Tech Problem Aggregator

Infected with Trojan, critical system file.

Q: Infected with Trojan, critical system file.

How I think I received the infectionI was searching for a site where I could watch a program I missed on TV.From what I know, I never clicked anything consisting of ''download'' or ''run'',I think I simply got it by surfing through potentially malicious websites. ________________________________________________________________________________________________The virusI first encountered the virus by having an AVG window pop up telling me that I've been infected (I rolled my mouse over the buttons of the popup to check that it was legit)The AVG-antivirus detection name of the virus is Trojan Horse Dropper.generic_c.MMIThe object name is C:\Windows\System32\services.exeAVG couldn't remove it because it's inside of a critical system file_________________________________________________________________________________________________How I have tried to deal with itI searched the virus on google and came across a forum post relating to this virus specifically. Someone had been infected by it and was asking for help. In the end of the forum post someone had been able to remove it through the use offileASSASSIN, a tool inside of Malwarebytes anti-malware. I downloaded Malwarebytes and did a normal scan with it to test my luck. Malwarebytes did find the viruses. Malwarebytes ''removed'' the viruses and told me to restart the computer, but everytime I've restarted it and started a new scan the viruses are still there. I didn't want to use fileASSASSIN because it sounds kind of dangerous considering the virus is inside a critical system file.Another program that was recommended inside the forum (by the same poster) was combofix. Before I decided to download I decided to read some about it and it seems like it's a dangerous program to use if not handled correctly. I read bleepingcomputer's guide on how to use combofix and they suggested that I get help. That is kind of where I am now. I'm looking for how to cure my computer and maybe how to use combofix safely.__________________________________________________________________________________________________Here is my log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Johannes at 14:33:41 on 2012-06-22Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8172.4684 [GMT 2:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2012\avgrsa.exeC:\Program Files (x86)\AVG\AVG2012\avgcsrva.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exeC:\Program Files (x86)\AVG\AVG2012\avgnsa.exeC:\Program Files (x86)\AVG\AVG2012\avgemca.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\Steam\steam.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\AVG\AVG2012\avgtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\AVG Secure Search\vprot.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\AVG\AVG2012\avgui.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"C:\Windows\SysWOW64\svchost.exe" -g no -t 3 -o http://great-0portunity.com:8344/ -u gavaiv -p cpjmiceymauC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localmWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}uRun: [Google Update] "C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeuRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimizeduRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentmRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"StartupFolder: C:\Users\Johannes\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dllLSP: mswsock.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 79.138.0.180 85.8.31.209TCP: Interfaces\{9C29AF4A-0906-4AAC-85BF-CC94DD3489C3} : DhcpNameServer = 79.138.0.180 85.8.31.209Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll{18DF081C-E8AD-4283-A596-FA578C2EBDC3}{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}{9030D464-4C02-4ABF-8ECC-5164760863C6}{95B7759C-8C7F-4BF1-B163-73684A933233}{DBC80044-A445-435b-BC74-9C25C1C588A9}{95B7759C-8C7F-4BF1-B163-73684A933233}mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe".============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-25 13336]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-25 2255464]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-13 935480]R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-20 257696]S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Aktiveringsteknologier f?r Windows-tj?nst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2074-05-18 15:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll2012-06-21 21:38:15 -------- d-----w- C:\Users\Johannes\AppData\Roaming\Malwarebytes2012-06-21 21:38:09 -------- d-----w- C:\ProgramData\Malwarebytes2012-06-21 21:38:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-06-21 21:38:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-06-20 18:07:36 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-06-19 01:09:20 -------- d-----w- C:\ProgramData\Electronic Arts2012-06-19 00:37:42 -------- d-----w- C:\Program Files (x86)\Microsoft WSE2012-06-16 22:31:38 429864 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\AoeOnlinePatch.dll2012-06-16 22:31:38 2629928 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\AoeOnlineDlg.dll2012-06-16 22:31:38 188824 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\expapply.dll2012-06-16 22:31:36 188824 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\patchTemp\expapply.dll2012-06-16 22:31:36 152872 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AOEOnlineReplace.exe2012-06-16 22:31:35 429864 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlinePatch.dll2012-06-16 22:31:35 2629928 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlineDlg.dll2012-06-13 17:38:40 -------- d-----w- C:\Users\Johannes\AppData\Local\AVG Secure Search2012-06-13 17:38:35 -------- d-----w- C:\ProgramData\AVG Secure Search2012-06-13 17:38:35 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search2012-06-13 17:38:35 -------- d-----w- C:\Program Files (x86)\AVG Secure Search2012-06-13 11:51:41 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe2012-06-13 11:51:41 77312 ----a-w- C:\Windows\System32\rdpwsx.dll2012-06-13 11:51:41 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll2012-06-13 11:51:40 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-06-13 11:51:39 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-06-13 11:51:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-06-13 11:51:37 3146752 ----a-w- C:\Windows\System32\win32k.sys2012-06-13 11:51:35 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-05-26 19:16:12 -------- d-----w- C:\Users\Johannes\AppData\Local\SCE2012-05-26 19:15:59 -------- d--h--w- C:\Windows\msdownld.tmp2012-05-26 19:15:55 -------- d-----w- C:\Windows\SysWow64\directx2012-05-24 12:10:58 -------- d-----w- C:\Users\Johannes\AppData\Roaming\LolClient2.==================== Find3M ====================.2012-06-20 18:09:02 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-04-19 02:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys.============= FINISH: 14:34:02,87 ===============I have also included the attatchment log, attatched.I run windows 7If I have forgot to include information or if you need more, I'll be willing to give.Thanks alot or your help, I shall patiently await your replies.

A: Infected with Trojan, critical system file.

Hello Jrav,Welcome to the forum.For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

48 more replies
Answer Match 78.96%

HiI thought PC Tools was suppose to find and eliminate these kind of threats,but it does not i am usingAVG 8 FreePlease help me find and fix this problem manually...When I click on "My Computer" and any other folder this thing pop up twice. "System Error!Your computer was infected by unknown Trojan.It's dangerous for your system (critical files can be lost)!Click OK to download the antispyware program to clean your system! (Recommended)" then it open my internetto:http://spywareadvancedscanner.com/2008/3/_freescan.php?aid=880202Or Click on Cancel which does not cancel but also open my internet to:http://spywareadvancedscanner.com/2008/3/_freescan.php?aid=880202How do I remove it?MY hijack this Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:08:02 AM, on 7/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20815)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.ex... Read more

A::angry: "system Error! Your Computer Was Infected By Unknown Trojan. It's Dangerous For Your System (critical Files...

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

2 more replies
Answer Match 75.6%

Hi, Ive got a Trojan horse Dropper.Generic_c.MMI in a system critical/white listed file according to AVG, and it can't to anything about it. Can I please get some help in removing it

I was also wondering whether it was advisable to use a USB flash drive to back up any data and whether its advisable to use sites with logins?

I hae also attatched the file

Thanks very much
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:08, on 15/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\mohammed\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Users\mohammed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14... Read more

A:Have got Trojan horse Dropper.Generic_c.MMI in a system critical file, please help

16 more replies
Answer Match 64.26%

Hi,

I got this error "Critical System Error! / System Alert:Trojan [email protected] " a few days ago. I had to select a Restore point in order to get back on the internet and now my computer is running excruciatingly slow. I ran Trend Micro Call, spybot, and a few others to try and get rid of the problem before I found this website. I have included the log as requested. Any assistance would be appreciated!!! Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:26 PM, on 12/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\... Read more

A:Critical System Error! / System Alert:Trojan [email protected]

Bump
 

1 more replies
Answer Match 63.84%

I got another call from my Dad today. After cleaning his computer completely last month with help from BleepingComputer.com there is another problem so I went to check it out. I can't believe it.

Now on startup a fake system scan runs with many warning of I/O errors and critical hard drive problems. It tries to take you to file-recovery-system.com to buy something. Obviously it is a virus/hijack. I searched on the web for fixes and was able to use RKill.exe to at least stop the process and the warnings. I tried to install MBAM but the install failed twice, I get a permission denied warning. I tried to install after restarting in safe mode, but had the same access denied at the end of the install.

Computer is Windows 7. I am posting from my clean computer since the browser redirects on his computer make it almost impossible.

A:file-recovery-system.com takeover, critical system error warnings

Boot into safemode with networkingDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

28 more replies
Answer Match 62.58%

hallomine name is lizaura and I am 35 years hold. I live in Holland and I have 2 children. I have a 17 year old daughter and a 13 year old son.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:32:57 PM, on 12/17/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\SurfRight\Caretaker\Notifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Users\lizaura\Program Files\BitTorrent_DNA\dna.exeC:... Read more

A:Infected Critical System Error

Hello lizaura, I am SifuMike and I will be helping you. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ***************************** Reconfigure Windows Vista to show hidden files: To enable the viewing of Hidden files follow these steps: Close all programs so that you are at your desktop. Access Control Panel. Click Folder Options. After the new window appears select the View tab. Put a checkmark in the checkbox labeled Display the contents of system folders. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Remove the checkmark from the checkbox labeled Hide protected operating system files. Press the Apply button and then the OK button and shutdown My Computer. Now your computer is configured to show all hidden files.... Read more

2 more replies
Answer Match 62.58%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

More replies
Answer Match 62.58%

The file is menoyiju.dll, found in the system 32 file. AVG says it is a trojan horse Vundo.hj. when i ask it to heal it seems to do nothing, but when I force remove, my computer blue screens after freaking out. It detects it on open, when I open any program, even HJT, and MalwareBytes

Obviously something is wrong. Malwarebytes continually finds the same two problems as well.

