webpage



* * * * * *


Please download & Install - FixWareout.exe

When you reach the final page of the installation process, make sure "Run fixit" is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

**Do not be alarmed if your computer takes longer than usual to load.

FixWareOut will produce a logfile, report.txt located within the C:\fixwareout folder


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido


* * * * * * FIXING ENTRIES WIT... Read more

19 more replies
Answer Match 80.64%

Hi,

My computer is for sure infected with the Downloader.Generic virus. This virus seems to be affecting the fvq.exe process. I will receive a message by windows several times "fvq.exe has encounted an error-it will now close". I have scanned with AVG and it caught it but even after removal I still receive the error. When I previously scanned with Norton, it actually scanned viruses. This sounds strange, but it showed it was scanning things like W32.Sality.U, not the files but the actual virus, but never picked it up. Not really sure where to go from here. Here is the requested information:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Shannon at 13:35:32.47 on 17/07/2010
Internet Explorer: 8.0.6001.18928
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.6142.3550 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\s... Read more

More replies
Answer Match 79.8%

I need help. I've been having trouble with my internet connection.

What do you mean that's not enough info to help?

Oh, ok.

Well, to some degree it works ok. On a good day, pages load in my browser fine, and I can even stream video. Steam logs in ok, and if everything's going well, I can use Skype and play games fine. Most days are not good days. Today, for example, Steam and Skype will sign in (just about, takes a while to try, and Skype doesn't seem to load my online contacts properly), web pages will generally load, but voice chat via Steam or Skype is impossible, and no games will connect. Other days voice will be fine, but browsing and/or games will be pretty impossible. Days when everything works perfectly are rare, but so are days when I get absolutely nothing at all (when browsing, pages will generally half load, no matter how bad stuff is).

I was running Windows Vista, I've since upgraded to Windows 7. I've had the same problem with three different routers on two different connections, and on both a USB dongle (tried a few, one was a Belkin if it's relevant) and an internal wifi card (Ralink, drivers up to date). I've tried turning off the power saving setting on the card ("allow my PC to turn this device off to save power"). Sometimes, just after making a change, it seems like I get a small improvement, but such impressions are generally fleeting and I'm guessing down to wishful thinking. Turning Windows Fir... Read more

A:Single Machine Connectivity Issues (Generic Title For a Fairly Generic Problem)

15 more replies
Answer Match 79.8%

I have got a problem with my computer, no matter how i try to get rid of these, they will not go. i am using BitDefender internet security 2009.
which fine these trojan. but when i run my trojan remover it tell me i have no trojan and my computer is free of all..? i have not notice that my computer is not playing up. but when trying to get rid of the three trojan it tells me it cannot because it is part of the system. i tryed in safe mode but it will not let me scan. but i can scan with my trojan remover, and it come up clean, some people say my computer has been kidnap and the trojan is hiding and pretending to be part of the system. the names are....Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD. with thanks Erwin

A:Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD

Hello ..I am moving this from XP to Am I Infected as it is a malware problem.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives sel... Read more

1 more replies
Answer Match 79.8%

AVG "heals" (or so it says) this virus everytime but it keeps coming back. Windows XP home edition
 

A:Trojan Horse Downloader.Generic.NON

12 more replies
Answer Match 79.8%

Has anyone found a fix for this Trojan Horse. I have looked everywhere and cant find anything on it,let alone how to fix it.
 

