Tech Problem Aggregator

Need help with Trojans including - artemis, generic.dx, generic dropp

Q: Need help with Trojans including - artemis, generic.dx, generic dropp

Hello, my Dell running XP (SP3) responsiveness is slowly deteriorating in last 2 weeks with symptoms including

- browser (IE7) redirects
- slow processing times (usage often pegged at 100% or several activities going on at the same time),
- OExpress and IE unable to open occasionally.
-Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i
- Also at start up an apparent MS message says "Error loading JSUSA2.DLL Specified Module not found" (this loads before Mcafee opens)

- Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also).

Thanks for your help...
**************************


DDS (Ver_10-03-17.01) - NTFSx86
Run by Robert at 9:31:27.43 on Sun 07/18/2010
Internet Explorer: 7.0.5730.13
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Apobafekute] rundll32.exe "c:\windows\JSUSA2.dll",Startup
uRun: [{3C51F750-0991-B045-CEB5-E2A59B8414A5}] "c:\documents and settings\robert\application data\odem\owmi.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Mmahifihufeho] rundll32.exe "c:\windows\irexapivehadajak.dll",Startup
dRun: [cjeilkay] c:\documents and settings\networkservice\local settings\application data\nijnfvsxt\paexqnbtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: gunnery.org\mail
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.118/FreeRealmsInstaller.cab?v=1055
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-07-15 10:41:19 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 21:43:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-03 15:41:28 0 d-----w- c:\docume~1\robert\applic~1\Sony Online Entertainment

==================== Find3M ====================

2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2001-08-22 17:15:48 245760 -c--a-w- c:\windows\inf\i386\viceo.dll
2001-08-22 17:13:38 32768 -c--a-w- c:\windows\inf\i386\Pmicro.dll
2001-08-22 17:13:30 61440 -c--a-w- c:\windows\inf\i386\gl.dll
2001-08-03 22:29:18 13824 -c--a-w- c:\windows\inf\i386\Usbscan.sys
1999-07-19 00:05:04 15716 -c--a-w- c:\windows\inf\i386\Pmxscan.sys

============= FINISH: 9:34:03.68 ===============

A: Need help with Trojans including - artemis, generic.dx, generic dropp

Hello again, obxhockeydad_1. Even though it's been almost a year since the last disinfection, which is ok, it's still a bit disheartening to see you back in the forums with another infection. Please be sure all who access the machine are taking great care when surfing the internet, opening emails, downloading files, etc...

Also, IE7 is not as secure as IE8. IE should be updated once the machine is clean.

I'd like to try to get a log from GMER rootkit scanner.

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you still have troubles, try running the scan in Safe Mode.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

If you still have troubles, run the scan with ONLY the Sections and C drive boxes ticked.



Click the image to enlarge it

19 more replies
Answer Match 130.5%

Hello, PC responsiveness is slowly deteriorating in last 2 weeks with symptoms including - browser (IE7) redirects- slow processing times (usage often pegged at 100% or several activities going on at the same time), - OExpress and IE unable to open occasionally. -Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i- Also at start up an apparent MS message says "Error loading JSUSA2.DLL Specified Module not found" (this loads before Mcafee opens)- Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also).Thanks for your help...DDS (Ver_10-03-17.01) - NTFSx86 Run by Robert at 9:31:27.43 on Sun 07/18/2010Internet Explorer: 7.0.5730.13AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://my.yahoo.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae06... Read more

A:Need help removing stubborn Trojans - artemis, generic.dx, generic dropp

Today another symptom: mcafee identified a buffer overflow in c:\windows\system32\svchost.exe at the same time that a host process error occurred... screen shot of all message alerts are attached. system is detriorating with frequent blue screens while rnning a virus scan or logger (ie MalwareBytes and gmer) I would appreciate a quick response if possible so I can get this one and only family pc up and running again. Thank you.

3 more replies
Answer Match 87.3%

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

2 more replies
Answer Match 81%

Hello all,

McAfee keeps popping up a trojan alert every couple of minutes, and as I've watched them closely for the last few days, they seem to be the same 12 or so - over and over again. I have tried full scans using both McAfee and Spybot, and while they both indicate that they fix the problems, these trojan alerts keep showing up. My comp has become very sluggish, IE in particular.

Also, every time I restart after a scan requires it, I get the error message "Owner.exe - DLL initialization failed". I noticed that this process (Owner.exe) jumps around a bit in the task manager, especially when McAfee pops up with the alerts.

Below is my DDS. Please help!

-Jim

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:57:27.90 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2595 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\Photos... Read more

A:repeating trojan alerts - Generic rootkit, Generic!Artemis

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

14 more replies
Answer Match 80.1%

Hi there Tech Support Guru! my computer has been invaded by these three trojans: generic!Artemis, generic.dx and generic rootkit.w

At least, that's what McAfee is telling me.

I am using Windows XP pro

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:47 PM, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Prog... Read more

A:Please help! Generic!Artemis, generix.dx and generic rootkit.w have invaded

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far
 

2 more replies
Answer Match 80.1%

McAfee found those files and I wondering if they are slowing down my computer. I am also having problems removing programs and installing Microsoft security updates. When ever I try to remove certain programs I get a message that says, "This installation is forbidden by system policy. Contact your system administrator." My computer is a stand alone and I have admin privileges . Here is my log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:38 PM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicen... Read more

A:Help removing Generic!Artemis, MK Recorder, and Generic Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 102.9%

Hello, my name is Jack and I am running Win7 running McAfee Total Protection. There are a series of McAfee popups that continue to pop up on my screen stating that "McAfee detected and automatically removed a Trojan from your PC. No further action is required." The popup then closes and another one pops up a little while later stating the same thing for another trojan. This continuously goes on throughout the day repeating for each trojan. The three trojans it states are ZeroAccess, Artemis!B1F9817F6CA5, and Generic.dx!b2qj. Any help would be appreciated. I have followed the instructions in the prep guide. see below for results. As i am running 64 bit, i skipped the GMER per the instructions.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Karford at 12:24:17 on 2012-07-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6048 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLau... Read more

A:Infected with Trojans (ZeroAccess ZeroAccess, Artemis!B1F9817F6CA5, Generic.dx!b2qj)

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

3 more replies
Answer Match 101.64%

Hello, my husband's computer seemed to contract quite a few trojans lately according to AVG free. I tried to use it to get rid of them, but I just wanted to check if it had done the job and if there is anything still lingering. Also I would like to prevent thhese infections happening again, as it seems a bit weird to me to have 5 different trojans at once. Can anyone say how the following trojans managed to download?

In temp folder: trojan horse generic 14.ABXY & trojan horse SHeur2.APYR

In system volume information _restore: trojan horse Downloader Generic 8.BJPU & another 14.ABXY

In temp internet files: trojan horse generic 13.BUBK

Thanks a lot for your time and please let me know if you need anymore info!! I appreciate it

DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gerard Sabapathy at 21:40:44.50 on 25/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.319.64 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin&... Read more

A:Trying to get rid of trojans generic 14.ABXY, SHeur2.APYR, Downloader Generic 8.BJPU

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 101.22%

To Whom it may concern. On July 9th AVG Free Edition found the virus JS/Psyme which it was unable to heal and since then i have received numerous Trojan horse Generic 10 viruses that AVG states it healed but continue to hamper the performance of my computer. (Generic 10. BDVA, BEIA, BEWK, BAZL, BCCW, BVRB, BCQA, BCPW & Generic 7.SOQ & Agent AHMX. Im totally out of my witts here and i need some help. Thanks in advanceDeckard's System Scanner v20071014.68Run by Jean Marc McLean on 2008-07-27 11:25:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-27 15:25:32 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 23:00:59 UTC - RP3 - System Checkpoint2: 2008-07-24 03:36:00 UTC - RP2 - Software Distribution Service 3.01: 2008-07-24 01:23:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 11:31:17Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32&... Read more

A:Infected With Trojan Horse Generic 10 Bewk And Other Generic 10 Trojans

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NEXTPlease visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512

2 more replies
Answer Match 100.38%

Have Compaq Presario CQ56 laptop running Win7 64bit. I use Norton thru my ISP and so far so good until a few days ago! Norton popped a box saying it had detected a problem and when I expanded the box it showed 3 trojans and only 1 removed. It then began popping up a box telling me to reboot so it could make the needed fix and I did but it didn't I downloaded Housecalls and the scan found nothing. Next I tried AVG and that scan found nothing! Now I can't even get on the web or open any desktop icons.... I get a pop-up stating "There was a problem sending the command to the program" and it refuses to do anything. I can't run any of the diagnostics posted on the self help instructions above... I need HELP Please!!! Thanks,
Jan
 

A:TROJANS: Generic dxlb2rms and Generic Backdoor!1sw - NEED HELP TO REMOVE PLEASE!!!

Please don't forget this post.... I really need help! THANKS!
 

1 more replies
Answer Match 94.08%

Hi, McAfee says I have a Generic Artemis virus and can't get it all out. computer is slow but otherwise seems ok. Can any one help. I have a log from hijackthis.
Thanks,
Jackie

A:Generic Artemis

I am moving this topic which does not contain any logs from the HiJack This forum to the Am I Infected forum.