I have a recent HJT log, and will also post a MWB log, along with anything else you need.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:27 PM, on 9/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\powerstrip\pstrip.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.ex... Read more

A:Vundo Trojon infected a critical file?

Malwarebytes' Anti-Malware 1.41
Database version: 2839
Windows 5.1.2600 Service Pack 2

9/22/2009 12:08:08 AM
mbam-log-2009-09-22 (00-08-08).txt

Scan type: Quick Scan
Objects scanned: 123862
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Thats odd, it didn't find anything this time ???
 

1 more replies
Answer Match 62.16%

Thanks in advance!I downloaded a video codec (or so I thought) and since have been dealing with this. I'm comfortable with regedit, and would appreciate any guidance in getting rid of this thing!Here's my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:35:59 PM, on 12/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\... Read more

A:Critical Systems Error! Your Computer Was Infected By Trojan.

Hello herrgan, I am SifuMike and I will be helping you. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ***************************** Reconfigure Windows XP to show hidden files: Go to My Computer and double-click C. Go to the Tools menu and select 'Folder Options'. On the 'View' tab select 'show hidden files and folders' and deselect (uncheck) 'hide protected operating system files (recommended)'. Now your computer is configured to show all hidden files. ***************************** I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. How to disable TeaTimer during HijackThis CleanupWhen everything is done and your log is clean again, you can enable it again.Then, Download Reset... Read more

6 more replies
Answer Match 61.74%

Hi!

I don't know what to do with these reports, actually I know nothing about computers but I try to do just something...

I did run Hijack this, SmitfraudFix (in safe mode and did registry cleaning), ewido, and Hijack this. Here are the reports:

Logfile of HijackThis v1.99.1
Scan saved at 13:06:05, on 7.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\pmsngr.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\FBM Software\ZeroSpyware 2004\NetGuard.exe
C:\Program Files\Media-Codec\pmmon.exe
C:\Program Files\Media-Codec\isamini.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\... Read more

A:trojan SPM/LX and critical system error

Welcome to TSG

Please navigate to Add/Remove Programs located in your Control Panel. Remove the following (if present):

Spywarefighter
Then, Delete the following Folder C:\Program Files\SPYWAREfighter

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
Save it to your desktop

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

====================================================

Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spfprc.exe
O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - C:\WINDOWS\system32\duxzj.dll

2. After checking these ite... Read more

3 more replies
Answer Match 61.32%

My PC was infected w/ VirusBurst or VirusBursters... fake "Critical System Errors" alert pops up from lower right side of taskbar; program took over IE home page & directed browser to "Internet Security" page. Apparently also caused infection with Trojan.Emcodec, perhaps others.I've run Norton Antivirus, Trend Micro Anti-Spyware, Ad-Aware SE, SpyBot Search & Destroy, Trend Micro HouseCall, and Bit Defender. (I ran each twice, except Bit Defender only once.) I ran McAfee Stinger. Installed Zone Alarm firewall. Win XP SP2 has had autoupdate activated for some time, and is up-to-date. IE now starts up at my default home page (i.e., it does not go to the phony site). All the various scans are now clean. I think the viruses and spyware are gone, EXCEPT that the icon in the right hand side of taskbar is still present. This icon switches between a yellow "X" and a yellow "?". Periodically, a warning alert pops up with title "Critical System Errors" and message "System detected virus activities. They may cause critical system failure..." If you click on this Alert message balloon it opens IE browser to web page for "Internet Security" which purports to sell antimalware software.I don't know how to remove the task tray icon and its alerts, and I don't know if there is any spyware or malware still present (altho scans seem to indicate they're gone).Following is my HijackThis log.Thank you for your hel... Read more

A:Virusbursters? Infected With Fake "critical System Errors"

Hello PTGuy,Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

12 more replies
Answer Match 61.32%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new W... Read more

More replies
Answer Match 61.32%

Have "Critical System Errors! pop up message in my Task Bar system tray(next to clock) according to forum this is "VirusBurst Fake alert". I tried the Automated Removal Instructions to remove, but did not work. I have also completed "Preparation Guide for use before posting a HijackThis Log" and HijackThis log follows. Thank You Logfile of HijackThis v1.99.1Scan saved at 8:04:25 PM, on 10/31/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Sony\Giga Pocket\shwserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeac... Read more

A:Infected W/ -critical System Errors!- Pop Up In Task Bar Next To Clock

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is... Read more

10 more replies
Answer Match 61.32%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new ... Read more

More replies
Answer Match 61.32%

My sister told me her computer got infected with a virus this morning. I checked recent downloads and found 3 entries for this morning:

Install-d2c795_02018-6.exe 7/25/09 8:43 AM (pacific time)
Install-9dc04_02018-6.exe 7/25/09 8:45 AM
Install-5920_02018-6.exe 7/25/09 8:56 AM

Getting a bubble popup from the icon tray in the bottom right. The icon is for a program called "Personal Antivirus"

"Critical system warning! Your computer is infected with version of Trojan.Win32.Agent.Azsy..."

There are other popups coming up randomly from the icon tray for other infections as well.

--------------------------------
DDS (Ver_09-06-26.01) - NTFSx86
Run by Sandy at 12:52:03.25 on Sat 07/25/2009
Internet Explorer: 7.0.6000.16851
Microsoft? Windows Vista? Home Basic 6.0.6000.0.1252.1.1033.18.2037.1016 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SL... Read more

A:Critical system warning (trojan / pw steal)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 60.48%

Greetings.

I am experiencing constant pop-ups in IE and in my lower bar. pop-ups are telling me to download software from links in the pop-ups.
pop-up states the following message: "Critical System Warning! or System Alert: Trojan-Spy.win32.mx"

I have followed your "5 Steps".

Active Scan log:

Incident Status Location

Virus:W32/P2PSimple.C.worm Disinfected Operating system
Virus:Trj/Agent.HBA Disinfected Operating system
Potentially unwanted tool:Application/Processor ... Read more

A:Constant Pop-ups: critical system warning, [email protected]

here is the rest of the log information:

Here is the DSS main.txt log:
[/B]
Deckard's System Scanner v20071014.68
Run by SaraVC on 2007-11-16 12:27:35
Computer is in Normal Mode.
------------------------------------
-- System Restore ---------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
5: 2007-11-16 20:27:38 UTC - RP234 - Deckard's System Scanner Restore Point
4: 2007-11-15 22:32:37 UTC - RP233 - Removed Maya 7.0
3: 2007-11-15 22:30:37 UTC - RP232 - Removed Google Toolbar for Internet Explorer
2: 2007-11-15 01:48:28 UTC - RP231 - Software Distribution Service 3.0
1: 2007-11-14 21:49:48 UTC - RP230 - Restore Operation

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-16 12:28:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\C... Read more

19 more replies
Answer Match 60.06%

Hello, i am infected with a virus and it has taken control of my browser and computer. I have popups all over the place from virus remover 2008 and windows security center and antispyware pro xp. they have hijacked my browser and i cannot go anywhere without getting redirected.

Please help as my computer has become useless.

I have attatched the appropriate requested logs:

thanx

A:[SOLVED] critical system warning, virus remover 2008 infected

Hi and welcome to the TSF Security Forum

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When com... Read more

7 more replies
Answer Match 60.06%

Hello All!..it's my first post trying to get help with this annoying pop up i have inherited on my computer.It keeps popping up stating 'Critical system error- trojan win32 agent AKK' it then asks you to download anti virus software..I have saved a Hijack this! logfile, (first time! heh!) and was wondering if anyone can help me find the problem.Cheers! KurskLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:13:17 PM, on 12/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_02\bi... Read more

A:Critical System Error Popup-trojan Win32 Agent Akk

Welcome to the BleepingComputer HijackThis Logs and Analysis forum KurskMy name is Richie and i'll be helping you to fix your problems.Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.If you need help,follow the info in the link below:http://russelltexas.com/malware/createhjtfolder.htmYou have ClamWin and AVG7 installed.Its not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have ... Read more

1 more replies
Answer Match 59.64%

Windows 7 x64 Professional

Hardware less than 2 months.

OS re installed after MS updates failures.

perfmon named failure.

A:BSODs Memory Management, Edit of a critical system file, etc

Hi.
In this order,

Run SFC /SCANNOW Command - System File Checker
You may need to run it 2-3 times to "fix" everything.

Run RAM - Test with Memtest86+
Let it run until at least 9 passes are completed, or errors are found (whichever comes first). The longer you run it, the better.


Finish with the above steps and post back with results\news.

5 more replies
Answer Match 59.22%

I made the mistake of downloading a file I was told was required to watch a sports video over the weekend. As a result, when my browser is open a box pops up stating the following:

Critical System Warning!
Your system is probably infected with the latest version of Trojan.Zlob-X.a
Full system optimization will greatly increase your computer's performance and prevent data loss.

Click OK to download antispyware software! (Recommended)

Since the box wouldn't go away, I finally clicked ok and a product called IEDefender was downloaded - it offered a fix, but wanted payment. I noticed an error in the payment popup so I didn't download it. But the issue is persistent. And my Google search page is corrupted as well - any time I try to use it, I get weird links including one for a porn site.