A:Trojan Horse Downloader Generic DRZ

10 more replies
Answer Match 79.8%

Hi, I need help getting rid of these virus please. Mcafee detected it. I am including a hijackthis log. Thank You

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:42 PM, on 2009-01-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.e... Read more

A:Trojan virus generic.dx and downloader-uah

some one help please
 

1 more replies
Answer Match 79.8%

Hi,
Would really appreciate some help. Have got this virus on my PC. I am running windows XP. This is the message log below and I'm not sure what I need to do next.
Added to this is in order to receive any e-mails I have had to remove AVG (free) to get messages.
Any help would be appreciated.
Thanks
Start Time= 30/07/2006 21:44:50.59
Running from: C:\Documents and Settings\Maureen Dineen\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

21:46:28.68

Qoologic uninstaller found and executed
Registry entries fixed
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-07-30 21:35:32 ( .D... ) "C:\Documents and Settings\Maureen Dineen\Application Data\AVG7"
2006-07-30 21:34:50 ( .D... ) "C:\Program Files\Grisoft"
2006-06-15 18:56:54 ( .D... ) "C:\Documents and Settings\Maureen Dineen\Application Data\MSN Search Toolbar"
2006-06-15 18:54:20 ( .D... ) "C:\Program Files\MSN Toolbar Suite"
2006-06-04 13:10:38 ( .D... ) "C:\Documents and Settings\Maureen Dineen\Application Data\Sonic"
2006-06-04 13:09:40 ( .D... ) "C:\Documents and Settings\Maureen Dineen\Application Data\Leadertech"
2006-06-04 11:15:04 ( .D... ) "C:\Program Files\PopCap Games"
2006-06-04 11:00:50 ( .D... ) "C:\Program Files\Zuma Deluxe"
2006-06-04 10:22:40 ( .D... ) "C:\Progra... Read more

A:Trojan Horse Downloader Generic ZIV

7 more replies
Answer Match 79.8%

AVG reported this found on 9th September but I only noticed today when the internet failed to react and I checked AVG. The internet will not work on ie and I am sending this via Firefox.

The full AVG message is:-
File: C:\WINDOWS\SYSTEM32\userinit.exe
Infection: Trojan horse Downloader.Generic10.QLN
Result: Object is whitelisted (critical/system file that should not be removed).

I have downloaded Malwarebyte from my Netbook but although it loads it will not run.

I should also mention that I am getting a Generic Host process for Win32 Services error which I understand occurs in XP service pack 2 - I have SP3 so this should not need the patch??

Can you help please.

A:Trojan Horse downloader generic 10.QLN

Hello and welcome.. Try this approach.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malw... Read more

18 more replies
Answer Match 79.8%

Hi. I was infected and since have run multiple virus scans/spyware removers, but the files keep coming back. About at the end of my wits.Logfile of HijackThis v1.99.1Scan saved at 8:14:01 PM, on 6/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Medi... Read more

A:Trojans Infected Me - Downloader.generic.4.xje Others

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

8 more replies
Answer Match 79.8%

I've done multiple scans with Ad Aware, Super Anti Spyware. AVG anti spyware, McAfee, Windows Defender, a squared free, vundo fix and McAfee stinger all in and out of safe mode. I would get done go online and and get nailed again with the same thing. So far nothing yet but lsass.exe is using a bunch of my CPU%. McAfee is always notifying me of security changes with IE if I allow the change it drops the privacy to none, allows pop ups, for changes the security setting to custom nothing. This same thing is going on with my notebook.I did this log right before I went online.Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:59 PM, on 10/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5... Read more

A:Downloader-bea, Generic.dx, Spyware-juansearch

Welcome to the BleepingComputer HijackThis Logs and Analysis forum kswgn My name is Richie and i'll be helping you to fix your problems.Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...All/Coupons.cabO16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - O20 - Winlogon Notify: byxyawx - byxyawx.dll (file missing)Exit Hijackthis.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not... Read more

15 more replies
Answer Match 79.8%

hello.PLS CAN SOMEONE REPLY QUICK

ive been told to come for assistance here by some expert from macafee. i do believe i have quiet a common trojan located in windows\system32/st3.dll which is infected by generic downloader. allthough it cannot be cleaned,or deleted.

as soon as i log on to my p.c within a minute i recieve a pop up from mcafee virus scan stating a trojan has been detected, all i want to do is get it removed, and findout that the problems ive been having with my p.c recently are linked to this trojan or not.