Orange Blossom

1 more replies
Answer Match 94.08%

DDS (Ver_09-01-19.01) - NTFSx86 Run by MKW at 22:43:43.92 on Fri 01/30/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.151 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\snmp.exeC:\... Read more

A:Generic!Artemis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

4 more replies
Answer Match 94.08%

I can't seem to get rid of these two viruses. I guess they're the same, since everything I look up about them links them together. I can go months without seeing another one pop up, I guess it could be a reinfection but just to be safe. I feel it's important to note that the gmer scan came out with nothing on it. And that when I went to scan, all of the boxes to check were grayed out except for services, registry, files, c, and ads so i couldn't match the screenshot. It won't me upload the notepad from gmer because there's nothing in it.DDS (Ver_10-03-17.01) - NTFSX64 Run by Taylor at 1:33:51.31 on Mon 04/05/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.5886.4491 [GMT -5:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\... Read more

A:Generic!/Artemis

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

7 more replies
Answer Match 94.08%

hi guys...
have mcafee...it won't remove it
malwarebytes...won't remove it
don't know if highjackthis has found it and don't know how to use it either

A:Name: Generic!Artemis

You will need the guidance of the HJT team to clean this.Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to you... Read more

1 more replies
Answer Match 94.08%

I'm having a problem with pop-ups. I have ran CCleaner, superantispyware, Malware Bytes, and McAfee and nothing seems to be getting rid of this. They each keep finding it but can't seem to completely get rid of it. Any help on this would be GREATLY appreciated. Thanks

More replies
Answer Match 93.24%

Help requested. My dell inspirion has run smoothly for the last 5 years.

10-15-09 mcafee flagged generic.dx!fvx (trojan) and said it repaired it.

Next - RUNDLL errors started popping up "error loading C:\DOCUME~\MATTRE~1\LOCALS~1\Temp\6E.tmp

continued mcafee flags for generic and then on 10-16-09 a new one: Atemis!22AD3C7B57EA

three more flags for generic then Vundo!dj (trojan) was flagged.

all these were reported to be quarantined and repaired by mcafee. During this time i ran three full scans with Mcafee which took about 18 hours each. There were 7 files detected and 5 quarantined the first time. 1 file detected 1 file quarantined the second time. these were generic and vundo files.

meanwhile i started getting pop ups in miscrosoft IE. I NEVER use IE. i am a firefox user. the weebpages that popped up were all for virus software. here are some of the links. that have come up while i have been typing this.

http://media2.tmlatn.com/images/defaults41/approved/404.html
http://media2.tmlatn.com/images/defaults41/approved/404.html
http://www.pcsecurityshield.com/lp/shield-deluxe-5.aspx?trk=WTK&affid=541
http://www.nexplore.com/search.html#pid=aon-pop1&query=computer&source=111211

At first - the RUNDLL error would immediately pop up when i logged in to my XP account. When i logged in to my wifes, there were no errors and no pop ups - for about 24 hours. Then my wifes account started getting errors, the mcaffee scans had not solved the problem and i star... Read more

More replies
Answer Match 93.24%

How do I get rid of these two viruses?
I've tried everything and nothing works...
McAfee won't do it nor will Malwarebytes...

email: [email protected]

Hi, I read up a little and found you needed a "hijackthis" log. I came back to post it here. I hope this is o.k. Learning rules as I go. My computer has other issues also but this will do for now... "generic pup.x" & "Artemus virus"
========================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:34:32 AM, on 11/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files... Read more

More replies
Answer Match 93.24%

My Mcafee says it can't be removed. Google points me here with a HJT log.
Random windows popup while online, not normal popups that can be blocked..
Thinkpad w XP sp2
Thanks for any help...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:09 PM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:... Read more

More replies
Answer Match 93.24%

Hello,

I have a Dell Inspiron 600m Laptop with Windows XP. I had McAfee installed and real time protection enabled but out of the blue got a message from McAfee saying that it had blocked and removed a Trojan.
The original name of the Trojan was Generic!Artemis.

After this happened I could not scan with McAfee any longer and all the graphics in the software are missing.

I did some research and did the following:

1 ) Scanned with Malwarebytes
This scan took about 8 hours and found several trojans and worms which it removed and some items were supposed to remove on reboot.
To make sure everything was gone I ran the scan again. This time only about 3 hours but some items were back again with different names then before.

2) After this I scanned with Adaware and it found more items and removed them.

3) A third scan with Malwarebytes made it clear that the item was just renaming itself every time and always manages to come back.

4) I called a friend and he said I needed to run the scanners in Safemode after turning off system restore.
So I did that and this time it seemed that Malwarebytes and Adaware were able to catch everything.
I also ran Registry Mechanic which found about 100 problems and fixed them.

5) After reboot I went to the F-Secure site to run an online scan and all my graphics in Internet Explorer are not displaying anymore. Both browsers IE and Firefox are running painfully slow and when I click on a link in Google it sometimes directs me to a totally dif... Read more

A:Generic!Artemis Trojan

Hello,
I know, you're not supposed to bump your topic but I posted on Sunday and I see that people who just posted yesterday are already getting replies, so I thought my topic might have been overlooked.
Thank you for your help.
Bea and Rob

3 more replies
Answer Match 93.24%

Hi, useing Windows vista, IE7
I've done a scan using McAfee and it found Generic Artemis trojan and it says it cannot be deleted
I've noticed my keyboard is typeing erratic and missing random letters out.
I've d/l Hijack this and the log is below'

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:36, on 08/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Brenda\AppData\Local\kewis.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Pro... Read more

A:Help removeing Generic Artemis

Hi All,
I managed to get rid of this trojan useing Malwarebytes so problem now solved.
 

1 more replies
Answer Match 93.24%

This problem began after my grandkids were introduced to my computer. (at this time Windows Defender would open, but was not enabled for some reason)
They have downloaded many different kid's games and I have noticed new toolbars showing up over time (AIM toolbar, Google, Yahoo, MyWebSearch).

I have uninstalled the MyWebSearch toolbar and all of the "extra" programs/Toolbars that the kiddos downloaded/installed.

I have installed a new version of McAfee (SecurityCenter SE from AOL) which found four files associated with MyWebSearch and Generic!Artemis virus. McAfee quarrantined these files.
After the McAfee fix, Windows Defender will not open, or reinstall. It also does not appear in the add/uninstall programs screen for me to uninstall it. I tried the three steps that Microsoft recommends to reinstall Defender, but none worked.
McAfee does not find any more issues after running a complete scan.
Lastly, the AIM toolbar reappeared in IE without prompting.

The fact that Windows Defender does not run is my concern at this point. I am not really sure if there is something looming, but this just does not sit right with me.

Thanks for your help!
DDS (Ver_09-06-26.01) - NTFSx86
Run by Bud at 21:42:42.82 on Mon 07/27/2009
Internet Explorer: 7.0.6000.16851
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.894.86 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusSca... Read more

A:Generic!Artemis and other issues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 93.24%

Hi thereI have just bought a Toshiba Satellite Pro L300 and ran a scan on it the other day and a virus appeared known as Generic!Artemis. I have McAfee installed on my laptop and when I ran the scan it wasnt able to remove it completely. Please see scan results below. Hope ye can help!roccoforteDDS (Ver_09-02-01.01) - NTFSx86 Run by Sinead at 22:03:50.98 on 25/02/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.353.1033.18.1915.951 [GMT 0:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\... Read more

A:Infected with Generic!Artemis

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 93.24%

Its Trojan that has attached itself to one of my game files and every time excute the program it pops up and gives me a false positive.

I just registered today, i ran the scan i got the reports i need so where do i go from here?

Thanks for your help in advance!
~Syn
*********************************************


Heres my DDS.txt


DDS (Ver_09-01-07.01) - NTFSx86
Run by Dean at 23:05:29.89 on Thu 01/15/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1897 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Pr... Read more

A:I have a Generic!Artemis problem

Mcaffe caught it by the way

1 more replies
Answer Match 93.24%

I have comcast and their version of mcafee. It ran an automatic scan and detected 3 items. One of which is the 'Generic!Artemis'. I could not find what the other 2 were so I suppose they are registry keys from the Generic Artemis as mcafee was unable to completely remove the virus. Please help me with this issue. Below is the HJT log that was run after the failed attempt to remove by mcafee. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:42 PM, on 1/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStu... Read more

A:Generic!Artemis please help me remove it

Its been over a week with no reply, so I am bumping in hopes of help. Thank you.
 

3 more replies
Answer Match 93.24%

Dear Tech Support People

I have a problem with a trojan, which mcafee detects but cannot remove.

It is now under quarantine after a mcafee-scan. Mcafee says that it is a trojan with the name "generic! artemis". And it shows the following name:

C:\WINDOWS\SYSTEM32\DIGIWET.DLL

My Computer showd the mcafee-Security-Alert every few Minutes. And it is very slow now.

I did the recommended scans. I post the dds.txt followingly and I attache the attach.zip conataining Attach.txt and ARK.txt

Thank you in advance for your help. I appreciate it highly.
Thom


DDS (Ver_09-03-16.01) - NTFSx86
Run by Thomas at 22:15:23.45 on 18.04.2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.524 [GMT 2:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\McAfee.com\Agent\mcagent.exe
C:... Read more

A:Trojan Generic! Artemis

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

... Read more

13 more replies
Answer Match 91.98%

Okay, so recently whenever I run any exe. file, a McAfee popup comes up, saying that it has quarantined the file where the Generic!Artemis is, and I always delete the file through McAfee. However, when I run another exe. the same notification comes up, with Generic!Artemis in a different file. I can't seem to find the files by hand, I can only find them in McAfee. Have Vista Basic, the trojan is always found in C:\Windows\Temp\MAP#### with a random number every time. So I have no idea how to permanently delete the trojan.Logfile of random's system information tool 1.04 (written by random/random)Run by Serena at 2008-12-03 22:37:08Microsoft? Windows Vista? Home Basic System drive C: has 33 GB (44%) free of 75 GBTotal RAM: 1014 MB (33% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:37:33 PM, on 12/3/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16757)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\ltmoh\ltmoh.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Program Files\Synaptics\SynTP\SynToshiba.exeC:\Windows\system32\taskeng.exec:\PROGRA~1\mcafee.... Read more

A:Infected with Generic!Artemis Trojan

Uh... bump? Not sure if it helps.. :P

28 more replies
Answer Match 91.98%

Was infected with multiple virus, trogans and back doors
Have run McAfee antivirus, Malwarebyte's pro, Stinger, and Mcaffe says it cannot remove "generic!Artemis"
It was located in blstoolbar folder in program foler. C drive.
renamed it blstoolbar1.
the uninstall does not work and it doesn't show up in ad/remove programs list.
My computer is running much cleaner, but I wonder if I'm still infected.
Can anyone Please Help?