Anway, I found this link on the site (http://forums.techguy.org/malware-removal-hijackthis-logs/650694-solved-spyware-trojan-zlob-x.html) and attempted to follow the instructions. It's exactly the issue I have. I made it to the ComboFix download - when I launched ComboFix, an error message regarding the date of the product promptly shut down the program and removed it from my desktop. I sent a general message to the Tech Support Guy site and the response was I shoudn't try to fix my problem following someone else's fix, which may be unique.

Can someone help me?
 

A:PopUp Issue: Critical System Warning - Trojan.Zlob-X.a virus

12 more replies
Answer Match 59.22%

I found a thread on this already and tried to post a question on it but it said I didnt have access to that thread so I thought I'd post it here in hope I could get some help. I also have this "Critical System Warning!" pop up coming up every time I load a page in Internet explorer and it also affects my google searches. I followed dvk01's instructions to remove it that I foound in another thread but was curious if the fix that he posted would work on my system or if it was especially tailored to the posters PC. Here is dvk01's fix :
[Unregister Dlls]
[Registry - All]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {741403DD-46A4-4D58-8FA7-427335C3BBF6} [HKLM] -> %System32%\PowerVideo.dll [Video On-line]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Files/Folders - Created Within 30 days]
NY -> PowerVideo.dll -> %System32%\PowerVideo.dll
[Empty Temp Folders]
[Reboot]
I have attached my WinPFind3U.txt output log from the program. All I need to know is if this fix will work for me or what I need to change because I am trying the fix right now but it... Read more

A:PopUp Issue: Critical System Warning - Trojan.Zlob-X.a virus

I found another post with the exact same issue and I got my problem resolved by using the spyware removal tool mentioned. thanks anyways
 

1 more replies
Answer Match 59.22%

My computer has been very slow to start up and is running slowly overall. The hard drive makes clicking sounds too often, even if I'm offline. I recently keep getting a pop-up that says, "Critical System Warning. Trojan.z10b - x.a" I have not clicked on the pop-up except to X out of it. I ran all of the programs you suggested as well as my anti-virus program and they have not come up with anything. When I scan my computer with my Panda anti-virus program, the scan for virus' box is grayed out and I can't fix that either, so I wonder if something got into my system. Something is not right, but I cannot find it. Please help! Thank you very much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:16:25 PM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\TPSrv.exeC:\WINDOWS\syst... Read more

A:Do I Have A Viurs? Slow Computer And "critical System Warning. Trojan.z10b - X.a" Pop-ups.

Hello jmufroggie,Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 3. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firef... Read more

8 more replies
Answer Match 58.8%

I downloaded a video player from the net, which causes this pop up each time i attempt to connect to the net. PopUp Issue: Critical System Warning - Trojan.Zlob-X.a virus

it recommends downloading antispyware (which i have not done.) I have downloaded hijackthis. Can you help?

here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:49, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Spyware Doctor\svcnt... Read more

More replies
Answer Match 57.54%

After getting my laptop (esystem) back from a charlatan that wanted to charge me 80 quid for getting rid of my bios password, i found the password and found that windows xp had been installed on it! the os was vista, i tried to reinstall vista but to no avail due to a message saying : windows failed to load because a critical system driver is missing or corrupt staus 0xc00000e9 file: windows\system32\drivers\acpi.sys
ican't get past this
any help would be appriciated, thanks.
 

A:Critical system driver is missing or corrupt staus 0xc00000e9 file: windows\system32\

hm ... I think that is referring to your HDD drivers. If you don't have a drivers disk already, then:

1.) Enter your BIOS
2.) Write down the make and model of your HDD
3.) Download the drivers for your HDD from it's manufacturer's website.
4.) Burn the driver to a disk (a jump drive might work, I can't remember)
5.) Your Windows installation menu should have a "load drivers" option some where.

EDIT: Nice catch, Archean! My tired brain didn't pick-up on that time-saving possibility.
 

3 more replies
Answer Match 54.6%

http://www.bleepingcomputer.com/forums/t/176020/avg-error-after-trojan-removalhijack-file/

A:AVG error after trojan removal/hijack file, was infected with trojan horse psw.agent.vqa

Helped here, closed.

1 more replies
Answer Match 54.18%

Logfile of HijackThis v1.99.1
Scan saved at 6:12:16 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\XP User\Desktop\HijackThis.exe

R3 - Default URLSearc... Read more

A:I seem to have aquired the "Critical System Error" Trojan

8 more replies
Answer Match 54.18%

I have a icon in my system tray and it keeps flashing and says "Critical System Errors", if you click on it it takes you to a web site to down load "security" software. Please help....

Logfile of HijackThis v1.99.1
Scan saved at 7:19:57 AM, on 12/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1122166007\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\... Read more

A:Icon says "Critical System Errors" - HJT file posted

16 more replies
Answer Match 54.18%

hello, i have downloaded hijack this, whatever that is.
i have had this virus before, but i can't remember how i got rid of it and i notice that a lot of people seem to do it with log file things.
its the "Critical System Error!" pop-up thing that says you have a virus and re-directs you to its VirusBurst software to make you download it.

PLEASE HELP, WHAT DO I DO???

A:i am new to this Log file stuff. PLEASE HELP! regarding "Critical System Error" thing

Hi

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd


Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cl... Read more

1 more replies
Answer Match 54.18%

Hi,My son downloaded a video codec & unwittingly installed a trojan popup (Trojan.Downloader.Codec.E?) which appears whenever you move around in windows explorer or open a new page in internet explorer. I have tried to get rid of it but failed and I would appreciate your help.I have followed the preparation instructions and Bit Defender found a trojan it couldn't delete in msvidc32.dll. I am reluctant to try and remove this myself without your advice.Below is the Bit Defender report followed by the Hijack This reportchrisssScanned File Status C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Disinfection failed C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Deleted C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Disinfection failed C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Deleted C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf Detected with: Application.MWS C:\WINDOWS\Downloaded Program Files�... Read more

A:System Error! Your Computer Was Infected By An Unknown Trojan (trojan.downloader.codec.e?)

Hello chrisss,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry key... Read more

12 more replies
Answer Match 53.76%

All -Thanks in advance for your help.Some background. Last Wednesday, I hit a website from a Google search and got a suspicious message to launch an anti-virus program that I didn't recognize. I tried to run an anti-virus program I own (I think it was Webroot Spysweeper), but it froze after an hour, and everything on the system slowed to a crawl.Guessing that I was seriously infected, I immediately used restart to shut down the computer and reboot to my D partition that has a different installation of Windows so that I could take a look and run some anti-virus and anti-malware programs. I had to shut down processes because the system was not allowing me to shut down Spysweeper.I ran AdAware and MalwareBytes, which produced the logs farther below (shown after the requested DDS logs). Since two of the messages indicating removal of an infection mention Spysweeper, I wonder if it didn't infect that program while it was running.Since I've been through something a bit like this in 2007 and worked with Bleeping Computer to resolve it, I did as instructed in the Preparation Guide, but also ran several existing apps, like:Anti-virus -AvastMalware BytesSpysweeperAdAwareSuperAntiSpywareMisc -ADS Spy v.1.11TDSSKillerRKILLGMERHijackThisIMPORTANT - I THINK WHAT MIGHT BE CAUSING MY SYSTEM SLOWNESS NOW (WINDOWS PAINTING IN A JAGGED FASHION AS I MOVE THEM AND SCREENS REDRAWING VERY SLOWING AS I PAGE DOWN IN APPS AND BROWSERS) IS THE FACT THAT TDSSKILLER DELETED ONE OF MY NVIDEA D... Read more

A:Am I still infected with Trojan-Downloader.Win32.Lukicsel.A or another trojan, or is system slowness due to loss of video card...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

17 more replies
Answer Match 51.66%

Hi,

I think I'm n the right section. Brand new Lenovo G570. Using Kaspersky Internet Security 2012 and I keep getting viruses. Restored to factory settings and I think the virus is still here. For Windows 7 update preference I chose to notify me before installing updates and let me choose which updates I want to install, computer keeps changing to update automatically @ 3am everyday. Desktop colors have change.

Each time I perform a full scan with Kaspersky and Malwarebytes, scan reports no viruses found. Internet explorer won't connect at all. I am using Safari as my default browser. The computer also randomly freezes.
Please help me.

Thanks.

A:System infected after removing trojan. System changes on its own.

A Clean Install may be the quickest & easiest way to go.

Clean Install Windows 7

5 more replies
Answer Match 50.4%

Similar to http://www.bleepingcomputer.com/forums/topic426863.html/page__p__2467434__hl__file+indexation__fromsearch__1#entry2467434

My PC is infected. I tried running combofix as per the instructions in the above thread and below is the log. I am getting messages about my Hard drive failure, RAM failure etc (my PC is just 4 month old). Thanks for the help
ComboFix 11-12-22.04 - nisthana 12/22/2011 9:21.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.4673 [GMT -8:00]
Running from: c:\users\nisthana\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~181tyqlyou9P1Kr
c:\programdata\181tyqlyou9P1K.exe
c:\programdata\hFITnUFOxHN.exe
c:\programdata\Roaming
c:\users\nisthana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\nisthana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:�... Read more

A:Infected with System Fix Trojan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433977 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 50.4%

AVG detected and quarantined initial issues but other problems were detected.
From AVG log:
"6/24/2011, 10:11:49 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process K6RX1A6.EXE was detected."
"6/24/2011, 10:12:16 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process K6RX1A6.EXE was quarantined."
"6/24/2011, 10:12:22 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process 0.8872979615253997.EXE was detected."
"6/24/2011, 10:12:29 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process 0.8872979615253997.EXE was quarantined."
"6/24/2011, 10:12:35 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process RXR.EXE was detected."
"6/24/2011, 10:12:39 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process RXR.EXE was quarantined."