as instructed, i disabled systems resore, done a scan on safe mode with command prompt by typing
c:\SDAT>scan/adl/clan/report report txt/secure/program/streams/mime/mailbox/allole/rpterr/rptcor

after about an hour of scanning these were the results
Summary report on D:\*.*
File(s)
Total files: ........... 52442
Clean: ................. 52389
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 1
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0

for some reason the trojan has not been picked up, and as soon as i reboot on normal screen, the pop up detecting trojan comes again.

please can you find a way to get rid of it.
p.s i have located the file st3.dll from my p.c would it be quicker,and safer to just delete this file from my p.c hence the trojan will be deleted???

MS WINDOWS XP
HOME EDITION
VERSION 2002
SERVICE: PACK2
COMPAQ PESARIO... Read more

A:ST3.DLL generic downloader trojan.HEEELLLLP

16 more replies
Answer Match 79.8%

I have a similar problem with the above trojan as another poster on this forum. I followed the advice given to that poster and ran ATF Cleaner and Activescan. I still show three spyware programs. Here is my most recent logfile. Appreciate any help you can give me!!

Logfile of HijackThis v1.99.1
Scan saved at 7:58:36 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apex\ApexAgnt.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS\system32\INTELMAA\ccmhlp32.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\INTELMAA\ccmhelpr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\PROGRA~1\Intel\INSTAN~1\issuser.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Intel\Intel Learning Network\Mobile Player\Bin\MBLPService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Inte... Read more

A:Another computer with Generic Downloader.g Trojan

Do you have the Activescan results
 

3 more replies
Answer Match 79.8%

Trojan: Generic Downloader.c​
Hi

Now I went to get help at McAfee and I told them from the beginning My Problem, the Name of the Trojan and the File Name. So they may me do something that took me 2 days to do and When I told them it didn't work. The person ask me the name of the file, I told once again and The person send me here.

So I downloaded hijackthis. Like the person told me too. I scan it. I found it and i delete it. Then delete the back up one. But it's still on my computer. So I try delete it while it was restarting and still nothing. Please Help! I'm going crazy! It's gonna be a week my computer been like this.

The File Name: st3.dll
Trojan Name:Generic Downloader.c
 

A:Trojan: Generic Downloader.c Please Help! I'm going crazy!

16 more replies
Answer Match 79.8%

Hello every one,

seems that my time just arrive.
could you give me some help handling with this trojan Downloader.Generic.AEG ??

I'm also without task manager!!!

a curious thing is that i have installed a sp3 on my windows 2000, and hijackthis see sp2:

this hijack was made after run complete system scan of AVG antivirus professional and Ad-Aware SE personal (last version 1.06 updated)

attached a Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:07:23, on 19-06-2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\stchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Programas\Google\Gmail Notifier\gnotify.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINNT\loadqm.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programas\Grisoft\AVG Free\avgwb.dat
C:\WINNT\system32\696671.exe
C:\Programas\Internet Expl... Read more

A:Downloader.Generic.AEG trojan horse, please help!

duplicate closed

http://forums.techguy.org/t374153.html
 

1 more replies
Answer Match 79.8%

Hi
My sons computer is infected with the Trojan Downloader generic4. dem virus and infostealer. I need help I have downloaded AVG and it can not remove the virus. PLEASE HELP...

Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:07:23 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common F... Read more

A:Help...Trojan Downloader generic virus

13 more replies
Answer Match 79.8%

This issue started last week. Seems to only have an effect with my IE8. Will usually only happen with my browser when I first open IE8. After that it seems to stay quiet and will wait a substantial amount of time before trying again. The following pages open and are difficult to close, once the pages start opening.