I'm going to College in Computer Information Systems, and have some self learned skills.

i've used your services before and would like to continue learning the art of Security and Threat removal.

Tahnk you for all your help guys.
your wonderful!!!!

Beverly

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Owner at 14:07:51.70 on Sat 02/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.156 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hps... Read more

A:Mcafee says cannot remove Generic!Artemis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 91.98%

Greetings All!

Yesterday McAfee updated and then this morning I wake up to a potentially unwanted program. Mcafee lists it as Generic!Artelis. I am wondering if this might be a false positive based on the heuristics scan. McAfee says the problem is:

File Name: C:\System Volume Information\_restore {4e015214-6BB0-4181-B365-456CF1DEC069}\RP110\A0020916.DLL

The location of the infected file is what is making me think this might be a false positive.

Anyone have any ideas? How can I confirm if this is a real problem or not.

Thanks for the help!

RU42

A:new Mcafee hit on Generic!Artemis; real or not

That file is in your system restore. Let's flush that and then scan again.Create a New Restore Point[/b] to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok"Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" Tab.Click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are y... Read more

3 more replies
Answer Match 91.98%

I have McAfee Internet Security 2009 installed on my computer and about 1 weeks ago while running McAfee updates I got a pop up stating that it detected Generic!Artemis on my computer and it is not able to remove this. Can anybody help me on getting rid of this thing?
Thanks Claudio
-----------------------------------------------
-----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.59.42, on 06/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\Programmi\McAfee\MSK\MskSrver.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\S3apphk.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Programmi\Real Alternative\Update_OB\realsched.exe
C:\Programm... Read more

More replies
Answer Match 91.98%

I almost dont even know where to start......I have a Dell Laptop, run the latest version on McAfee 12-and-1 plus Site Advisor .....update manually daily and automatically....scan daily for viruses. Sunday I started getting very authentic looking pop ups saying I had a security problem and needed to down load Virus Remover 2009....didnt do it of course, because I figured it was a scam. I used SmitFraud Fx which usually "kills" what ever I have. Didn't work this time....did a little research and downloaded Malwarebytes...the first time I ran it I had 485 infected files!!!!! Most were Adware this or Spyware that....a few said Trojan something or another.....(NOT SURE WHAT MCAFEE IS DOING BUT IT ISNT CATCHING THESE PROBLEMS!!!) I still had the same problems....some of the things I see when I get the pop ups are: vivaldinarut, desktoprepairpackage, VirusRemover2009, aol search OOPS! cant find skfjkhcdcsh.com%2f, scanaonline, removethreats.com, removes spyware, and my computer online spyware.......I ran smithfraud fx and Malwarebytes a few more times....malwarebytes came up with 2 Trojan viruses that it said it quarantined.....I get a pop up from "mcAfee" that says a "Trojan was found but could not be quarantined...shut down and restart".....tried that a few times, made no difference so I figured it wasnt real.......I ran McAfee scan several times.....always came up as no infection or problems found until the ver... Read more

More replies
Answer Match 91.98%

Hello,I just received a warning message from McAfee saying they'd detected a programme called Generic!Artemis. It's located on the C:Drive under my downloads in the SetUp file. When trying to remove it, the following message appeared: The potentially unwanted programme cannot be removed. Something about maybe being linked to a bundle.So far we haven't really noticed many problems with the computer, except that it runs quite slowly and sometimes it just freezes and doen't allow us to open any programs. Also we often get an error message about the synopsis touch pad not working, whatever that means. I would kindly ask for your help in resolving this as it's proving more persistant than expected! Thanks so much!!Here's the DDS Log:DDS (Ver_09-02-01.01) - NTFSx86 Run by Vicky at 19:14:24.74 on 26/02/2009Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.1789.731 [GMT -8:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost... Read more

A:Generic!Artemis Virus Detected

Hello ConfusedComputerUser,Artemis is something McAfee uses in its detections. What you're experiencing is most likely a false positive from McAfee. Can you please post for me the file(s) it's flagging so we can be sure?We can do a couple of scans after that, if you like, to be sure your system is all right. Regards,tea

10 more replies
Answer Match 91.14%

I have had this problem for a week now. I have a Mcafee software installed by the way. Before this happened, my lil brother accidentally approved the prompt from mcafee if you will "allow change" (something like that) for the computer. he was downloading an mp3 converter so without reading the details he just pressed allow. So the Generic!Artemis was added on the "trusted" list. 2 days later while using the PC i noticed the mouse pointer would always go haywire after every 3mins opening windows clicking on items on the computer without me moving it. I figured it was a virus because i had a trojan on my pc before (had it fixed and did a reformat) and it was the same symptom. so i checked my Mcafee log and saw the Generic!Artemis allow change that happened. I quickly removed it from the trusted list and did a scan. It came up with zero viruses/malware etc. found. Still, the mouse pointer was doing the same thing. so i asked for help at the Mcafee tech support. they wanted me to pay for help. i went to their forums and found a lot of posts recently about this problem. They had a basic procedure. download malwarebytes and scan the pc. So i did.After almost 3 hours it has removed one file with a trojan. here is the log:Malwarebytes' Anti-Malware 1.34Database version: 1765Windows 5.1.2600 Service Pack 22/16/2009 11:07:31 PMmbam-log-2009-02-16 (23-07-31).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 167987Time elapsed: 2 hour(s), 15 minute(... Read more

A:Cannot remove Generic!Artemis (hijack log inside)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 91.14%

McAfee instruction said that it detected Generic!Artemis trojan, couldn't be quarantined or deleted, to restart computer and perform a full scan. I clicked on the more info and McAfee hackerwatch had this:

No Program Data
HackerWatch is unable to provide information about this program.

File Information

File Name: PE4.3.9014.12592.exe
File Size: 12023910
File Path: C:\Users\Bram\Downloads\
Version:
First seen: 1/22/2009

I ran the virus scan and McAfee reported a clean scan, but after doing some research on this baby, I thought that some pro's need to go over an HJT log for me to be comfortable about this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:34 PM, on 2/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\IEUser.e... Read more

More replies
Answer Match 91.14%

stinger stand alone scanner found the Generic!Artemis virus and cant remove it.I have the path of the virus ..and know that 4 files are infected.It is loccated in Winsxs backup. what do i have to do to get rid of this ? Any help is much appreciated...thank you

A:i am infected with the generic!artemis virus [Moved]

I am moving this from the Vista forum to the Am I Infected forum where folks can address this issue.

Orange Blossom

2 more replies
Answer Match 91.14%

Referred here from: http://www.bleepingcomputer.com/forums/t/204691/huntbar/ ~ OBMy computer has Huntbar, Traffic Syndicate/Hu and Generic!ArtemisHave run all of the following by recommendation of moderator on "Am I Infected" ForumMalwarebytes Anti Malware - posted logAFT CleanerSuperAntiSpyware.exe - posted logDr. Web Cure It - posted logI am runing McAfee Anti Virus and Spybot. After downloading all of the above McAfee continues to detect Traffic Syndicate/Hu and Generic!Artemis but cannot delete it. Spybot detects Huntbar but cannot delete it.DDS LogDDS (Ver_09-02-01.01) - NTFSx86 Run by Mary Ann Roper at 23:39:52.65 on Tue 02/24/2009Internet Explorer: 6.0.2800.1106Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.511.209 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysm... Read more

A:Huntbar Traffic Syndicate/Hu Generic!Artemis

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

31 more replies
Answer Match 91.14%

McAfee can't clean something called Generic Artemis on my computer. Please help me remove this malware/virus.
 

More replies
Answer Match 90.3%

I've contacted McAfee support, and they said I'll have to do the FEE BASED support to remove the virus. Initially, a few weeks ago, when I would search on the internet, I would be redirected to another site, but could click on the back arrow, and it would usually take me to where I wanted to go. Last night, a pop up with McAfee stated it blocked the generic artemis virus and then I got booted off the internet. I can't search at all without that happening, in fact I can't search at all, or paste addresses in the tool bar...I get booted off!

I ran a full scan, and nothing was found with my McAfee. Also, it says I'm protected in their start up screen..I'm running Windows XP Home Edition. HELP!!!!

Is going through McAfee support the only answer?

A:Generic Artemis Virus - McAfee doesn't detect

Hi,We can try some things else first. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner scre... Read more

7 more replies
Answer Match 90.3%

At direction of person at Mcafee Forum am posting on this site. I am running a XP Home SP3 OS, 3 GHz Pentium 4 with 1 Gb of RAM. Several folks in the family use the computer so there are multiple user identities.

My problem started with fake antivirus alerts. I was unable to run Mcafee Scanner (Mcafee Security Suite provided through Cox) to address the problem, receiving the message: "Scanning has encountered a problem from which it cannot recover. Here are the problem details: Error starting On Demand Scanner..." In addition to this continuing problem, Mcafee has stopped downloading new updates and is unable to fix protection issues. Window updates will also not install.

I then tried to run Malwarebytes and received the message: Windows cannot access the specified device, path, or file name. You may not have the appropriate permissions to access the item.

I tried to clean the problem with several solutions (ran mcafee dat in safe mode via command prompt, pc tools spyware doctor). Was able to identify several viruses/trojans - artemis variants and generic!. Cleaned them and the false alerts have stopped. Some of the Artemis trojan variants were: 8EDF22713248, 651F9773F2B1, 64DC19DC6B8F, FF988D561313.