After this I lost most of the icons in the system tray. I was able to complete what I was doing but quickly noticed other problems. I was unable to open programs from the Start menu. This included Malwarebytes' and SAS. After hours of searching forums, I was able to run executables again by running FixExe.reg. This allowed me to update and run AVG, Malwarebytes' and SAS. Malwarebytes and SAS logs are at the bottom of the post.

I think I fixed most of the issues but I am concerned that I didn't get everything. I had to restart Windows Firewall and change Windows... Read more

A:System infected with Trojan

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

8 more replies
Answer Match 50.4%

During a virus scan, I discovered that a file in my documents is infected with the trojan virus. When I try to delete the file, it says cannot be deleted because file is in use. How can I delete this file. It showed as uncleanable on the virus scan. Thanks
 

A:deleting trojan infected file ??

6 more replies
Answer Match 50.4%

My computer recognized my PDA and sync was ok. Then had Avast antivirus installed. Computer now does not recognize my PDA and no sych activity. Avast rep looked in my computer and found one of trojans which infected the PDA software/file. How do I first find which trojan(s) then remove them? Please help. Thank you.

A:PDA file infected- removal trojan. how?

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 50.4%

First time I have ever I have had an infection notice! I booted up my PC - Acer T180\Vista SP-1 - this morning to find an AVG notice:

Trojan Horse Small AOQ on file:

C:\Windows\system32\Drivers\mchInj\Drv.sys

I clicked on 'heal' but told file couldn't be found and the notice closed. I opened AVG - AVG Free 8.0 - and removed the 'infection' which I assume means the file is deleted. I then ran an AVG full scan and nothing fou7nd. What now? I don't recognize the driver, not sure whether I need it and in anycase I don't have a Vista installation disc - only a recovery disc that was made when I bought the computer. What next, if anything please?
 

A:Trojan infected file removed what now?

I understand this may be something to do with Spyware Doctor, so I have unistalled SD - rebooted - rescanned - installed Adaware (for now) - rebooted and scanned and hopefully this has solved it. Still don't know what this 'driver' was though!
 

1 more replies
Answer Match 50.4%

Hi very computer illiterate so really struggling. We have mcafee security,adware and run automatic updates for windows xp . Thought we were doing ok but had warning message from mcafee infected by trojan exploit-ANI file.c (file riff-last [2].bin riff-last[1].bin) if this means anything but could not delete quarantine or clean. Have followed advice re scans used superantispyware, housecall,bitdefender and mcafee stinger. then created a hijack this log . Hope someone can help and let me know what to do next.Logfile of HijackThis v1.99.1Scan saved at 14:30:41, on 11/05/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mcts... Read more

A:Think Infected With Trojan Exploit.ani File.c

Hello fenella,Your log appears to be clean. Which only means if there is a trojan on your system, it is not started in any way that HijackThis can see. Usually antivirus (AV) notices of expoits are telling you of a potential problem rather than that you actually have a trojan installed, so I'm not sure how accurate McAfee's name is here. Exploits also can mean you are missing some updates for windows.There isn't much information on this one on the web, altho I did find an article from Bit-Defender: http://www.bitdefender.com/VIRUS-1000127-e...NI.Cmoo.AX.htmlPlease do the following which will include helping us get some more information on what's going on:Download FileFind.zip and unzip to your desktop.Double-click FindFile.exeIn the box labeled "Enter the File to Search" delete the text already in the field and copy and paste the following bold text into it: riff-last [2].binClick "Find" to begin the search.When the search is done, it will list the total number of files found.Click on "Export"Notepad should open with the results and paste those in your next reply. The text file named export.txt will also be saved in the root of your C:\ directory.Repeat the steps for the file riff-last[1].binNext please run a free online scan at BitDefender.Note that this scan must be run by Internet Explorer and you may need to disable your anitivirus for it to work correctly.Click Here and when the page completes loading, click on I Agree. Avoid cli... Read more

5 more replies
Answer Match 50.4%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:36 AM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.e... Read more

More replies
Answer Match 49.98%

hi there
since a few months now my comp is very very, unusually slow. I installed Panda Cloud Anti-virus about 2 months ago after uninstalling Norton Antivirus.

Since a few weeks my panda cloud shows up once every while and says that a file (and next to it it shows an icon of a file with "system" written underneath) is infected and i need to follow the step by step. However the step by step does not give any solution whatsoever.

Do I have some kind of virus that slows down my comp drastically? Because if I do ewido malware scan or panda active scan, NO virus shows up.

Here's a log of hijack this> please help me out!!! thx

Logfile of HijackThis v1.99.1
Scan saved at 13:15:31, on 24-8-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\gearsec.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Fil... Read more

More replies
Answer Match 49.98%

I am a student online and use my computer abt 98% of the time. Lately I have been getting tons of error messages that have prevented me from doing my homework such as security logon fail, blue screen, and many others. well this morning was the last sraw for me. I had been working in safemode w/networking and when doing certain orojects everything does not display right. so, decided to logon in normal mode to get my assignment and the tricks started immediately.i gpt a black screen for at least 3-4 minutes, so i restarted system again this time the mouse would not let me select safe w/etworking but was stuck at loading normal. I kept until i could get back to safemode. I got safemode again and out of frustration downloaded combo hoping it would blow my system away. I ran it and it deleted a file and place the log on my desktop. I ran it a second time and it stated: system file is infected/ "c:/windows/system32/user32.dll After getting that message it said it was repairing file, then stated it was repaired.
Nw getting the blue screen with dumping physical memory to disk! I have compaq computer running vista . Can someone please help I have a big assignment I need to finish but getting blue screen :-)

A:SYSTEM FILE IS INFECTED

I am a student online and use my computer abt 98% of the time. Lately I have been getting tons of error messages that have prevented me from doing my homework such as security logon fail, blue screen, and many others. well this morning was the last sraw for me. I had been working in safemode w/networking and when doing certain orojects everything does not display right. so, decided to logon in normal mode to get my assignment and the tricks started immediately.i gpt a black screen for at least 3-4 minutes, so i restarted system again this time the mouse would not let me select safe w/etworking but was stuck at loading normal. I kept until i could get back to safemode. I got safemode again and out of frustration downloaded combo hoping it would blow my system away. I ran it and it deleted a file and place the log on my desktop. I ran it a second time and it stated: system file is infected/ "c:/windows/system32/user32.dll After getting that message it said it was repairing file, then stated it was repaired.
Nw getting the blue screen with dumping physical memory to disk! I have compaq computer running vista . Can someone please help I have a big assignment I need to finish but getting blue screen :-)

1 more replies
Answer Match 49.98%

My System:
Microsoft Windows XP
Professional
Version 2002
Service Pack 3

My Computer:
Intel(R) Core(TM)2 Duo CPU
E6750 @ 2.66GHz
2.66 GHz, 2.00GB of RAM
My problem lies with an AVG scan showing:
"\\?\globalroot\systemroot\system32\gxvxcfwagpmkbgrqntwrkxxrblalqnkxymxdo.dll";"Trojan horse Agent2.GUF";"Infected"

It can't Heal the infection and it's affecting my browsing experience when i click on links. All my browsers run through junk sites before hitting my intended page successfully. Sometimes it's so bad i always land somewhere else or wherever it feels like taking me next.

Occasionally the machine gives up and restarts itself during normal web streaming.

Please Help - i can follow any clear steady instructions swiftly.

Thanks.
 

More replies
Answer Match 49.98%

Pop-ups are on my screen, the pc is slow in response, and different pop-ups ads seems to appeare. can anybody help me im a newbie
THIS Shows up when I Start the Windows

p-07-01000 irql : 1f SYSVER 0xff00024 NT_Kernel error 1265
KMODE_EXCEPTION_NOT_HANDLED

"0x01d62739" referenced memory at "0x02354e50". The memory could not be "read.