hxxp://results.saveandcoupon.com/index.php?c=1231&ss=Tech%20Support%20Forum&nr=5

hxxp://lpgen.info/mylpgen/registry-errors-bundle/60x11684267_b0?c=60b0

hxxp://www.registrydefender.com/l/indexsg.asp?utm_medium=ctx&utm_campaign=mg1&utm_source=ron3594&utm_term=ron_113594

hxxp://www.dailyconsumerguide.com/vidlp3.php?subid=adonronvid3

hxxp://www.localpages.com/results-lp.php?ref=yp3&bcat=&place=,&sortby=relevance&cid=99995

hxxp://www.fb-survey.com/survey.php?kwd=ron_113594

hxxp://www.usadebthelp.org/0819/?mediatag=17521&kw=&click_id=27305788&sub_id=92666157_adonronexitpop

hxxp://www.kevinsmoneytree.org/ns3.php?from=j3-113594_ron_5_0&via=H-extpop

hxxp://channel1reports.com/jobs3/?from=j3-113594_ron_5_0

hxxp://www.consumernews24.com/popularnews/1/ad.php?t202id=92716&t202kw=ron_113594

hxxp://www.internetcorkboard.com/search.php?q=Adult+Dvd&txn=3191-4DA5570F

hxxp://www.registrydefender.com/l/indexsg.asp?utm_medium=ctx&utm_campaign=mg1&utm_source=ron3594&utm_term=ron_113594



DDS (Ver_10-03-17.01) - NTFSx86
Run by Scott at 018.71 on Mon 09/27/2010
Interne... Read more

A:Trojan Horse Downloader Generic 10

Hello and welcome to TSF.

If you still need help:
Please download Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
Attach it in your next reply.

Note** you may get the following warning. It is ok, just ignore it.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

14 more replies
Answer Match 79.8%

Im working on XP and yesterday I got a warning from my virus scan that it detected a trojan. Its a .dat files in my system32 folder, and it also says it also mentions a generic downloader.z in the virus scan window.

Ive been searching around on how to delete the file, but as usual it can't be because its already in use. Ive looked into the generic downloader.z thing but havent really gotten much understanding about it.

Anyways, ever since i got the alert, my computer is slowed right down. If I have trojan alert window open, then open another program or window (ex. taskmanager), the torjan seems to switch its application to whatever I just opened, then completely slowing it down to the point where it takes 5 minutes just to open the task manager. It just completely overloads my computer to run at full capacity, to the point where its to much.

If I start up my computer and immediately hit ctrl alt delete I can get it open without any problem, but from there I cant end any processes that I've read could be giving me issues. If I open any internet browsers, it shows up in the processes list, the trojan switches to the browser that I opened, but no window actually opens.

I have no idea what I can do. Pretty much everything is locked down and getting on the internet to download any virus removal programs isnt an option.

Any ideas of whats going on?

thanks for the help.

edit: the .dat file in my system 32 folder is named _c001FE60.dat if thats of any help.
 

More replies
Answer Match 79.8%

Hi, I am new to the site, so I am not sure exactly what I need to post in regards to my question. I have AVG (free version) and within the past day, it continually pops up with "Threat Detected" while opening file....the most current file it displays is C:\WINDOWS\tk58.exe Trojan horse Generic3.UNS. I heal it each time, but it keeps happening more and more frequently. Also, I am getting an ambundance of pop-ups every time I turn the computer on, even if Firefox and IE are closed. Please help! I have had this computer over 2 years and never had a problem, so this is very frustrating

Computer is a Dell Dimension E510 running Windows XP
Model Dell DM051
X86-based
x86 Family 15 Model 4 Stepping 4 GenuineIntel ~2793 Mhz

Please help, and let me know what additional info you need.

Thank you so much!
Jenny
 

More replies
Answer Match 79.8%

HiI'm fixing a friend's pc which has been infected with two trojan horses Downloader.Generic 7 and also 11.I have installed and run CCleaner, Malwarebytes Anti-Malware,, SuperAntiSpyware, updated Java Runtime (and deleted old version) and now I have the following log from HJT.Could someone please check this log to make sure I now have a clean system?ThanksCheersTeresaLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:45:37 PM, on 9/28/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Acer\Acer eConsole\MediaServerService.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Acer\Empowering Technology\eRecovery\eRAgent.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\sm56hlpr.exeC:\WINDOWS\system32\SysMonitor.exeC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\Program Files\Acer\Acer eMode Management\AspireService.exeC:\Prog... Read more

A:Trojan Horse Downloader.generic 7 And 11

Hello Teresa.J,

Welcome to Bleeping Computer

Could I please see the report you got from MBAM? It would help me determine what we need to do from here.