However, problem with Google search redirection continued. When I tried to download Microsoft's Malicious Software removal tool, IE 8 stopped working. I uninstalled and then attempted to download and reinstall IE8 from Microsoft. It seems like it downloa... Read more

A:Generic, Artemis, Antivirus 2010 - Programs won't execute

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

19 more replies
Answer Match 89.04%

A few days ago I noticed that my computer was running slowly. I checked the task manager and it was running at 100%. I realized someone else was using my computer. Checked user accounts and sure enough, there was a user I didn't set up. I deleted the user but it seems I was unable to delete all that user
s files.

I uninstalled and reinstalled mcafee three or four times and got a scan that said I had Generic!Artemis and that it was quarantined (this after I had used their platinum virus removal service).

Since then in removing mcafee I have noticed that some of the files were locked by a user and could not be removed. Also when I boot up McAfee indicated that I am not protected. The same registry key for the spam blocker is corrupted every time. This is still occurfing

I am sure there are remnents of that user stilll on my computer and I don't know how to get rid of them.

The trojan, I'm not so sure about. I've heard it's hard to get rid of.

Is there another way to see who the users are on the computer besides going to "Users" in the control panel? How can I get rid of this user's files? And how can I be sure that the trojan has been quarantined?

I would attach two screen shots but they are word documents and I don't know how to attach or upload those.

A:Generic!Artemis - Can't remove user - McAfee files locked

Hello here's how to post a shot and if you can run these and post the log.Inserting An Image Within A PostNext run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be as... Read more

3 more replies
Answer Match 86.52%

My computer is running slow and I have taken all the steps i can to remove viruses but still have ones on my computer. Can anyone help??????????? I was told earlier by someone to close system restore before doing any of this.DDS (Ver_10-03-17.01) - NTFSx86 Run by catherine at 18:32:09.25 on 06/09/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3068.1079 [GMT 1:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\rundll32.exeC:\Win... Read more

A:various virus infection, including trojan generic

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 80.64%

MY ORIGINAL POST IS IN THE WRONG SECTION> I APOLOGIZE!My pride has been in the way of asking for help in situations like this, but I think I am in way over my head, so here goes:I have been infected with multiple trojans and malware, including:Trojan.TDSSTrojan.Vundo.HTrojan.VirtumondeTrojan.VundoGeneric!artemisTrojan.FakeAlertTrojan.SenekaMalware.TraceTrojan.AgentSpyware.OnlineGamesand most recently: generic!artemisI have used multiple scanner programs: Malwarebytes Malware. Windows Defender, Spyware Doctor, Norton Corporate Anti-virus 10.0.0.359, and Lavasoft Adware 2007 AND 2008. I uninstalled Symantec Norton Anti-virus Corperate, and installed AVG, and ran it in safemode, and it had a ton of virus that it detected. I then removed AVG after it was done, and reinstalled Symantec Norton Coperate Anti-virus.I also used Vundofix to rid myself of the Vundo.I think I have finally gotten rid of vundo(I pray I did...really NASTY virus), and most of the other virii, but I just recently (for safety sake) scanned my pc using Mcaffee Stinger, and I have the generic!artemis virus. I have no idea the damage that has been done to my pc, but It is running terrible, and My anti-virus has crapped out a couple of times during a scheduled scan. Most of the time I cannot do a scheduled scan, as it hangs up.When I was infected with the Vundo Virus, It screwed up my registry and did some really nasty damage to my winsock files. I had someone look at it, and they had me run Fix... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

Actually it is in the correct forum for HJT logsI will close this thread and leave the other one intact

1 more replies
Answer Match 80.64%

My pride has been in the way of asking for help in situations like this, but I think I am in way over my head, so here goes:I have been infected with multiple trojans and malware, including:Trojan.TDSSTrojan.Vundo.HTrojan.VirtumondeTrojan.VundoGeneric!artemisTrojan.FakeAlertTrojan.SenekaMalware.TraceTrojan.AgentSpyware.OnlineGamesand most recently: generic!artemisI have used multiple scanner programs: Malwarebytes Malware. Windows Defender, Spyware Doctor, Norton Corporate Anti-virus 10.0.0.359, and Lavasoft Adware 2007 AND 2008. I uninstalled Symantec Norton Anti-virus Corperate, and installed AVG, and ran it in safemode, and it had a ton of virus that it detected. I then removed AVG after it was done, and reinstalled Symantec Norton Coperate Anti-virus.I also used Vundofix to rid myself of the Vundo.I think I have finally gotten rid of vundo(I pray I did...really NASTY virus), and most of the other virii, but I just recently (for safety sake) scanned my pc using Mcaffee Stinger, and I have the generic!artemis virus. I have no idea the damage that has been done to my pc, but It is running terrible, and My anti-virus has crapped out a couple of times during a scheduled scan. Most of the time I cannot do a scheduled scan, as it hangs up.When I was infected with the Vundo Virus, It screwed up my registry and did some really nasty damage to my winsock files. I had someone look at it, and they had me run FixVundo.exe, VundoFix.exe, and WinsockXPfix v1.01.exeI have dow... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

I don't mean to bump, but am I in the correct section to be posting this?

3 more replies
Answer Match 79.8%

Hi. Thanks in advance for the time. McAfee AV it's telling me since yesterday this message:McAfee has automatically blocked and removed a Trojan.About this TrojanDetected: Generic.dx!peb (Trojan), Generic.dx!peb (Trojan)Location: C:\WINDOWS\TEMP\eorh.tmp\svchost.exeThe eorh.tmp it's just an example. The path will be always like: C:\WINDOWS\TEMP\xxxx.tmp\svchost.exe Now it has added another trojan: McAfee has automatically blocked and removed a Trojan.About this TrojanDetected: Artemis!21CF83958DC7 (Trojan), Artemis!21CF83958DC7 (Trojan)Location: C:\WINDOWS\TEMP\hsuy.tmp\svchost.exeThis keeps appearing in like 10 minute intervals:Here it goes the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by mmondeja at 10:45:34,10 on 25-03-2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17Microsoft? Windows Vista? Business 6.0.6002.2.1252.56.3082.18.2015.769 [GMT -3:00]SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\WINDOWS\system32\wininit.exeC:\WINDOWS\system32\lsm.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\System32\svchost.exe -k CognizanceC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\system32\Ati2evxx.exeC:&... Read more

A:Infected with Generic.dx!peb (Trojan) and Artemis!21CF83958DC7 (Trojan)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

6 more replies
Answer Match 79.8%

I need help. I've been having trouble with my internet connection.

What do you mean that's not enough info to help?

Oh, ok.

Well, to some degree it works ok. On a good day, pages load in my browser fine, and I can even stream video. Steam logs in ok, and if everything's going well, I can use Skype and play games fine. Most days are not good days. Today, for example, Steam and Skype will sign in (just about, takes a while to try, and Skype doesn't seem to load my online contacts properly), web pages will generally load, but voice chat via Steam or Skype is impossible, and no games will connect. Other days voice will be fine, but browsing and/or games will be pretty impossible. Days when everything works perfectly are rare, but so are days when I get absolutely nothing at all (when browsing, pages will generally half load, no matter how bad stuff is).

I was running Windows Vista, I've since upgraded to Windows 7. I've had the same problem with three different routers on two different connections, and on both a USB dongle (tried a few, one was a Belkin if it's relevant) and an internal wifi card (Ralink, drivers up to date). I've tried turning off the power saving setting on the card ("allow my PC to turn this device off to save power"). Sometimes, just after making a change, it seems like I get a small improvement, but such impressions are generally fleeting and I'm guessing down to wishful thinking. Turning Windows Fir... Read more

A:Single Machine Connectivity Issues (Generic Title For a Fairly Generic Problem)

15 more replies
Answer Match 79.8%

I have got a problem with my computer, no matter how i try to get rid of these, they will not go. i am using BitDefender internet security 2009.
which fine these trojan. but when i run my trojan remover it tell me i have no trojan and my computer is free of all..? i have not notice that my computer is not playing up. but when trying to get rid of the three trojan it tells me it cannot because it is part of the system. i tryed in safe mode but it will not let me scan. but i can scan with my trojan remover, and it come up clean, some people say my computer has been kidnap and the trojan is hiding and pretending to be part of the system. the names are....Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD. with thanks Erwin

A:Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD

Hello ..I am moving this from XP to Am I Infected as it is a malware problem.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives sel... Read more

1 more replies
Answer Match 79.38%

Computer Runs very slow..bit defender finds Trojan.Generic 25641 and 1)Generic Peed.Eml.Ea92)Generic.Peed.Eml.AB3)Generic.Peed.Eml.FDO4)Generic.Peed.Eml.Fad..but bit defender cant disinfect or moved these viruses...and nowadays my computer runs really slow

Deckard's System Scanner v20071014.68
Run by Bishakha on 2008-02-23 14:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-02-23 20:31:45 UTC - RP164 - Deckard's System Scanner Restore Point
51: 2008-02-23 04:52:49 UTC - RP163 - System Checkpoint
50: 2008-02-22 04:31:29 UTC - RP162 - Software Distribution Service 3.0
49: 2008-02-21 04:33:06 UTC - RP161 - Removed InterVideo DeviceService
48: 2008-02-21 04:27:18 UTC - RP160 - Removed Pando.