Here is my Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe
... Read more

A:Help Newbie: Trojan infected my system

16 more replies
Answer Match 49.98%

AVG indicates infected with trojan nut Kaspersky did not find problem. Did Kaspersky scan last night did not save log.hope i;m starting correctly.Thanks for your help.Deckard's System Scanner v20071014.68Run by Valrie Messam on 2008-06-23 12:24:05Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Valrie Messam.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:24:35 PM, on 6/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\Program Files\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\CyberLink\... Read more

A:System Infected With Downloader Trojan

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. You posted exactly what I need to see. Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL (file missing)O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)O2 - BHO: (no name) - {A4C0F119-C0E2-4DC1-949A-EAE4F2821A35} - C:\WINDOWS\system32\clbcate.dllO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)==============Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\clbcate.dll
C:\Program Files\Free Offers from Freeze.com
C... Read more

2 more replies
Answer Match 49.98%

I think its a worm since it keeps coming back. its name is ati3d1a.dll
Im using Windows XP
AVG detects it but cant seem to remove it permanently

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:27 AM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\openkore\start.exe
C:\openkore\start.exe
C:\openkore\start.exe
C:\openkore\start.exe
C:\openkore\start.exe
C:\openkore\start.exe
C:\openkore\start.exe
C:\openkore\start.exe
C:\Program Files... Read more

More replies
Answer Match 49.98%

I have been trying to find an answer to removing these Trojans that I think it may be to late. I am running Windows XP-Pro. and have Internet Explorer7. I ran a scan using Spybot Search and Destroy and it show 2 extra infections I was not aware that I had. AT first these 2 Trojans showed up: Trojan-Downloader-Zlob & Trojan-Downloader-vunder(I think)Sp. Later in the week I ran another scan and 2 others showed up:-ZLOB-downloader.oid & ZLOB-Downloader.vdt. I have even had a tech out that was a local geek, but he seemed to not want to discuss it. I am afraid that this computer is going to crash big time, if ithas not already done so.
If anyone can help me I really need it. It has changed my passwords, it now working to close out my email address and the last Windows One Care that I ran, showed no problems, but the Spy Dr. I ran suggested 683 total problems.

Thanks to anyone that can save what little computer I have left.
Thanks,

showell1

It is a Gateway Media Center, Intel Pentium D processer, Double-layered 16x Multi-Format,1024 mb DD2, 250 GB SATA HDD,2005.

Forgot; it shows up as : C:\Docume~1\Sammy\Locals~1\Temp\WER.dir.00.iexplorer.exe The other I can't remember but is simular but: C:\Progrma~1 Etc.. Many of the "~" in seperate programs.
 

More replies
Answer Match 49.98%

Hi I keep getting messages poping up from my service providers antivirsus software (virgin media pc guard) instructing me i have spyware called sillydl djm infecting files in HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTV...\BROWSERSETTINGS but cannot be removed. I also have spyware doctor 5.1 which shows i have trojans it removes them but every time i reboot they're back. What should I do please help.
 

A:sillydl djm/trojan has infected my system HELP!

10 more replies
Answer Match 49.98%

Hi guys

I've been having minor problems with my laptop for a few months now (slow to shut down etc) but didn't think it was anything serious until I started getting alerts that some system files were infected by a Patch El trojan or something...

I've been using ESET Smart Security and MalwareBytes. MWB reckons nothing is wrong whereas ESET detected 65 infected files. They cleaned 4 of them but left out the others.

I am coying my log here in case people can make sense out of it and perhaps help me out?! that would be awesome.

Here is the Scan log. It's quite long so...

>>>> Please SKIP if irrelevant <<<<

Scan Log
Version of virus signature database: 5103 (20100510)
Date: 10/05/2010 Time: 23:07:30
Scanned disks, folders and files: C:\
C:\pagefile.sys - error opening [4]
C:\DELL\drivers\R114079\Lang\ESN\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R114079\Lang\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R114079\Lang\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R114079\Lang\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R153830\Graphics\LANG\HDMI\esp\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R153830\Graphics\LANG\HDMI\ita\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R153830\Graphics\LANG\HDMI\ptb\license.txt » MIME - is... Read more

More replies
Answer Match 49.98%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:22 PM, on 5/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\sttray.exe
C:\Program Files\Dell AIO Printer 946\DLCImon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\ProgramData\Dell\TransferAgent\TransferAgent.exe
C:\ProgramData\mgllawby\exelezkr.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\maria75\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IWT0GYB\HiJackThis[1].exe

R0 - HKCU\Softwar... Read more

A:System infected with Trojan Downloader

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 49.98%

Hi guys need some help.Recently have been infected with a few trojan horses, picked up by AVG.I also recently found this onefile name: c:\windows\assembly\GAC_64\desktop.iniThreat name: Trojan horse Generic28.ANICBut the one I'm worried about is the services.exe in the windows folder it saysc:\windows\system32\services.exe - Trojan Horse Dropper.Generic_c.MMI"Object is white-listed (critical/system file that should not be removed)Also have thisFile name: C:\WINDOWS\ASSEMBLY\GAC_64\desktop.iniThreat name: Trojan Horse Generic28.ANICFile name: C:\WINDOWS\ASSEMBLY\GAC_32\desktop.iniThreat name: Trojan Horse backdoor.generic16.axlaI try to delete these but it says access is denied.Any help with this thanks.I'm not very good with this virus thing and now safe mode can be a start.

A:System.exe infected with other Trojan Horses.

Ok apparantley everything is removed now.

Tomorrow when I wake up, I will post my update.

2 more replies
Answer Match 49.98%

I downloaded a program infected with the Vundo Trojan virus. It infected my computer, and then my computer started having ad pop-ups in internet explorer. I've run Norton Anti-Virus, XoftSpySE, As-Aware SE Personal, Spy Bot Search and Destroy, Trojan-Revover, and a Stinger to try to remove it. Most of the malware removal tools don't show any more infected files, however, XoftSpy still shows that I have two infected files in the registry (Vundo Trojans "Severe Risk" registry keys. I haven't experienced pop-ups lately, but it's only been just a few minutes to hours. So, I don't know if I got the virus or not. Could you tell if I have deleted the virus ... and what I should do if I haven't deleted it?Logfile of HijackThis v1.99.1Scan saved at 11:31:23 AM, on 6/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msc... Read more

A:System Infected With Vundo Trojan

Welcome to the BleepingComputer HijackThis Logs and Analysis forum rileyg25 My name is Richie and i'll be helping you to fix your problems.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.***********************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

2 more replies
Answer Match 49.98%

I've run spysweeper, and I've run the symantec Trojan.vundo removal tool, neither got rid of it. I keep getting the Virus alert, but when i run the removal tool, it says it can't find the virus.

here is my log file. any help is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:59:21 AM, on 19/10/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksy... Read more

A:MY system has been infected by Trojan.Vundo. Please help

Have you run the new version of symantec Fix.Vundo ver 1.3.1 dated Oct 13,2005.
http://sarc.com/avcenter/venc/data/trojan.vundo.removal.tool.html

Good Luck, Ken
 

3 more replies
Answer Match 49.98%

The person that uses this computer told me this started right after she ran a full scan using MS Security Essentials. She also admitted to trying to open a file attached to one of those "UPS package undeliverable" notices, earlier that day. 
 
The operating system is XP. I am unable to see any folders on the C drive from windows explorer. The all programs menu is empty even when logged in in safe mode as administrator.
 
Again in safemode I ran CMD and opened malwarebytes from the command line. It failed during the update.
 
When I tried to run DDS to to get a scan it locked up after the status bar indicated it was about 3/4 complete. After waiting about 15 min. I tried to close DDS, open the task manager, then tried to shut the computer down normally. All failed. I had to do a hardware reboot.
 
I am at a loss as to how to get a log file to work with.
 
Terry

A:Infected with System Restore Trojan

Ack!! Just realized I wrote 'System Restore' in the title. It should have said 'System Repair'. Sorry for the confusion. I don't see anyway to edit the topic title.
 
Update: I have been able to gain access to the folders on c drive by changing my folder view settings. Apparently all the folders on the drive have been hidden. Also manually updated MalwareBytes, and ran it. Will try DDS again once it completes.
 
Terry

45 more replies
Answer Match 49.98%

My computer has become infected with the Virtumonde Trojan. I have tried several anti spyware programs and they keep re-detecting it.Here is a list of them:1. PC Tools Spyware Doctor2. Zone Alarm3. Spybot4. Ad-awareI have also used several free tools available such as Combofix and SmitfraudFix and still no results. I have attached a recent RSIT Hijack log.Thanks.Logfile of random's system information tool 1.05 (written by random/random)Run by ulises at 2008-12-19 10:56:28Microsoft Windows XP Professional Service Pack 3System drive C: has 54 GB (38%) free of 143 GBTotal RAM: 3325 MB (75% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:56:41 AM, on 12/19/08Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\Program Files\Lavasoft\Ad-Aware\aawse... Read more

A:Trojan Virtumonde has infected my system.

Hello ulyvWelcome to BleepingComputer ========================If you are still in need of assistance please post a new Hijackthis log.

13 more replies
Answer Match 49.98%

I'm not entirley sure what the problem is - but I'm convinced there's something wrong with my PCThe other week the system repair xp trojan installed itself onto my PC, but by following instructions from here I seemed to get rid of it.According to scanners such as Maleware Bytes, Spybot, SUPERAntiSpyware, & Virgin Media Security I have now no malicious files on my PC (Just Spyware Cookies)Yet I keep encounting problems, such as: Before I turned on my monitor to find Outlook Express had composed 84 e-mail's to Virgin Media's fraud scamming dept. (This does seem to coincide with a Virus Scan by Virgin software)Internet Explorer will crash while I'm in the middle of something (Like writing this post )I had a My Heritage Add-on for IE, which seems to have completley disappearedEverytime I restart IE goes back to default settingsThe other day I tried to run a scan with Virgin Media, which terminated itself. The same happened with MalWare BytesAlso I could be using a program & it will suddenly disappear with no error message given.
Sometimes the program magically reappears hours laterMy Internet connection will randomly go off as well - but I'm not sure if this connected to this problemDoes it sound like I'm infected with something? Or I just have a tempermental PC?

A:Am I Still infected with System Repair trojan?