Thanks,
tea

31 more replies
Answer Match 79.8%

I was prompted by my McAfee protection service that I have been infected with a Trojan type "Generic Downloader .z" It would not allow me to erase it or anything and now none of my spyware/virus scans are picking this up. Is this a problem? Here is my latest Hijackthis log report. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:31:53 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\PROGRA~1\mcafee.com\mps\mscif... Read more

A:Trojan generic Downloader removal HELP!

Hello and welcome to TSF

I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

There isn't much showing in your log, so we'll try a general cleaning and see what turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

I see you have two or more Antivirus programs installed. In this case there can be too much of a good thing. Multiple AV's bog down your system and may even cause crashes. I highly recommend you remove all but one Antivirus program using Windows Add/Remove Programs.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-MalwareInstall Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this li... Read more

4 more replies
Answer Match 79.8%

I have avg free edition, and every time I start up my computer it tells me that I have a Trojan horse Downloader.Generic.BUN., and it wont let me delete it or anything. can some one tell me how to get rid of it because every time I open an internet browser, my fire wall tells me it is trying to accecs the internet.
 

A:Trojan horse Downloader.Generic.BUN

11 more replies
Answer Match 79.8%

Hello every one,

seems that my time just arrive.
could you give me some help handling with this trojan Downloader.Generic.AEG ??

I'm also without task manager!!!

a curious thing is that i have installed a sp3 on my windows 2000, and hijackthis see sp2:

this hijack was made after run complete system scan of AVG antivirus professional and Ad-Aware SE personal (last version 1.06 updated)

attached a Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:07:23, on 19-06-2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\stchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Programas\Google\Gmail Notifier\gnotify.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINNT\loadqm.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programas\Grisoft\AVG Free\avgwb.dat
C:\WINNT\system32\696671.exe
C:\Programas\Internet Expl... Read more

A:Downloader.Generic.AEG trojan horse, please help!

7 more replies
Answer Match 79.8%

I have done all the things listed in the preperation to post on this subject and I will have bruises on my head from where I keep hitting the wall with it. When Im in ie it opens another window with porn sites and others less general on, the toolbar also seems to briefly disappear from the screen as well.Help please.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:56:37, on 02/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC: ... Read more

A:Vundo, , Generic Dowloader, Downloader - Bea

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Michelle1162My name is Richie and i'll be helping you to fix your problems.Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.If you need help,follow the info in the link below:http://russelltexas.com/malware/createhjtfolder.htmIf you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could lead to your system becoming unusable.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers.Disconnect from the Internet. Double click on combofix.exe and foll... Read more

9 more replies
Answer Match 79.8%

Logfile of HijackThis v1.99.1
Scan saved at 00:17:04, on 14/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Waktu Solat\waktusolat.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSear... Read more

A:trojan downloader generic hgt removal help

err.. i meant that i need help to remove this malware which is driving me out of my wits, as avg kept popping messages of infected files everytime i'm connected to the net.

19 more replies
Answer Match 79.8%

Hello Tech Support,

I have McAfee Security Suite installed on my computer. I received a message from McAfee that Generic Downloader had been detected. I was asked if I wanted McAfee to remove it or if I wanted to remove it manually.

I checked the box for McAfee to remove it. Right after that, I ran a complete McAfee scan of my computer. Nothing was detected.

Since I have received no further messages from McAfee and nothing was detected on the complete scan, am I safe in assuming that McAfee was able to remove it successfully?

Also, does Generic Downloader gain access to a computer through a download, or could it also access through the clicking of a link on a webpage?