-- First Restore Point --
1: 2007-12-24 19:59:33 UTC - RP113 - Installed Windows XP KB899589.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-23 14:33:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE... Read more

More replies
Answer Match 79.38%

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

2 more replies
Answer Match 79.38%

Successfully (??) removed SecurityTool and ThinkPoint infections on Friday using the helpful links, tools, and instructions from this website (thanks for everything so far !!) Have since installed Norton IS, to hopefuly head off further infections.However am still struggling with side effects, don't know if they're related. Am seeing frequent "Generic Host Process for Win32 Services" errors stating a need to close. Seeing effects on my XP Pro machine very similar to those reported in stumpedinhere's thread, post #2 from 20 Nov, e.g. "Symptoms: IE would open but would hang forever in "Connecting..." state for any URL. Windows Update blocked. Windows could never completely shut down itself without hanging and requiring manual poweroff." I found and downloaded the "lspfix" utility that the son-in-law used, but it found nothing.Have run assorted utilities as recommended prior to posting including Defogger, DDS, and GMER. Log files embedded and/or attached.DDS log:DDS (Ver_10-11-10.01) - NTFSx86 Run by The Berrys at 17:09:32.45 on Mon 11/22/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2124 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32... Read more

A:Fighting continued symptoms including "Generic Host Process for Win32 Services" error after removing Security Tool and...

Title was: YCemSCI.exe file on desktop what is it and how do I fix my PC? ~ OBYCemSCI.exe file showed up on my desktop on Friday 11/19. Probably not a coincidence that I also had Security Tool and ThinkPoint infections show up the same day?I got rid of those (I think) following instructions and using tools from this site (yay !!). But I'm still having issues with the machine including:- periodic "Generic Host Process for Win32 Services needs to close" errors- slow opening Internet Explorer windows, often to the point of hanging up forever in a "Connecting..." state and requiring me to reboot.I ran DDS and GMER as advised in the "Preparation Guide...", the log is below. A rootkit was indicated.From reading other posts it looks like the next thing I should do is run "TDSSKiller" ? Or should I do "mbr.exe -f" as it says at the bottom of the log? Please advise. I don't know enough about this stuff to be comfortable moving forward.Thanks.DDS log:DDS (Ver_10-11-10.01) - NTFSx86 Run by The Berrys at 17:09:32.45 on Mon 11/22/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2124 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2e... Read more

1 more replies
Answer Match 79.38%

Hey, I recently got these Trojans and when I scan my computer with Mcafee, it says that the trojans are removed.

These trojans include, Vundo, Generic.dx, and Generic Adclicker. They say that these things were repaired and removed, but I still am experiencing extreme slowness, and the same exact popup in 5 minute intervals.

I ran Mcafee, and vundofix. None of them came up with anything after my first Mcafee scan. But as I said I am still experiencing difficulties. I did an HJT log scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:58 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointServic... Read more

More replies
Answer Match 79.38%

Hi,
I need help please!!!
Tonight I got about 7 "Threat Detected" alerts on my AVG. The threats were trojan downloader, purifyscan and Trojan Downloader generic.
Each time I clicked on heal and it said they had been healed but I still cannot access some areas of my pc as I get a windows error saying access not authorized.

Here is my hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 00:46, on 2008-03-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Fil... Read more

More replies
Answer Match 79.38%

About a week ago my laptop got infected with a virus. I found this out because my college campus network kicked me off and gave me a message saying I had an IRC Bot on my computer. After running my anti-virus software (BitDefender 10) and various other applications (Spybot, AVG free virus-scanner, Webroot Spysweeper and CCleaner) I was able to uncover a couple Backdoor Trojans. However, I don't know if my laptop is completely clean or not, or if the IRC Bot is off my Laptop, hence why I am posting here.

I really appreciate what you guys do and how effective you guys are in eliminating spyware/viruses.

Here is my HijackThis Log file:


Quote:




Logfile of HijackThis v1.99.1
Scan saved at 4:13:50 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\ktp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireles... Read more

A:IRC Bot/Backdoor.Generic Trojans Help

Hi
I dont see any signs of it in your log..it looks fine.You can do a bit of a tidy up in there while your here..

Download the program Hoster

When it opens, click on the Restore Original Hosts button and then exit Hoster.


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - blank (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

2 more replies
Answer Match 79.38%

I could not get Panda Scan to complete. The scan would stop and the application would close half way through. I tried it twice. Here is my HijackThis log. Any help is greatly appreciated.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-24 07:50:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
173: 2008-03-24 13:50:10 UTC - RP173 - Deckard's System Scanner Restore Point
172: 2008-03-24 02:23:41 UTC - RP172 - Software Distribution Service 3.0
171: 2008-03-23 01:46:13 UTC - RP171 - System Checkpoint
170: 2008-03-20 00:10:30 UTC - RP170 - System Checkpoint
169: 2008-03-12 11:01:56 UTC - RP169 - Installed iTunes


-- First Restore Point --
1: 2008-03-12 05:41:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-24 07:51:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.e... Read more

More replies
Answer Match 79.38%

I have an Compaq Presario desktop with Windows XP Pro, SP3 running Symantec Endpoint Protection. Symantec Endpoint turned up a Trojan infection with a Google redirect virus sometime ago. I can't say for certain the name of trojan/virus as the logs seemed to have vanished. After running TFC (by Oldtimer), turning off system restore, and running fresh scans of Symantec Endpoint and Malwarebytes, the symptoms had gone away. However, Symantec continued to periodically pick up trojan infections which it would clean over the next several weeks. Although the risk logs are currently empty (?), in the quarantine packed.generic.325 is listed twice, in both cases the status says infected (even though it is in the quarantine). Symantec Endpoint and MBAM are not picking anything up, and there are no other symptoms. I do believe there is a rootkit buried in there somewhere due to the reoccurring trojan infections, although rootkit unhooker and tdss killer both came up clean, as did Norton Power Erase. Below is the DDS log and the attach log is well, attached. Thanks.
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by AKihara at 15:17:13 on 2011-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.462 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaun... Read more

A:packed.generic.325 and other trojans

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Answer Match 78.54%

Hi,

I have MacFee Virus Scan copy installed on my laptop. It displays virus detection and deleted messages for Generic.dx, Generic downloder.dx, and Puper Trojons in Temp folder. These messages keeps coming back.

Here is my HJT log file
=========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:34 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
C:\Program Files\Google\Common\Go... Read more

A:Generic downloder.dx, Generic.dx and Puper Trojon on my laptop

I had real time anti spyware enabled for my previous HiJackThis so now I have disabled the same and run HiJackThis again.

The new log is given below.
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:41 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateSe... Read more

1 more replies
Answer Match 78.54%

Hi. I was infected and since have run multiple virus scans/spyware removers, but the files keep coming back. About at the end of my wits.Logfile of HijackThis v1.99.1Scan saved at 8:14:01 PM, on 6/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Medi... Read more

A:Trojans Infected Me - Downloader.generic.4.xje Others

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

8 more replies
Answer Match 78.54%

Hey there,

McAfee has just Warned me about two New viruses that my computer has, however it cannot clean, quarantine or remove theses files :S.

I post my Hijackthis Log below.

Cheers James.

Logfile of HijackThis v1.99.1
Scan saved at 11:21:36, on 07/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Razer\razertra.exe
C:\Program Fil... Read more

A:Solved: Generic.dx and Downloader_BEA Trojans Help please.

15 more replies
Answer Match 78.54%

I am a college student who doesnt know too much how any of this works, but figured I would give it a try considering it cant hurt. As of yesterday I have been getting NUMORUS pop-ups from Mcafee saying that either a vundo trojan has been detected and cleaned or that (i believe it it) generic or general download.k trojan has been detected and cleaned, but when I scan all files Mcafee isnt picking up any viruses. My father told me I need to quarentine these trojans but I cant figure out how to do so since Mcafee virus scan isnt picking them up. I was reading up on others who have had the same trojan I have and many of them submitted a hijack this log. So I downloaded hijackthis and created a log myself. I am hoping that someone can help me figure out how to delete these from my system. Below I have copied and pasted what I believe to be the log from hijackthis. Can you please help me?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:13 AM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
... Read more

A:2 trojans: VUNDO and generic download.k?

Hi.
It dont look to bad...


Please download Combofix from HERE or HERE


Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

1 more replies
Answer Match 78.54%

(I moved this here from the Am I infected forum after reading the proper procedures. I will try to delete that post so I am not double-posting.)Hello all,Last Friday I clicked on something I apparently shouldn't have and all hell broke loose within 1 minute. Lots of fake spyware notices, 'click here to clean', wouldn't let me run taskmgr or my AVG Free 9. Spybot S&D going crazy...Googled these symptoms and found this thread in this board:http://www.bleepingcomputer.com/forums/lof...hp/t275495.htmlManaged to place rkill and mbam on the infected computer via remote admin file transfer from a clean PC.Followed the steps with Rkill to gain control of my desktop, downloaded, updated and ran MBAM, found lots-o-baddies and removed.In the reboots required, at least at one point I could not boot other than into safe mode and was ready to format and reinstall windows.Managed to run ATF and SAS (after updating as applicable and using the settings in the thread mentioned above).SAS found something like 3 trojans, and 500+ tracking cookies.Removed/quarantined all those and things seem a lot better.Browsers were not loading any page, I took out the altered proxy settings and they seem OK.I have everything except AVG and Spybot S&D disabled from the startup process via MSconfig.Browsers are working again but loading up spam tabs.I have run MBAM and AVG several times and sometimes they come up clean but most times they come up with a couple of items in the localsetti... Read more

A:infected with various Generic.trojans and possible rootkit

Hello eyedoctodd Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.I need for you to perform the following:Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. The... Read more

24 more replies
Answer Match 78.54%

Hi guys,

I'm running into issues with Generic 13.atph and listr trojans. I'll try to run another scan on regular startup mode, but for now all I can get you is the stuff from safe mode. Something's leading me to windowsclick sites, and my computer's slowing to a crawl that firefox won't even boot anymore. At first notice of the issue, iexplorer was trying to open on its own. Any help is appreciated. Thanks!