Hello, Lets do these and see how it is.First change your Email password.Your HOSTS file may be infected. Reset the HOSTS fileAs this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system. Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?To reset the hosts file automatically,go HERE click the button. Then just follow the prompts in the Fix it wizard.ORClick Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as ... Read more

13 more replies
Answer Match 49.98%

I've been getting a System Error pop-up that reads:Your computer was infected by an unknown Trojan. It's dangerous for your system (critical files can be lost)! Click ok to download the antispyware program to clean your system. (Recommended) There was an icon on my taskbar that looked like the windows update icon and when I clicked on it I was taken to a site for Virus Heal. The icon is gone but I'm still getting this pop-up continually. I have AT&T Anti virus Suite which includes antispyware, and a firewall. I've downloaded and ran all of the programs listed on the page concerning what to do before you post a Hijackthis log. I'm going insane, PLEASE HELP. Thank you Madec68. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:58:37 PM, on 1/31/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\ZoneLabs\vsmon.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINNT\system32\cisvc.exeC:\Program Files\Co... Read more

A:Infected With A Trojan? System Error Pop-up

Hello and Welcome to Bleeping Computer.

I'm EnigmaChick and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions.

20 more replies
Answer Match 49.98%

My system is infected with VBstat-c trojan eventhough I had Avast up and running. I have attached the hijackthis log. Please guide what to do from here onwards.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:54:14 PM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Athan\Athan.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Docume... Read more

More replies
Answer Match 49.98%

Gotta another sick system I am needing help with. getting the pop up "Your system was infected by dangerous trojan Note: your critical files can be lost....." when i try to click on anything and have to click th epop up off before what i want comes up. Here are the requested logs attached to the post.

A:Your System Was Infected By Dangerous Trojan

Hello Hasledash, Gotta another sick system I am needing help withI see you posted on Apr 4 with a computer problem on another comptuer. Are you a company's IT department or computer shop?

5 more replies
Answer Match 49.98%

Hi people,

Please assist me in unboxing my systems potential threats.

My antivirus program (Avira Personal) noticed a trojan called TR/Crypt.XPACK.Gen and something called TR/Dialer.2866E41B

On second runthrough with Avira, everything is ok.

I have followed your forum rules with dds.scr and gmer, but since I am running Windows 7 RC (I know it is not final and therefore a security risk) dds.scr won't run and the program doesn't have any compatibility mode.

But gmer ran without a problem. I have attached the ark.txt as a zip file.

Thank you all in advance
Philip

A:May have infected system with trojan and malware

Hi guys,

Are you able to look into my problem?

3 more replies
Answer Match 49.98%

I Have windows Vista. I downloaded an infected file via Limewire. I know where the file is located but can't delete it as it tells me the file is already in use. I downloaded Symantec's removal tool but it says no threat was found. Norton detects it but says it can't remove it.
Any help much appreciated?
PS - I am a novice so apologies if I appear a bit ignorant!

A:Trojan.brisv.A!inf. Can't delete infected file

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 49.98%

Hi, help needed with possible infection of NDIS.sys file. The pc got infected with a fake Protection Center 2008 application but I have managed to remove it. I ran malwarebytes, avg 9.0, spybot, hitman Pro and Trojan remover. AVG 9 is warning of infections of Trojan Horse Generic17.bkcs and Trojan Horse SpamTool.FYS but is unable to remove them. Malwarebytes detected infections and cleared them, it is now running clean. Hitman Pro and Trojan remover are both clear now but did find errors initially. I have noticed that my internet connection is always active with as much data going in as out. Please Help DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 13:17:27.82 on 15/06/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.88 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEsvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS&... Read more

A:NDIS.sys file may be infected by trojan horse

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 49.98%

My computer has been infected with the backdoor trojan. AVG virus scan found over 110,000 infected files. Unfortunately, the files continuously replicate themselves.

Below is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:52:10 PM, on 11/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor... Read more

A:Solved: Infected with Backdoor Trojan - HJT log file

13 more replies
Answer Match 49.56%

I have something hidding in my system I have windows xp i was using avg free edition. I tried using dr web and my computer would just shut down. Same if i would try to run norman antimalware.Also i have to reboot my computer to get my internet to work i cant repair the connection. Here are my logs thanks for yor help. I ran combo fix it said system file infected regedit exe. Thanks

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 11:24:56.90 on Sat 02/12/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.751.373 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\Po... Read more

A:system file infected.. Regedit exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Answer Match 49.56%

While I was at work on my computer (I was in the middle of reading a blog-post on a well enough respected website) it suddenly rebooted. During startup I got a message (from Anvir Task Manager) that a new startup item was found:

net.net, in C:\Windows\System32
name: net
company: privat

I blocked and deleted this item (from the startup list), after making sure it wasn't a normal system file. However, during this, my AVG gave the following Resident Shield alert:

File:
C:\WINDOWS\System32\drivers\pciide.sys

Infection:
Virus identified Win32/Patched.DP

Result:
Object is white-listed (critical/system file that should not be removed)

(Process name: C:\WINDOWS\System32\dumprep.exe)

I decided to scan my Windows folder in full (using AVG), just to be sure, and got 2 infections:

C:\WINDOWS\System32\drivers\pciide.sys
Virus identified Win32/Patched.DP
(White-listed)

C:WINDOWS\System32\net.net
Torjan Horse Clicker.AFJE
Moved to Virus Vault

I would very much appreciate any help or insight in getting rid of this infection.

A:Infected System file (pciide.sys)

I have the EXACT same problem, EXACTLY!

happened about an hour ago.

Except, I went to a website, java strangely started loading, I opened task manager: closed java: computer restarted by itself.

Next thing I know, AVG is reporting the above infected file.

Please help us!!!

2 more replies
Answer Match 49.56%

I have the latest Norton anti-virus system and Spy Sweeper both updated but I still cannot remove the infection as they do not detect it. Google does not work neither does Bing.com when I open CMD and ping google.com it gives me the address " 89.248.168.186 for both Bing and Google.DDS (Ver_09-12-01.01) - NTFSx86 Run by User at 11:00:31.17 on Sun 02/14/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.521 [GMT -8:00]AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: System Defender *On-access scanning enabled* (Updated) {100E89D2-642F-43D0-946C-3595230B5CCC}FW: Webroot AntiVirus with Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}FW: System Defender *enabled* {DF3DFAFF-C9DB-4E0C-AAB6-BDD72EF3C55D}FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:... Read more

A:Hosts System file infected?

Hi sofiano,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Removal InstructionsI do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them ca... Read more

2 more replies
Answer Match 49.56%

Hello everyone. I was wondering if I should move all these files to quarantine as suggestion by Avira?

This is the list of the file that are infected:
svchost.exe
nvvsvc.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
taskeng.exe
nvxdsync.exe
nvvsvc.exe
svchost.exe
taskhost.exe
taskeng.exe
Dwm.exe
GooglePinyinDaemon.exe
EXPLORER.exe
GooglePinyinService.exe
mDNSResponder.exe
nvstreamsvc.exe
oodag.exe
conhost.exe
svchost.exe
RAVCpl64.exe
WILDSVC.exe
unsecapp.exe
wmiprvse.exe
wininit.exe
winlogon.exe
services.exe
Isass.exe

I don't know why there are multiples svchost.exe listed. There are all from C:\Windows\system32\svchost.exe.
So what is happening? Any suggestion what should I do?

A:System File infected with TR/BProtector.Gen

Bump.

9 more replies
Answer Match 49.56%

A virus has infected system32.exe, which isnt suprising with how much crap i download, Norton2003 picked it up and said it could not be accesed for repair, and since its a system file, I'm not gonna screw with it. I have Hijack, which i heard was supposed to fix this sort of stuff, heres my log
Logfile of HijackThis v1.96.0
Scan saved at 10:57:45 PM, on 8/3/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\System32.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\G6 FTP Server\G6FTPSrv.exe
C:\Program Files\FlashFXP\FlashFXP.exe
C:\Excursion9.4\Excursion9.4.exe
C:\Program Files\Kazaa Lite K++\Kazaa.kpp
C:\WINDOWS\Sys... Read more

A:Virus Infected System File

6 more replies
Answer Match 49.56%

Hello,

Recently, my computer had a bunch of malware installed on it, such as System Defender, Windows Protection Suite, etc. I ran a combination of MalwareBytes, Spybot, AdAware, and TrendMicro Housecall scans and I thought I got rid of it. I was a bit skeptical though because whenever I went to google.com, it would redirect me to google.nl.

Sure enough, a few days later, the spyware came back. I tried running HiJackThis, and got an error message about my system denying write access to my Hosts file. I have Windows XP and it told me to basically edit it with notepad. My Hosts file has a bunch of links on it, as seen below. I tried to delete them but it would not let me save. I repeated the scans and I think I got rid of all the malware now, but I still have trouble repairing the Hosts file. Spybot also tried to fix my Hosts file, but it too was denied write access. I heard about HostsXpert software, but it too had trouble. Can anyone help me clean the Hosts file?

Thanks.

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the ma... Read more

A:Hosts System File Infected

Hi zcooler,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.I see the issue with the hosts file. But I need more formation to make sure we will have a clean computer after taking care of the hosts file.Please go through Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools, Instructions for receiving help in cleaning your computer and provide both DDS logs along with the RootRepeal log.