Your forum is a wonderful find. I will appreciate your reply.

A:Generic Downloader Detected by McAfee

BUMP, please

2 more replies
Answer Match 79.8%

please I need help! I'm trying to get rid of this virus that appears everytime I start my computer. AVG recognies it but seems not to be able to erase it from the disk.thank you very muchLogfile of HijackThis v1.99.1Scan saved at 13:52:25, on 02/05/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Dell\Me... Read more

A:Cant Get Rid Of Trojan Horse Downloader Generic.tuc

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Security Suite it is a trial version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update ewido.http://www.ewido.net/en/download/updates/Once the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido security suite.Reboot your computer and post a new hijackthis log and the log from Ewido.

2 more replies
Answer Match 79.8%

I was looking on one of your other forums and i had the same problem as one of your members, zinc63. I was reading threw the forum and was trying to work out the virus by myself and it turns out that i am not very good at that. Anyway i now have the hijackthis, smitrem.exe, ewido anit-malware, and killbox.exe. I ran the hijackthis and i hope that you can help me from here. The AVG pops up all the time with the virus and i press heal and it doesn't and no scans i have done in safe mode with any anitvirus has caught the problem and i don't have system restore on.Thanks for the help

brian

Logfile of HijackThis v1.99.1
Scan saved at 10:19:02 PM, on 5/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Valve\Steam\Steam.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program... Read more

A:Trojan Horse Downloader.Generic.NON

16 more replies
Answer Match 79.8%

My AVG Free Antivirus keeps flagging this but can't seen to do anything with it. How do I get rid of it? Help, please.

A:Trojan Horse Downloader. Generic. We

Hello weybrewTry running AVG in Safe Mode. "How to Boot in "SAFE MODE" tutorial"Also if your using Win XP or 2000, download and scan with Ewido Anti-Malware v3.5Ewido Install and Scan Instructions

11 more replies
Answer Match 79.8%

My McAfee recently said that it found a trojan in my IE temp files that had infect Bgates[1].exe that keeps showing up as infected with the QLowZones-15. After that notice i get one that says a file in the Windows temp file has bee infected with a downloader trojan or something. I didnt note what the exact name was.



Logfile of HijackThis v1.99.1
Scan saved at 4:23:51 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program F... Read more

A:QLowZones-15 Trojan and Generic DOwnloader

Hi Lithium and welcome to TSF.

There's not a great deal showing in your log, but let?s do some cleaning and see what turns up.


You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.



Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.




Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!


Download Ewido Anti-Malware
This is a 30 day trialInstall Ewido Anti-Malware.
Double-click the icon on Desktop to launch Ewido
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the &qu... Read more

4 more replies
Answer Match 79.8%

I have been having terrible issues with my computer. I am computer stupid so be gentle with me. I run AVG free edition antivirus & I keep getting a box that says "Trojan horse Downloader.Generic.HGT. I try to fix it & it keeps coming back. What am I doing wrong? Also, I was running AOL Instant Messenger today. As soon as I logged on, it sent a message to everyone on my buddy list about wanting to put a picture of us on some website. If they clicked on it, then it gave them this virus as well. How come my virus protection did not stop this? I have included a copy of my HJT log. Any help you could provide would be greatly appreciated. Please remember, I don't know a whole lot about my computer. So whatever you may be able to explain, please do so in detail. Thanks so much, LisaM.



Logfile of HijackThis v1.99.1
Scan saved at 4:01:40 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\relocater.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Gris... Read more

A:Trojan horse Downloader.Generic.HGT

Hi LisaM and welcome to TSF.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.


If there is anything you don't understand, please ask BEFORE proceeding with the fixes.



HijackThis in Temp Folder
You are running HijackThis from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it HJT , or another name of your choice and move the HJT files to this folder. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.



Disable Microsoft Defender
Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.