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Alex Cheng at 15:56:07.32 on Mon 06/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1.#QNAN.2984 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex Cheng\Local Settings&... Read more

A:Generic 13.atph & listr trojans

Hey guys, this is my second run at this, without safe mode.... I wonder if it makes a difference at all in the first place, but I figured it couldn't hurt. Thanks again in advance.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Alex Cheng at 16:26:51.70 on Mon 06/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2430 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\WINDOWS\system32\TFNF5.exe... Read more

19 more replies
Answer Match 77.7%

Hi,

I downloaded a keygen and suddenly my computer has been infected by a virus. Symptoms include:
* "VIRUS ALERT!" message being printed on the right hand side of the current time in the System Tray
* Start Menu has no administration icons or "Program Files" menu - only quick launch
* Some desktop icons have gone missing
* Trying to open Windows Explorer with the keyboard shortcut (Win+E) returns an error saying "This operation has been cancelled due to restrictions in effect on this computer". I can still open it by doing Run (Win+R) and typing "explorer".
* C drive is missing from Windows Explorer

I have scanned my computer with AVG 8 and it has found viruses several times, but each time I try to heal/remove them and restart my computer, viruses still appear in a full system scan, though the names of the infected files and the names of the viruses change.

Previously, in addition to infected files in System32 folder, the winlogon.exe and lsass.exe processes turned up as infected in the AVG full system scan. Since then, I noted the names of the infected DLLs and verified that they were being launched with the Sysinternals' Autoruns utility. Then, using a Windows XP CD, I booted into the Recovery Console, sought out the infected DLLs and removed them from disk. After doing this and running a full system scan, winlogon.exe and lsass.exe do not appear to be infected, but new DLLs have shown up as being infected with similar virus ... Read more

A:Help removing Downloader.Zlob, BHO and Generic trojans

Left with no other options, I decided to reinstall Windows to remove the virus - it was just too hard to remove because it kept infecting different files.

I hope next time I need this forum, you guys can be of more assistance
 

1 more replies
Answer Match 77.7%

Hello good people,

My USB memory stick and my netbook are infected with various trojans -- McAfee has detected and deleted or cleaned trojans like Generic.dx!geu and W32.SillyFDC. I think the virus is installed via a CONFIG folder on my memory stick (and now also on the netbook), which keeps reappearing with more recent "created on" dates. It is a hidden "systems" folder - but I'm pretty sure it's not an actual essential systems folder because of the creation date.


What I have done so far is a bit convoluted:

I followed removal instructions on the McAfee website that suggested to disable systems restore on my computer, update McAffee, and re-run a scan. That seemed to work for a bit. The problem is I have used memory stick #1 on several computers (like in a computer lab at a university), and it appears to consistently pick up the virus right back. I could actually see it re-create an autorun.inf file and a CONFIG folder (and another folder called Venet) on the memory stick drive -- all of which come right back if I try to manually delete them (i know, it's stupid to even try this..).

What I tried to do is to transfer the documents from memory stick #1 to a new memory stick #2 - it is #2 that is reflected on this log now. I thought (God knows why) maybe I could just copy the documents without picking up the infected files - fat chance. When I inserted memory stick #2 into my netbook, McAffee detected two Generic.dx!geu Trojans -- but o... Read more

A:Computer & USB stick infected with Generic dx and other Trojans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

10 more replies
Answer Match 77.7%

I run AVGfree but due to slow processor (P4 3.0 ghz) I will sometimes disable it... and typically manually scan anything I dl... For the past week AVG popups indicate threats and I will "heal" them. I've also tried running SDFix.exe /vcleaner.exe - but still get Trojan warnings. AVG has id'd the following in the past wk: Generic10DJX; Generic 10XQ; Generic6ALSN; Generic6ALUV; Generic7.bds; Purityscan.Y; Generic3.UNS. I've followed the "5 steps before posting a log" - as I understand it I shouldn't be posting any logs until I'm directed... I have all the logs that were requested. The Panda Scan indicates only the one virus but some spyware and malware (I use Spybot S&D; Lavasoft; and IObit's Advanced Windows Care 3 Beta...).

Any help is greatly appreciated... Brian

A:Virus:Generic Malware (Panda ID'd) + various Trojans...

Hi, I think you misunderstood. You'll need to post the logs from Deckard's System Scanner for a review of your issue to begin. If you have a log from Panda ActiveScan, attach it also.

17 more replies
Answer Match 77.7%

Hey guys, my roomate has a couple viruses and a they keep prompting IE windows asking him to install more viruses. Also, this icmntr.exe file keeps getting quarantined by his Symantec Antivirus software (seperate of Norton). He also has this bogus Security Toolbar 7.1 installed on IE. Be nice if he could get rid of that as well.

He's using Windows XP Pro on his Dell Inspiron laptop. I'm also typing this on the infected laptop.

What i've done is run virus scans in both normal and safemode but the virus keeps coming back. I've also run the Disk Cleaner utility, CCleaner, and Spybot S&D.

Here's the HijackThis log, hope you guys can help him out.

Thanks.


Quote:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:10 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFI... Read more

A:Generic Trojans and AntiVirGear (icmntr.exe infected)

bump.

It's been 2 days.

11 more replies
Answer Match 77.7%

Hello there.I hope you are able to help me. On the 20th December 2007 I decided to be brave, ambitious and potentially a tad foolhardy by attempting to investigate a potential virus/trojan email I had received. Instead of running the suspicious attachment (tastefully entitled hardcore.scr), I actually saved it to my external hard drive to see if I could look into it at a later date. Of course, surprise surprise, the same day upon restarting my PC, McAfee warned me of a "Generic RootKit.a" trojan which had been automatically repaired (removed) - this related exactly to the offending file I had previously saved. Since then, each time I have rebooted and gotten online, I have received another mcafee message of discovery and removal of a trojan element. The detection usually occurs as soon as I get online. I have noticed no significant changes in the general operation of the PC, however something is clearly there and McAfee has simply not been getting rid of it. Most worryingly, for the last few days when I use IE (normally I use firefox) the internet connection seems to be over active and constantly in use even if I have no online applications or significant processes functioning - is my downfall being slowly and secretly downloaded to my PC???After having researched high and low I have ended up running the likes of Ad-Aware and Spy-Bot (regularly used anyway), SDFix, ComboFix, ATF Cleaner, Vundofix, SuperAntiSpyware, Kaspersky online scanner, Sophos anti-rootkit, sysi... Read more

A:Infected With Spy-agent.bv.dldr And/or Generic.dx Trojans?

Any thoughts about my Hijack This log, or am I all clear?!! Thanks

6 more replies
Answer Match 77.28%

My wife downloaded a file through bearshare and now the computer is lagging bad and avg keeps picking up these 2 trojans. I navigated to and deleted the file that the generic arly was in. I have tried to run malware bytes,trend micro housecall and they lock up before finishing as avg also locks up before finishing. I have run spybot and it removed several things. Also if possible i would like to remove any garbage programs i dont need. Plese let me know what else you will need.

Thanks a lot

1. DDS LOG
DDS (Ver_09-06-26.01) - NTFSx86
Run by Jamion at 12:40:26.86 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3034.1773 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.in... Read more

A:Trojan generic 11zne and generic arly

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

7 more replies
Answer Match 77.28%

Hi,My device has been infected with ZeroAccess, which proceeded to bring along the 2 generic trojans. My main problems are that windows is very laggy (most things has to be done through Safe Mode at the moment), my firewall won't stay on (in normal and safe modes) and occasionally a pop-up appears with the title [Web Browser] warning that I should stop a script from running. It looks something like this: (I forgot to take a screenshot when it popped up, so here's the exact same thing that I found through google)Before I start off, here are some details about my machine.Windows 7 SP1McAfee SecurityCenter v11.0McAfee VirusScan v15.0 last updated today (17/6/12)McAfee Personal Firewall v12.0A few days ago, my friend was using my machine when McAfee popped up saying that it had quarantined some trojans and no further action was required.Afterwards, the computer was getting significantly more laggy with each reboot; McAfee Personal Firewall and Real-time protection were also unable to stay on. Looking through the quarantined list of items, there were multiple instances of the same 3 items:ZeroAccessGeneric.Backdoor!1ubGeneric.dx!b2ptAll 3 appeared in C:\Windows\Installer\post:27338360\UMy friend had already deleted the zip file which probably allowed ZeroAccess in. Since McAfee's complete scan of the computer was unable to complete due to the significant lag, I then downloaded and ran Spybot S&D and Ad-Aware Antivirus in Safe Mode, but n... Read more

A:Help with Zeroacess / Generic.Backdoor!1ub / Generic.dx!b2pt

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

50 more replies
Answer Match 76.86%

Comptuer boots and seems to run fine. Soon after boot, get generic win32 process error. Ran AVG 8.5. It found several trojans, all healed. Tried to run Spybot search and destroy. It will not open. I am blocked from regedit. It says I am not authorized to use it. Same message for System Restore. I used Hijackthis to gain access to regedit. I was able to get to System Restore. System restore was disabled. Soon after I had gained access to regedit, the virus blocked access again. Same is true of System Restore. IE7 seems to work for some sites. If my Google search results take me to support.microsoft.com, then I get redirected to a coupon site, or some other wierd site. Other Google links seem to work. Tried to reload Spybot in Safe mode (networking enabled). It would install. Still it would not run. I ran hijackthjis. Log is attached.

I am getting ready to wipe it clean. Wanted to try one more thing before I did this. Any clues on what I could do next?
 

A:AVG 8.5 detected several trojans , generic Win32 process error

A few more details..... Here are some of the trojans reported by AVG 8.5:

Startpage.EIF
SHeur2.ANGW
Generic13.BTT2
Small.AV
Proxy.AGWM
Generic8.AYTC
Others....

I did find an "plug-in" in IE7. It was gsfiujid.dll. A google search indicated this was malware. I disabled it. I am still having IE7 issues with redirection.