23 more replies
Answer Match 49.56%

Hi,

I am having major problems with my computer!
I have an Icon in my system tray that has a pop up window saying 'Critical System Error' - When I click the ballon it takes me to software down loads!
Whwn I use IE I get load and loads of pop ups, and self installing files. My computer is running very slowly also!

I have run Norton Antivirus and Spybot Search & Destroy, removed all nasty files etc - but I am still getting the same problems.

My Hijackthis log is pastes below:

Logfile of HijackThis v1.99.1
Scan saved at 17:38:34, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\cc... Read more

A:'Critical System Errors' Ballon/Icon in System Tray - Browser Pop Ups etc!!

have had this many times, if possible try to ignore it till u get a response from security tech,there are many suggestions on web, best way i have found before i knew how to remove it was to open task manager when the programe was open as in the large sign u get saying your computer is infected etcetc to see the process then identify which process it is by closing all others right click on the process in task manager and click jump to process,it will highlight then click end process
 

1 more replies
Answer Match 49.14%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:20 PM, on 1/18/2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\smss32.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\IS15.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\... Read more

A:Trojan SPM/LX - Your System is Infected - Other Trojans/Malware

I am getting pop ups - i believe from many different malware - internet security 2010 - your system is infected - and trojan spm/lx - and i can't run smitfraudfix.cmd

please help!!
 

1 more replies
Answer Match 49.14%

Hello I'm new to this forum and was hoping to get some help regarding my problem.
 
So for about two weeks now I've been getting constant notifications from Norton Security Suite that it has blocked System Infected: Trojan.Zbot Activity 15, saying on the Alert Summary that an intrusion attempt by C71585.com was blocked. I've tried using a few programs making sure they're all up to date to stop the constant notifications but none of them get the job done. I'd estimate that it would tell me at least 5 times a day that it has blocked Trojan.Zbot Activity 15. 
 
Here's a list of the programs I used: 
Norton Power Eraser
Norton FixNecurs64bit.exe removal tool
Malwarebytes Anti-Malware
adwarecleaner
SUPERAntispyware 
 
I appreciate any help, thank you. 
 
 

A:System Infected: Trojan.Zbot Activity 15

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

10 more replies
Answer Match 49.14%

I am getting a windows db:

Your system was infected by zlob trojan.
It's very dangerous for your system (critical data can be lost)!

Click OK to download the antimalware application to clean your hard disk! (Recommended)

When I click OK, it tries to download setup.exe from 89.149.227.195 which of course I did NOT download.

How can I stop this popup from popping up?
I am using Windows 2000, IE 6.0.2800.1106 SP1. The pop up is only popping up in IE.

Thanks in advance!!!
~Rich

A:Your System Was Infected By Zlob Trojan Message

Welcome to BC mygameparts.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the... Read more

1 more replies
Answer Match 49.14%

The Run, Task Manager and Control Panel are hidden. The system shows virus alert. I have AVG 7 but it does'nt help. It has even stopped my broadband connection. I cannot format my whole system. It has valuable information. Please help.

A:My system is infected with a trojan. It has hidden c & d drives. ?

AVG causes as many problems in win 7 as it solves.

Boot safe mode with networking and install and run this
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
It's definitely malware with the behavior you are describing though
you may also need the .exe fix from here.
Default File Type Associations - Restore

after it's been cleaned out, or possibly even to get malwarebytes up and running.

3 more replies
Answer Match 49.14%

Hello Friendly Computer Forum Helpers,First of all let me start off by thanking anyone who takes the time to read this post and offer assistance. The world needs more caring and helpful people like you! =)Ugh, sooo... viruses. What to say about em... they suck and I have one. That pretty much equals a wasted weekend amirite? @[email protected] started off with a possessed wallpaper that read "YOUR SYSTEM IS INFECTED", Taskmanager wasn't allowed to be opened and in my system icon tray (bottom right corner place) I had a red circle with a white X in the middle that kept prompting me to download some virus software. Also my ESET NOD 32 AV kept telling me some program on my cpu was trying to access weirdo websites. So, I disconnected from the internet and ran alot of virus scans and now here I am asking for experts. At this point in time I keep getting pop-ups with a titlebar like so: RUNDLL and the text reads: "Error Loading: C:\DOCUME~1\JUSTIN~1\ntuser.dll" a similar one says: "Error Loading:C:\WINDOWS\system32\calc.dll"I read quite a few other posts on Bleeping Computer and noticed that Blade Zephon was asking posters to try and run a program called DDS, which shows up as dds.scr on my desktop. However when I try to run it a .txt file pops up saying.... "This program cannot be run in DOS mode."So, without further of my boring typing here is the standard Hijackthis log Im sure everyone is so tired of looking a... Read more

A:Trojan Virus =( "Your System is Infected" Background

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

4 more replies
Answer Match 49.14%

Good Morning, my computer is infected with Antivirus System Pro and the Troajn Vundo, a Trojan Dwonloader and a generic trojan. I have been attempting to run the DDS tool and it seemed to download and scan but when complete the two windows never pop up showing the results for me to save to desktop. I've run the Rootrepael and it's worked fine, am not sure if there are any scripts that needed disabling for the DDS tool but it did run with a blank screen, when seemed to be finished there was the cursor and a semi-colon and thats all.

Lots more to tell bout computer like not being able to start safe mode,redirecting, oh and i do have spyware doctor installed but doesn't seem to rid itself of this nasty virus....HELP!!!!!!! thanks

A:Infected with Antivirus System Pro / Trojan Vundo

Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

2 more replies
Answer Match 49.14%

Hi,
Last week my desktop screen became all green with a box in the middle displaying the following message:

"Your system is infected! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spy ware removal tool to prevent data loss. Do not use the computer before all spy ware removed"

I am running XP, have cable internet and use McAfee as antivirus. McAfee is up to date but when I run a full scan it doesn't find anything abnormal. I read some of the threads related to the same topics and tried a few things (MBAM for example) but can't seem to get rid of the spyware. Once in a while a window will appear saying that I need to "Click OK to download official intrusion detection system IDS software". I fear it's fake so I just close the window every time instead of clicking OK. I hope you can help me fix this problem as you have helped other users in other threads.

A:"Your system is infected" message. Possible Vundo Trojan?

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan... Read more

13 more replies
Answer Match 49.14%

BitDefender has been going pretty crazy with this trojan, searched around and couldn't find much on this, tried a few methods clearing out temp files in safe mode etc nothing has worked, not quite sure which reg it is, but it keeps getting random processes to try to use i it, so far one exe used by bad company 2, setpointII the logitech software and even explorer.exe.

I hope someone can help me with this issue, thanks in advance.
heres my hijack this log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 03:40:30, on 03/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\EXPERTool\TBPANEL.exe
C:\Program Files\ASUS Xonar D2 Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Windows\Twain_32\CA561A\SnapDetect.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start ... Read more

More replies
Answer Match 49.14%

this is a copy of HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:17, on 05/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmona.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandad... Read more

A:Solved: sillydl djm/trojan has infected my system please help!

16 more replies
Answer Match 49.14%

I have avast anti virus, keeps going off telling me I have a virus, windows are popping up trying to download things.

My computer said it was too dangerous to boot up normally so it took me to a blue screen to try to fix things but it's still happening.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:38 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\sys... Read more

A:Trojan: yayxxyom.dll"file - windows infected

Hi, this thing is gadcom.exe - please help, it's taken over my computer. I had to sign on to AOL to even be able to get to this forum. It's shutting down avast and hijacking my browser and I can't be on the web trying to fix it for very long or it does all sorts of crazy stuff.

Help. Thanks.
 

1 more replies
Answer Match 49.14%

I am using windows 2000 and one of my file is infected with trojan.startpage. I've tried to repair or quarrentine the file using norton anti-virus but still cannot. Can anyone pls help me!

Regards
 

A:Trojan.startpage virus infected my ctrlpan.dll file

6 more replies
Answer Match 49.14%

i ran house call and i found a Backdoor Cabrotor trojan in _RESTORE folder "C:\_RESTORE\TEMP\A0014907.CPY." i cant delete it. And how come Pc-cillin didnt find it on weekly scanning. well im more worried about getting rid of this thing. i dont want ppl going into mah comp. plz help.
thnx to ne replies.
 

A:trojan infected file in _RESTORE folder cant be deleted

6 more replies
Answer Match 49.14%

a coworkers laptop download error cleaner and now gets all these popups every 30 seconds that say system alert or critical system warning, she has a flashing red x

thanks
any help would be appreciated Hijack this attached


Logfile of HijackThis v1.99.1
Scan saved at 12:53:12 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe... Read more

A:Solved: system alert/critical system warning popups

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter". A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

3 more replies
Answer Match 49.14%

I ran Malwarebytes several times and always get two infections. One is Trojan.TDSS with the Catagory: Memory Module and Items: \\?\globalroot\systemroot\system32\SKYNETnpoysrwi.dll. The other is Trojan.TDSS with the Catagory: File and Items: \\?\globalroot\systemroot\system32\SKYNETnpoysrwi.dll. I make sure they are checked, remove them, restart as prompted, rescan and get the same result. I have repeated this process several times. I tried another method from another site of getting rid of these by disabling the driver in the device manager and running "Avenger" to delete the driver and then I believe reinstall it. It is currently still disabled and the icon has an exclamation on it. I hope this helps you. Thanks.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Mr. Amazo at 11:04:21.00 on Sun 06/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.253 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svc... Read more

A:Infected with Trojan.TDSS Memory Module and Trojan.TDSS File

Reformated drive, so no reply is neccessary. However it would be nice to know what is required for this fix. Thanks.