Disable EwidoGuard
Please disable Ewido Security Suite's Guard, as it may hinder the removal of some entries. You can re-enable it after you're clean.Double-click the icon on Desktop to launch Ewido... Read more

1 more replies
Answer Match 79.8%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 2
RAM: 6023 Mb
Graphics Card: Intel(R) HD Graphics, -1984 Mb
Hard Drives: C: Total - 464260 MB, Free - 412166 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Windows Defender, Disabled

new here I got this trojan downloader generic that avg sees but once stops it my icons stop working and sound is gone too.

this my hijack this log

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:51:24 PM, on 4/11/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\P... Read more

More replies
Answer Match 79.8%

I tried to follow the prep guide but could not get DDS to run so tried RSIT.exe which finally gave:- Hope I have uploaded the .txt file OKLogfile of random's system information tool 1.08 (written by random/random)Run by David at 2010-09-17 18:34:02Microsoft Windows XP Home Edition Service Pack 3System drive C: has 7 GB (9%) free of 73 GBTotal RAM: 510 MB (21% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 18:36:38, on 17/09/10Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\ALWILS~... Read more

A:Trojan Horse downloader generic 10.QLN

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 79.8%

Hi all,

After AVG scanned my comp. this morning it found a virus - Trojan Horse Downloader Generic.PST, and not being very computer literate, I am turning to you experts to let me know what I'm supposed to do now! When the window popped up saying 'virus found' I didn't know if I should delete it, so I put it in the virus vault (I have no idea if that was the right thing to do). Anyway, here's more details from AVG:

File name: VTUUV.DLL
File path: C:\WINDOWS\SYSTEM
Size 34.51 KB

Can someone please advise as to the steps I should take to get rid of this? My OS is WIN98 SE. Thanks so much for any replies!
 

A:Trojan Horse Downloader Generic. PST

16 more replies
Answer Match 79.8%

I seem to have a trojan and some other problems. My whole PC is going extremly slow, and I have tried many programs and steps to get rid of AproposMedia but none can solve it. It is going so slow It makes it hard to use the internet so this has taken a long time lol. Here is my log and I cant attach so i will post my extra.txt as well:

Deckard's System Scanner v20071014.68
Run by Adam on 2008-02-20 14:31:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
100: 2008-02-20 21:33:23 UTC - RP760 - Deckard's System Scanner Restore Point
99: 2008-02-20 21:23:30 UTC - RP759 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
98: 2008-02-20 09:44:56 UTC - RP758 - Removed Software Suite
97: 2008-02-20 09:25:29 UTC - RP757 - Installed Super Ad Blocker
96: 2008-02-20 09:10:25 UTC - RP756 - Installed AVG 7.5


-- First Restore Point --
1: 2007-11-22 20:59:02 UTC - RP661 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved a... Read more

A:AproposMedia & Downloader.Generic.AW, followed 5 steps please help!

Hello goat199 and Welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. I shan't be long.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

19 more replies
Answer Match 79.8%

Hello, I am using AVG shield which picked up the virus. I am now getting popups from AVG asking me what I want to do with the virus. When I click either heal or send to vault it says an error message. I also use Spybot, Windows Defender and a few more, but AVG was the only one to pick it up. I don't know how to send a file log either I am now running Stinger and then I will download Highjack This, any other suggestions?? Thanks

A:Trojan Horse Downloader.generic

I suggest you post a HijackThis log for examination.A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.Read How to post a HijackThis Log. Please read, and follow, all directions carefully!!!Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

1 more replies
Answer Match 79.8%

Thanks to anyone who takes a look at this. My virus program keeps prompting me telling me that it can not remove this generic loader trojan it seems to be located in windows/system32dll, but I have no idea how to tell with these logs. Any help will be greatly appreciated. MY OS is windows XP Pro, and My AV is Macafee

Here is My hijack LOG:

Logfile of HijackThis v1.99.1
Scan saved at 2:14:43 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS... Read more

A:Please Help I have a generic downloader trojan problem

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

then when it has rebooted

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your... Read more

1 more replies
Answer Match 79.8%

Hi all!

I have/had been infected with the Win 32 Generic Trojan Downloader V8 as discovered initially by AVG. I cleaned this but have been warned later for other infected files (several names) every time I reboot. Windows defender has identified these infected files, as well as AVG, and cleaned them. I am also seeing that web browsing is slow and several web pages are blocked in IE and Firefox (antivirus and security related pages). The good news is bleeping computer is not blocked.

I have since installed Spy Bot S&D, HJT and MAM, but they don't seem to detect anything. AVG finds infections on reboot occasionally. I'm also having trouble updating my anti virus, MAM and Windows Defender.

Please help. How do I restore full web navigation and kill the trojan downloader?
DDS (Ver_09-06-26.01) - NTFSx86
Run by GLADYS LOMBANA at 12:43:16.30 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1394 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k... Read more

A:Infected with Win 32 Generic Trojan Downloader V8

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 79.8%

Two of these picked up following AVG scan ... but AVG says infected objects located inside the archive and cannot be healed

Kindly advise - thanks - Oldie
 

A:Trojan Horse Downloader Generic 1

9 more replies
Answer Match 79.38%

Computer Runs very slow..bit defender finds Trojan.Generic 25641 and 1)Generic Peed.Eml.Ea92)Generic.Peed.Eml.AB3)Generic.Peed.Eml.FDO4)Generic.Peed.Eml.Fad..but bit defender cant disinfect or moved these viruses...and nowadays my computer runs really slow

Deckard's System Scanner v20071014.68
Run by Bishakha on 2008-02-23 14:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-02-23 20:31:45 UTC - RP164 - Deckard's System Scanner Restore Point
51: 2008-02-23 04:52:49 UTC - RP163 - System Checkpoint
50: 2008-02-22 04:31:29 UTC - RP162 - Software Distribution Service 3.0
49: 2008-02-21 04:33:06 UTC - RP161 - Removed InterVideo DeviceService
48: 2008-02-21 04:27:18 UTC - RP160 - Removed Pando.


-- First Restore Point --
1: 2007-12-24 19:59:33 UTC - RP113 - Installed Windows XP KB899589.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-23 14:33:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE... Read more

More replies
Answer Match 79.38%

To Whom it may concern. On July 9th AVG Free Edition found the virus JS/Psyme which it was unable to heal and since then i have received numerous Trojan horse Generic 10 viruses that AVG states it healed but continue to hamper the performance of my computer. (Generic 10. BDVA, BEIA, BEWK, BAZL, BCCW, BVRB, BCQA, BCPW & Generic 7.SOQ & Agent AHMX. Im totally out of my witts here and i need some help. Thanks in advanceDeckard's System Scanner v20071014.68Run by Jean Marc McLean on 2008-07-27 11:25:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-27 15:25:32 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 23:00:59 UTC - RP3 - System Checkpoint2: 2008-07-24 03:36:00 UTC - RP2 - Software Distribution Service 3.01: 2008-07-24 01:23:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 11:31:17Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32&... Read more

A:Infected With Trojan Horse Generic 10 Bewk And Other Generic 10 Trojans

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NEXTPlease visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512

2 more replies
Answer Match 79.38%

Hello all,

McAfee keeps popping up a trojan alert every couple of minutes, and as I've watched them closely for the last few days, they seem to be the same 12 or so - over and over again. I have tried full scans using both McAfee and Spybot, and while they both indicate that they fix the problems, these trojan alerts keep showing up. My comp has become very sluggish, IE in particular.

Also, every time I restart after a scan requires it, I get the error message "Owner.exe - DLL initialization failed". I noticed that this process (Owner.exe) jumps around a bit in the task manager, especially when McAfee pops up with the alerts.

Below is my DDS. Please help!

-Jim

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:57:27.90 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2595 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\Photos... Read more

A:repeating trojan alerts - Generic rootkit, Generic!Artemis

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

14 more replies