In System 32, I did find gsfiujid.dll. I could not delete it (file in use). I could rename it. I changed both the name and extension and rebooted. Some of the strange behavior stopped. I will try to delete while booted to Safe Mode. I used process explorer to determine what process owned this .dll. Process explorer reportred it was "explorer".

I ran Adaware Anniversary Edition (Lavasoft). Scan was clean excpet for a few cookies. AVG scans are now clean. I scan with AVG daily. I know I am still having issues.... IE7 redirection, strange pop-ups, Spybot will not run.

I am still looking for help before I rebuild. I will wait a few more days. If I do not get help from this site, I will just reformat and reload my computer. Please look at the highjackthis log..... I have no real experience using this tool. Obvious things to me I have addressed (re-activation of regedit). Other information I am not familiar with.

Thanks!
 

3 more replies
Answer Match 76.86%

I have several different types of Downloader.General trojan horses and I also have PurityScan malware. I have tried SO MANY different things to remove them. Although several programs (AVG, Ad-Aware, Spybot, etc...) say they are deleting them, they are still there! I am not good with computers or computer terminology, so please be patient with me.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:06:41 PM, on 8/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Lexmark 2300 Series\lxcgmon.exeC:\Program Files\Lexmark 2300 Series\ezprint.exeC:\Program Files\Mcafee\MWL\MWLGui.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\SiteAdvisor\6066\SiteAdv.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\a... Read more

A:Lots Of Downloader.generic Trojans And Purityscan Malware

Hello Chell and welcome to the BC HijackThis forum. Let's run a different scanner and see what else it shows us.Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - Desktop Components
Reg - Disabled MS Config Items
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.Cheers.OT

14 more replies
Answer Match 76.86%

I have tried running different malware removal tools and Mcafee both in normal and safe mode and keep getting the message that Mcafee detected and removed. How can I permanently remove these Trojans? I ran the GMER scan and nothing was found.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Cory at 17:48:05 on 2011-10-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2701 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\W... Read more

A:DNSChanger!FA and Generic.dx!bbbq Trojans keep being "Removed" by Mcafee

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 76.86%

okay.... here's the deal. my computer has has some problems. whenever my computer stars up, there are messages that appear on the side of the screen, saying that something is being sent out... some messages that is not my doing. thinking it was a worm, i proceeded to remove the threat, using AVast Anti-virus, and Malwarebyte's Anti-Malware. that's when i discovered the Packed.Generic 217 trojan. i had removed it in safe mode, and i hoped for the best. but to my disgust, somethign else had poped up again, even with those cursed messages that appear whenever i start my computer. so, i decided to get a HijackLog, and ask you guys if you see anything wrong with my computer.... DDS (Ver_09-03-16.01) - NTFSx86 Run by user at 21:32:22.32 on Mon 04/27/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.252 [GMT -10:00]AV: avast! antivirus 4.8.1335 [VPS 090427-0] *On-access scanning disabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:... Read more

A:infected with Win32.Rootkit-Gen, Packed.Generic 217, Trojans, etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 76.02%

I am running XP Home on an HP laptop (1.47GHz, 2GB, 80GB HDD) and use Norton Internet Security 2008 for virus protection and Spyware Doctor for spyware, malware, etc. I also run Windows Defender.

My computer "caught" these bugs sometime within the past couple of days, as I have seen its' performance decline steadily. Upon startup, the computer will load the desktop, start menu, and some of the taskbar, but stops short and hangs when loading the notification area icons. I've waited for as long as 20 minutes before shutting the computer down manually and trying again. I am unable to run any programs from the desktop as normal, having to resort to running XP in Safe Mode with Networking in order to follow the procedure as outlined on this site.

Admittedly, I did try a number of other options attempting to locate and/or clean the problems, hence have several other anti-spyware programs, etc. installed but not active. Spyware Doctor's full scan discovered the trojans: Trojan.Lowzone.a, Trojan.PWS.Tanspy, Trojan.Nircmd, and Trojan.Generic. Even though Spyware Doctor "cleaned" the "bugs" they continued to show up in subsequent scans, on Spyware Doctor as well as Spybot, AVG (ex-Ewido), etc. When following another set of steps suggested on a site found during a Google search of my problem specifics, I loaded and attempted to run Combofix, which stopped working and then kept popping up with an error message that it was not a Windows application. ... Read more

A:XP laptop infested with trojans: Lowzones.a, PWS.Tanspy, NirCMD, Generic...so far!

BUMP






please help!

1 more replies
Answer Match 76.02%

I am getting lots of popups from betus.com collegeeducationweekly.com smacchat.com americannewslive.com welcome2.carsdirect.com and a bunch other before I installed Zonedout (fling.com I think).
The only program to my knowledge that has been put on my computer is searchus tag (icon on desktop) that I removed with add/remove. I also got messages saying that generic trojans had infected my computer.
Tool-Evid has also showed up on a few scans. First time posting so I hope that I followed all the rules.




Incident Status Location

Adware:adware/baidubar Not disinfected Windows Registry
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\l85n9wv0.default\cookies.txt[.findwhat.com/] ... Read more

A:searchus tag smacchat.com virus worms generic trojans spyware Help

Ok.Lets see if we can have you back to normal before Father Christmas comes down the chiminey singing..... Chim chiminey Chim chiminey Chim chim cher-ee........ok...dont tell me,I know.It was Mary Poppins....


Download SDFix and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the c... Read more

15 more replies
Answer Match 75.18%

Hi guys - i'm new to posting but stumbled across great help from this forum in the past, but definately need to type my problems this time...

I'm on day 5 trying to get my computer to even open up IE so i can scan has been a pain in the backside, but we seem to be getting somewhere.
I have already turned off Sytem Restore

I have Nortons 2009 detecting Packed.Generic.200 over the past few days, which i get "Removed Failed" every couple of minutes, as it won't delete it.
I have AVG detecting Win32/Cryptor which has infected about 7 files so far, and after running a few scans so far hasn't alerted any new threats, and i have turned that off for the moment.
I've updated Malwarebytes (MBAM) and ran several scans which at the moment has removed everything and i have successfully rebooted.
I am in the process of downloading ParectoLogic Anti-Virus PLUS to give it a scan and see what it picks up.

Just wondering if anyone knows of these two bugs and if anyone is online to help me through the next steps?

Your help would be greatly appreciated, regards Donna (Sydney AUS)

A:ARGH!!! HELP!!! Packed.Generic.200 + Win32/Cryptor virus/trojans on my Windows XP!

welcom to this forum

I think it might be helpful to know which is your Installed resident antivirus program?

May I suggest you actually turn System restore back on as that will give you A Restore point to turn back to if all goes pear-shaped;it is generally recommended to have an infected Restore point than none at all

Could you please fully update the Malwarebytes program, reboot and run a quick scan and let us see the report from it?

6 more replies
Answer Match 74.76%

Here is my HijackThis Log:Logfile of HijackThis v1.99.1Scan saved at 9:07:22 PM, on 10/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\SYSTEM32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\windows\Explorer.EXEC:\windows\system32\nvsvc32.exeC:\windows\system32\svchost.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\windows\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeE:\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Softwin\BitDefender9\bdmcon.exeC:\Program Files... Read more

A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331, Both Located In My Temporary Internet Files Folder.

Reboot into Safe mode then follow these steps.Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet ExplorerGo to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu on the left side of the Options window.Click the Clear button located to the right of each option (History, Cookies, Cache).Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.Does that remove them?

2 more replies
Answer Match 74.34%

McAfee installed on computer but was "complaining" that the computer wasn't protected but when clicking fix - nothing changed. Finally tonight was able to get the updates and now it says machine is protected and it quarantined:

Generic Dropper.cx, Generic Downloader.x.

I can see from the logs that on 1/25 it supposedly removed Generic.dx. Obviously, this machine still had a problem so I ran dds and mbam - although in reverse meaning ran mbam first. Logs below. Perhaps MBam has fully resolved but I'd like an expert to confirm. Thank you.
*****************************************************************
Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 6.0.6000

2/6/2009 8:39:56 PM
mbam-log-2009-02-06 (20-39-56).txt

Scan type: Quick Scan
Objects scanned: 51894
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT... Read more

A:Generic Dropper.cx Generic Downloader.x

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 74.34%

I received notifacation by McAfee on Generic!atr & Generic dx $ DNSChanger.o. Must have gotten them from DVD X Copy pro download, it is the only file download I did. I do not check email on this computer. It is the only thing I can think of unless I got them surfing. I did all the things in log 793721 as It looked identical but I just want to make sure so I am posting a few logs. Thank you very much for looking into this for me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\e... Read more

More replies
Answer Match 74.34%

Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?)

I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =(

If you could help me that would be great!!!! Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Fi... Read more

More replies
Answer Match 74.34%

I can't get rid of the the Generic Rootkit w. My virus software warning window keeps popping up saying the Trojan is detected even after I ran SDFix.

Generic Rootkit w
File: c\WINDOWS\system32|securetm.sys
Process: c:\Docume~1\Valerie\LOCALS~1|Temp|BNF6FD.tmp

Generic Downloader.x!i
File: c:\Documents & Settings\Valerie\Valerie.exe
Process: c:c:\Documents & Settings\Valerie\Valerie.exe
Thanks for your help,
Valerie
______________________________________

DDS (Ver_09-03-16.01) - NTFSx86
Run by Valerie at 9:30:34.68 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1283 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\V... Read more

A:Generic Rootkit w and Generic Downloader

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies
Answer Match 74.34%

About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more

A:generic.dx and generic downloader.dx Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

6 more replies
Answer Match 74.34%

Hello,

I noticed last week that my browsers (Mozila and IE) were not working properly: all the searches I was doing were redirected. I can't access to some websites as this one or McAfee...
I can't update my McAfee Security Center software nor perform a restore system and Malwarebytes doesn't launch.
McAfee found the following trojans: Generic.dx, JS/Tenia.d and Generic PUP.z and I deleted them. However, my problems are still not solved. I was wondering if someone here could please help me to fix theses issues or if I should just reformat my hard drive (will this get rid of all viruses/trojans for sure?)?