2 more replies
Answer Match 49.14%

I recently scanned my computer with avira and it found a Virus or unwanted program 'HEUR/Crypted [heuristic]'C:\System Volume Information\_restore{366ACCCA-8E38-4175-BFC4-C350AF333059}\RP116\A0035363.exe.
Need help please...

A:infected file in system restore folder

The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after RP represents a sequential number automatically assigned by the operating system. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:Restore Point ForensicsForensic Analysis of System Restore Points in Microsoft Windows XPSystem Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See What's Restored when using System Restore and What's Not.The SVI folder is protected by permissions that only allow the system to have access and is hidden by default on the root of every drive, partition or volume including most external drives, and some USB flash drives. For more detailed information, read System Restore Overview and How it works and How antivirus software and System Restor... Read more

3 more replies
Answer Match 49.14%

Good Evening,

I've found a thread here that mirrors my problem, but I believe per your rules, I am right in starting a new thread. Please correct me if I'm wrong.

About my computer:

Platform: Windows 2000 NT (current on updates)
MSIE: Internet Explorer v6.00 (current on updates)
Anti-Virus Prevention Programs:
-McAfee VirusScan9.0
-McAfee Firewall Plus6.0
-McAfee Stinger
(Always check updates before running full scans 2-3 times a week)

I have the same problems as explained in this thread (http://forums.techguy.org/showthread.php?t=374649). Per the suggestion of a Rep at McAfee Online forums, I've already tried to rename the infected wininet.dll file and replace it with a clean wininet.dll file, but my pc will not allow me to rename or copy/paste over the infected wininet.dll file. I've tried to do this in both regular and safe modes. As of this morning, a new McAfee alert indicated there is another infected file: oleadm32.dll.

So I'm pretty much stumped. I see you suggested running some programs on another thread about this, but I'm reluctant to try anything more sophisticated because, silly me, don't have a rescue or boot disk on hand. I'm wondering if I can create one at work. We're networked and I believe the platform is the same as mine, Win2000 NT. Would this work?

Your feedback would be greatly appreciated. I've been battling this for the last few days as this virus is fairly new to McAfee Support.

Thank you in ad... Read more

A:W32/Alemod.dll Has Infected Wininet.dll System File

9 more replies
Answer Match 48.72%

Hi, i have no idea what's goin on with my computer. I came home and I see a new icon on the system tray. I'm not the only one that uses this computer so it could be something someone downloaded. It's flashing with an exclamation mark and and balloon that says that I have critical system errors. Here is my HJT Log...

Logfile of HijackThis v1.99.1
Scan saved at 11:54:13 PM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:... Read more

A:critical system error popups from system tray

You do have Smitfraud so we need to do the following:

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report ... Read more

3 more replies
Answer Match 48.72%

Like some others on this forum, I have an icon in my system tray that keeps alternating between a yellow triangle and a land mine icon. Periodically a pop up appears "Critical System Errors" that is attempting to send me to some website for Spyware removal software. I run SpySweeper and MacAfee and have completed scans with both of those products but the icon remains. Here is my HiJack This log. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:42:30 PM, on 12/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\HP\HP Software Update\HPWuS... Read more

A:Critical System Errors Icon in System Tray

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may... Read more

3 more replies
Answer Match 48.72%

My parents computer motherboard went out on them and since their budget is limited right now they opted to go with a computer they had in storage for the last 2 years. I hooked up the computer and started doing updates to it and then installed malwarebytes and it found a few problems when it did the intial quick scan. I also installed superantispyware and it found some other issues as well such as Rootkit.TDSServ-Trace. I ran the scans and cleaned them out as best I could and now I turn to this website for help to help me clean out this pc so it will be safe for them to use.

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Kevin at 22:08:06 on 2012-02-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.341 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\SYSTEM32\acs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\... Read more

A:Infected system trojan agent and TDSServ-Trace

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

14 more replies
Answer Match 48.72%

Hi,

My system is infected with trojan Trojan.ASPX.JS.Win32.
I am getting pop messages : "Uncertified MSC Software detected on your Computer. Need to remove MSC software for correct operation of the defense center.."

Whenever I start my computer I can see fake Windows security center page showing all Firewalls settings Off.
It is pointing me to some unidentified website.
I can also see the pop up with the Trojan name.
I have seen similar incidents on this forum where with your help people are successful in removing this virus, So I am really hopeful I will definitely get some help here and I can recover my system.

Laptop OS : Windows Vista Basic.
Laptop Model : Dell Inspiron
Antivirus: McAfee

I was executing the pre-post instructions mentioned on the website. I was successful creating
DDS.txt
Attach.txt

Then I executed GMER and it never gave me the warning as mentioned: "warning about rootkit activity"
Then it generated logs and while I was saving it as ark.txt system suddenly crashed giving blue screen error.
Then it asked me to start in safe mode.
I can not capture the error screen shot but I have noted the details as below:


Problem Signature

Problem Even Name: Blue Screen
OS Version : 6.0.60001.2.1.0..768.2
Locale ID 16393

BC Code f4
BCP1 0000003
BCP2 893DFD90
BCP3 893DFEDC
BCP4 820425D0
OS version 6_0_6001
Service Pack 1_0
Product 768_1

The FIiles that will help to find the details ( not exact s... Read more

A:System infected with Trojan rojan.ASPX.JS.Win32

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


1. Rerun DDS and post both DDS.txt and Attach.txt Logs in your next post/reply.

2. Delete GMER.exe off of your computer, then do the following:


Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Mal... Read more

3 more replies
Answer Match 48.72%

Hi, I am in need of some help to get this mess off my computer. I clicked a link on Facebook and I believe that is responsible for this mess I am in. My computer runs very, very slow now. Sometimes I have to click on something three times before it will actually do something. When I scroll the page it is very jumpy and sometimes wont scroll at all. It also freezes up while typing and then will unfreeze and finish out what I typed (if that makes sense). I was using Avira and it has found nothing. I downloaded a trial version of Kaspersky and it has found nothing. I then downloaded Spy Sweeper and it found Trojan Download.Ruins and 29 other malware infections that it didnt name. BUT it would not remove then without paying $50. I later ran Trendmicro Housecall and it claimed to have removed it but my system is still whacky and acting the same way.

My OS is Windows Vista (SP1), I mainly run Firefox - currently I am running the free trial version of Kaspersy Anitvirus

Please help me get rid of this!!

A:Trojan Downloader and ohter malware have infected my system!

Welcome to BCSome types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs ta... Read more

11 more replies
Answer Match 48.72%

Good Sunday Afternoon,

I am so happy to have stumbled upon this site as I was searching for alternative methods of contacting Super Anti Spyware Tech Support for help. Unfortunately, I am unable to contact their tech-support, nor can I access any type of updates. It appears that last weekend while spending time with my parents and having a cook out with them and my neighbors, my neighbors son who is 14 asked to check his myspace, which I did not mind, Later that evening I noticed three icons on my desktop nudetube, pornotube and youporn. Upon opening Safari I noticed that in my top favorites that a web site had been added entitled "big boob fiesta" (I think). After deleting the desk top icons and this web site and then restarting my computer I have had nothing but problems.

First I was unable to start my computer, as windows was starting up a blue screen would populate with some type of message but was only their for a second before the whole thing turned itself off and then started all over again. I then tried starting in Safe Mode and then Safe Mode with networking with the same conclusions. Finally I was able to start up using the last known good configuration but am and have been receiving numerous error messages. These include, but are not limited to due to the fact that I have not been writing all of them down, a RootKit.Win32.Agent.pp error message; Svchost.exe; Svchust.exe; Bravia.exe; alg.exe; explorer.exe; MCI Command handling window:explorer.exe; Co... Read more

A:Severely Infected System: Spyware/Trojan/Malware?

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next rep... Read more

9 more replies
Answer Match 48.72%

Hi I am first time on this and also to this kind of helping method .. I did see one of the mods helping out another person having a similar problem as mine ...I found that helping person (Elise) very good very patient and I think she also solved the issue ...the best part i liked was she also advised a lot of things which i think will help maintain my computer in a better way... so i thought i will also try out my problem ... I have been using a laptop with celeron processor ( well i do have a desktop with better config.) ...and recently everythng became very slow ..I mean Google Chrome and my internet ... and then suddenly today morning i get a pop-up message saying my computer's been affected with TR/Rootkit.gen Trojan by Avira Anti-virus .. I tried removing it and it says it sent the file to quarantine ... and asked me to restart the system ... whn i tried restarting the system it did not restart and was jus going back to the booting up from the start ....So i used F8 button and opened the windows using the last good config and it opened very fine .. but the moment windows loaded completely my anti-virus again gave me the msg saying MY computer is infected by the rootkit trojan ...Now everytime i need to restart my system i have to go back to the F8 mode and use the LAST GOOD CONFIG to open windows...I am also not been able to open windows in the Safe mode .....I need help to remove that damn trojan and also want to know whthr thr was any backdoor activity .. coz i u... Read more

A:NEED URGENT HELP PLS!!!! Infected by Rootkit trojan .. system in a very bad condition..

Hello, sab2010Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.If you do not make a reply in 5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit... Read more

16 more replies