Thanks in advance for all your inputs!
Fanny

You'll find here below the contents of the DDS.txt log:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Fanny at 13:11:49,90 on 26/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.509 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\... Read more

A:Infected with Generic.dx, JS/Tenia.d and Generic PUP.z

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

3 more replies
Answer Match 74.34%

Background: Hello, our two home computers were infected with the Search Engine Redirect Virus about 1 month ago. We've been avoiding the computers as much as possible ever since, but now I'm hoping to get these back in working condition. I'm posting two separate topics, one for each computer, as they seem to have been infected to different severity, and respond to my actions to "fix" them differently.Apologies in Advance: Before I found Bleepingcomputer.com I tried many tools to fix the problem myself, and very well might have made the problems worse. Once I realized I was out of my league, I ceased all "fix it" actions. I just hope someone can get me through this.Computer #2 Specs: Dell Dimension DM061. Windows Vista, Intel Core 2 4300 @ 1.8GHz, 1.0GB RAM.History for Computer #2: I realized that my other computer was infected with malware/virus, so I checked to see if this computer was okay. It had the same problem as my other computer. Using Firefox or IE and performing internet searches (specifically Google) would redirect me to strange websites. Scanned with McAfee... nothing showed up. Downloaded and paid for "Spyware Doctor" and it found and removed lots of spyware and some trojans. Downloaded "Malwarebytes" and it found nothing else. Google was still redirecting and computer was running obviously slower than normal. I ran ComboFix (apologies again, this is before I knew any better), and it appears to have helped. N... Read more

A:Computer #2: Search Engine Redirect Virus / Trojans Generic Murlo AgentBypass

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

18 more replies
Answer Match 73.5%

Hello All,

Any help, advice or comment would be greatly appreciated to say the least as the virus is side stepping my ZoneAlarm Extreme Security, Adware Internet Security (free version) and Spybot SD 1.6.2. and my limited knowledge of stopping such things (usually opening msconfig and unticking the odd but obvious illegal programs) has dried up, I'm out of my deapth with this one.

I am using Mozilla Firefox but get the same problem on IE, When I type a search keyword into the search box using google. the top ranking page shows as normal, but if I click onto any of these links about 70% of the time I am redirected to various low end sales and affiliate sites. The status bar shows that sometimes I am redirected between many sites before an actual page has loaded, which can sometimes take quite a time. If I type a web address in the address bar this is never redirected. Another thing that happens is that windows will open up by themselves again to sales or link sites.

This is annoying but what is more worrying (although it may be completely unrelated) is that as I am using a master password on Firefox and think this may have been compromised as unsolicited payments from my Moneybookers account and my wifes Paypal account have been set up and tried to be activated. Both of these payments were luckily flagged by the companies and stopped and may have nothing to do with my Google redirect and Firefox password so I don't expect anyone to figure that out as it might not ... Read more

A:Google keeps redirecting and constant battle with HEUR: Trojan.Win32.Generic type trojans

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

23 more replies
Answer Match 71.82%

Hiya! I'd originally come aboard with the intention of asking why I see one or two "Generic volume shadow copy" driver installs EVERY DAY in perfmon/Reliability Monitor. After reading other threads on this topic, I'm now convinced this is related to my leaving a USB drive plugged into my PC 24/7 for ReadyBoost, and ditto for an external USB-attached hard disk (for backups).


My questions have now become:
1. I have 98(!!!) Generic volume shadow copy entries in the "Storage volume shadow copies" element in Device Manager (and my rebuilt Vista install is about 5 weeks old, installed on 8/7/08). Should I be concerned? What can I do to get this number down? How do I keep it down? The obvious bonehead answer appears to me to be "Delete them all, and keep it up every day, or write a script to do likewise." Is this even reasonable?
2. I have 5 "Generic volume" entries in the "Storage Volumes" element in Device Manager. Same questions as before...
3. I can't get any meaningful info from the Properties windows under either heading, though complete coverage of "Storage Volumes" and random sampling of "Generic volume shadow copy" entries all say "The device is working properly"

Any input, ideas, advice, or references that will help me understand how to proceed from here will be greatly appreciated.

TIA for your help and support,

--Ed--

A:Device Mgr: 98 Generic volume shadow copy, 5 Generic volume entries

Just FYI in scanning elsewhere on the Web I've found other posts that report this same behavior. For example: http://www.vistax64.com/vista-genera...talling-s.html (no resolution). This posting may offer some relief, and recommends uninstalled the USB Root Hub drivers so they can be rediscovered upon bootup: http://www.vistax64.com/vista-genera...ecognized.html. Haven't tried this yet, though, so I don't know if it helps or not.

HTH,
--Ed--

3 more replies
Answer Match 70.98%

First off, I'd like to thank everyone who contributes to this forum. I just found it and I've already learned a lot from the stickies and other posts. I really appreciate the time put into it.

Now, I have a problem I was hoping to get some help with. I'm running Windows XP and for the past week my McAfee SecurityCenter has been reporting a lot of trojans/viruses/PUPs that have been removed or quarantined or that could not be repaired. Since this has happened, I've noticed my computer (especially web applications) running incredibly slowly from time to time for no obvious reason. I've also occasionally been redirected from websites that I frequent to websites I've never been to.

Below I've included a list of the items detected by McAfee and the actions it took (minus duplications) and a current HijackThis log. Any help would be appreciated, thanks.

Generic Dropper (quarantined)
Generic.dx (quarantined)
Generic Downloader (quarantined)
Generic.dx (removed)
Generic Dropper (removed)
Adware-PurityScan (cannot be repaired)
Downloader-BCF (removed)
Adware-ISM (removed)
Adware-BHO.gen.c (cannot be repaired)
Generic Pup.d (removed)
W32/Sdbot.worm (quarantined)
FakeAlert-AB!htm (removed)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:24 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winl... Read more

More replies
Answer Match 70.14%

Help,

Nothing seem to work. I tried scanning with BitDefender but beside finding the virus, it cannot put both virus in quarantine.

I tried doing the technic that includes, rebooting in safe mode, using ATF Cleaner then doing a full scan with ewido (ewido 4.0). But ewido cannot spot the virus.

Can anyone help?

A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331

I just updated to AVG Anti-Spyware 7.5

2 more replies
Answer Match 68.88%

First of all would like to say hi to everyone at TSG!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\s... Read more

A:Solved: Help Removing Trojans : New Malware.j / Generic Downloader.f / Downloader-AYL

13 more replies
Answer Match 68.88%

Downloaded AVG?.

Found:
Trojan horse Collected Z C:\Windows\toolbar.exe
Trojan horse Downloader.Generic.FCB C:\Windows\tool1exe

Updated AVG files?.

Found:
Trojan horse Downloader.Generic.ITN C:\Windows\loadnew.exe
Trojan horse PSW.Generic.DYD C:\Windows\kl.exe
Trojan horse Downloader.Generic.ITN C:\Windows\1sv22cb9.exe
Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.exe
Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.dll
Trojan horse PSW.Generic.DYD C:\Windows\ibm00002.dll
Trojan horse Startpage.UN C:\Windows\paytime.exe

I then Rebooted?..

AVG Boot-up Scanner (ver 7.1)
Detected a virus
C:\Winstall.exe spyware spytrooper.G
Recommend reboot and restart system from virus free diskette then use AVG Rescue Disk and remove the virus by healing.

Did this and it found nothing.
Ran AVG found nothing.

Still detects [C:\Winstall.exe spyware spytrooper.G] on boot-up


HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:05:23 AM, on 11/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FI... Read more

A:Downloader.Generic.FCB + PSW.Generic.DYD + others

just a bump

14 more replies
Answer Match 68.88%

Hi,

I can't get rid of either or these trojans. Please help!!!!

I ran the HiJackThis and here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:34 PM, on 1/16/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\lanmanwrk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:... Read more

A:Generic.dx and generic RookKit.a

Hi, niki804

Welcome.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here Apply the update, reboot, and post a fresh Hijackthis log.
 

2 more replies
Answer Match 68.88%

Received this computer with numerous issues.
1. Cannont install programs - receive error 1306.
2. Microsoft FIXIT programs "Failed to process"
3. Malwarbytes Generates errors on install (both with mbam-exe and 3f34l3faa.exe). Program gives error: "CoCreateInstance failed; code 0x080040154. Class not registered." 5 times, but then is able to run, update and scan. Finds no problems. This is both in normal and safe mode. In addition. removed hard drive from PC and scanned from another computer, no virus found. Also manually updated virus definition files from usb drive, nothing found on both quick and full scans.
4. Sophos Virus Removal Tool finds 2 infections: "Mal/Generic-L" and "Mal/Generic-S", but fails on removal: "Virus removal failed".
5. IE opens and immediately closes. Uninstalled IE8, IE7, and reinstalled, no help. Firefox works (using Firefox to post this message).
6. When plugging in flash drive, get windows dialog box with one option to open folder to view files. Clicking on that does nothing. Have to open drive through my computer or windows explorer.
8. start>search fails to run.
7. Ran GMER without incident, log attached.

DDS log below.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:42:12 on 2012-08-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1351 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD... Read more

A:Damage to XP After MAL/Generic-L and MAL/Generic-S

Update: Ran Sophos again, and here is the log. it shows 3 different scans I have run.

34 more replies
Answer Match 68.04%

First of all would like to say hi to everyone at Tech Support!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusche... Read more

A:Help Removing Trojans: New Malware.j / Generic Downloader.f / Downloader-AYL

Hello parry, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 ? TEMP... Read more

14 more replies
Answer Match 68.04%

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies