Tech Problem Aggregator

Generic Dropper.cx Generic Downloader.x

Q: Generic Dropper.cx Generic Downloader.x

McAfee installed on computer but was "complaining" that the computer wasn't protected but when clicking fix - nothing changed. Finally tonight was able to get the updates and now it says machine is protected and it quarantined:

Generic Dropper.cx, Generic Downloader.x.

I can see from the logs that on 1/25 it supposedly removed Generic.dx. Obviously, this machine still had a problem so I ran dds and mbam - although in reverse meaning ran mbam first. Logs below. Perhaps MBam has fully resolved but I'd like an expert to confirm. Thank you.
*****************************************************************
Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 6.0.6000

2/6/2009 8:39:56 PM
mbam-log-2009-02-06 (20-39-56).txt

Scan type: Quick Scan
Objects scanned: 51894
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\barb\AppData\Local\Temp\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\barb\AppData\Local\Temp\~tmpm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\barb\AppData\Local\Temp\~tmpo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
************************************************
DDS (Ver_09-02-01.01) - NTFSx86
Run by barb at 20:49:28.58 on Fri 02/06/2009
Internet Explorer: 7.0.6000.16764
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2038.624 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\aol\1189699527\ee\aolsoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcqcoms.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\barb\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [HostManager] c:\program files\common files\aol\1189699527\ee\AOLSoftware.exe
mRun: [DLCQCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCQtime.dll,[email protected]
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\barb\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\users\barb\appdata\roaming\micros~1\windows\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5478/mcfscan.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\barb\appdata\roaming\mozilla\firefox\profiles\bu29myod.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-3 24652]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-6 38496]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-22 33752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-10 29744]

=============== Created Last 30 ================

2009-02-06 20:23 <DIR> --d----- c:\users\barb\appdata\roaming\Malwarebytes
2009-02-06 20:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-06 20:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 20:23 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-06 20:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 20:23 <DIR> --d----- c:\progra~2\Malwarebytes
2009-01-14 19:48 290,304 a------- c:\windows\system32\drivers\srv.sys

==================== Find3M ====================

2008-12-28 15:13 1,652 a------- c:\users\barb\appdata\roaming\wklnhst.dat
2008-12-13 03:16 174 a--sh--- c:\program files\desktop.ini
2008-11-28 20:25 86,016 a------- c:\windows\inf\infstrng.dat
2008-11-28 20:25 86,016 a------- c:\windows\inf\infstor.dat
2008-11-28 20:25 51,200 a------- c:\windows\inf\infpub.dat
2008-06-11 02:10 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-26 14:25 60,968 a------- c:\users\barb\GoToAssistDownloadHelper.exe
2007-11-02 19:19 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-09 10:29 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-09 10:29 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-09 10:29 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-01-26 15:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-01-26 15:09 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-01-26 15:09 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-06-11 07:16 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:51:40.99 ===============

A: Generic Dropper.cx Generic Downloader.x

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

2 more replies
Answer Match 84.6%

First off, I'd like to thank everyone who contributes to this forum. I just found it and I've already learned a lot from the stickies and other posts. I really appreciate the time put into it.

Now, I have a problem I was hoping to get some help with. I'm running Windows XP and for the past week my McAfee SecurityCenter has been reporting a lot of trojans/viruses/PUPs that have been removed or quarantined or that could not be repaired. Since this has happened, I've noticed my computer (especially web applications) running incredibly slowly from time to time for no obvious reason. I've also occasionally been redirected from websites that I frequent to websites I've never been to.

Below I've included a list of the items detected by McAfee and the actions it took (minus duplications) and a current HijackThis log. Any help would be appreciated, thanks.

Generic Dropper (quarantined)
Generic.dx (quarantined)
Generic Downloader (quarantined)
Generic.dx (removed)
Generic Dropper (removed)
Adware-PurityScan (cannot be repaired)
Downloader-BCF (removed)
Adware-ISM (removed)
Adware-BHO.gen.c (cannot be repaired)
Generic Pup.d (removed)
W32/Sdbot.worm (quarantined)
FakeAlert-AB!htm (removed)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:24 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winl... Read more

More replies
Answer Match 102.9%

Hello, my husband's computer seemed to contract quite a few trojans lately according to AVG free. I tried to use it to get rid of them, but I just wanted to check if it had done the job and if there is anything still lingering. Also I would like to prevent thhese infections happening again, as it seems a bit weird to me to have 5 different trojans at once. Can anyone say how the following trojans managed to download?

In temp folder: trojan horse generic 14.ABXY & trojan horse SHeur2.APYR

In system volume information _restore: trojan horse Downloader Generic 8.BJPU & another 14.ABXY

In temp internet files: trojan horse generic 13.BUBK

Thanks a lot for your time and please let me know if you need anymore info!! I appreciate it

DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gerard Sabapathy at 21:40:44.50 on 25/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.319.64 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin&... Read more

A:Trying to get rid of trojans generic 14.ABXY, SHeur2.APYR, Downloader Generic 8.BJPU

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 102.48%

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

2 more replies
Answer Match 101.22%

McAfee found those files and I wondering if they are slowing down my computer. I am also having problems removing programs and installing Microsoft security updates. When ever I try to remove certain programs I get a message that says, "This installation is forbidden by system policy. Contact your system administrator." My computer is a stand alone and I have admin privileges . Here is my log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:38 PM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicen... Read more

A:Help removing Generic!Artemis, MK Recorder, and Generic Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Answer Match 95.76%

About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more

A:generic.dx and generic downloader.dx Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

6 more replies
Answer Match 95.76%

Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?)

I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =(

If you could help me that would be great!!!! Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Fi... Read more

More replies
Answer Match 95.76%

I can't get rid of the the Generic Rootkit w. My virus software warning window keeps popping up saying the Trojan is detected even after I ran SDFix.

Generic Rootkit w
File: c\WINDOWS\system32|securetm.sys
Process: c:\Docume~1\Valerie\LOCALS~1|Temp|BNF6FD.tmp

Generic Downloader.x!i
File: c:\Documents & Settings\Valerie\Valerie.exe
Process: c:c:\Documents & Settings\Valerie\Valerie.exe
Thanks for your help,
Valerie
______________________________________

DDS (Ver_09-03-16.01) - NTFSx86
Run by Valerie at 9:30:34.68 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1283 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\V... Read more

A:Generic Rootkit w and Generic Downloader

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies
Answer Match 91.14%

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

2 more replies
Answer Match 88.62%

Downloaded AVG?.

Found:
Trojan horse Collected Z C:\Windows\toolbar.exe
Trojan horse Downloader.Generic.FCB C:\Windows\tool1exe

Updated AVG files?.

Found:
Trojan horse Downloader.Generic.ITN C:\Windows\loadnew.exe
Trojan horse PSW.Generic.DYD C:\Windows\kl.exe
Trojan horse Downloader.Generic.ITN C:\Windows\1sv22cb9.exe
Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.exe
Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.dll
Trojan horse PSW.Generic.DYD C:\Windows\ibm00002.dll
Trojan horse Startpage.UN C:\Windows\paytime.exe

I then Rebooted?..

AVG Boot-up Scanner (ver 7.1)
Detected a virus
C:\Winstall.exe spyware spytrooper.G
Recommend reboot and restart system from virus free diskette then use AVG Rescue Disk and remove the virus by healing.

Did this and it found nothing.
Ran AVG found nothing.

Still detects [C:\Winstall.exe spyware spytrooper.G] on boot-up


HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:05:23 AM, on 11/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FI... Read more

A:Downloader.Generic.FCB + PSW.Generic.DYD + others

just a bump

14 more replies
Answer Match 86.1%

There was a virus speading round the school computers where my mother worked. She later plugged a usb stick into our home computer which immediately became infected. :\ ... The symptoms are that when ever you stick a usb stick in,try remove it, update window,logg off, shut down, fix your regestry ,,, or change any system settings you get a bsod (blue screen of death) with a stop error.

And just so its clear the computer was fine before.
I later found out from the school technician that is is called "Generic dropper gi.gen"
And so after norton failed to find it i used spybot search and destroy,, and it found it but when i clicked remove....i got a blue screen of death.

what can i do, how do i remove it, am i doomed?
 

A:Generic dropper gi.gen

Welcome to TSG

Sorry for the delay


Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dss.scr to run the tool.

When done, DDS will open two (2) logs:

DDS.txt
Attach.txt

Save both reports to your desktop
In your next reply, please attach both logs. Thanks

===========================================================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, pleas... Read more

1 more replies
Answer Match 86.1%

My daughter downloaded of Limewire she scanned files before opening them but we are no infected with Dropper Generic FWKLogfile of Trend Micro HijackThis v2.0.2Scan saved at 21:37:50, on 13/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exee:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxctcoms.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\svchost.exeC:\... Read more

A:Dropper Generic Fw

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

1 more replies
Answer Match 86.1%

McAfee tells me I have generic dropper.au, it gets deleted but reappears each time I reboot. When I ran Panda Active Scan a bunch of new IE windows opened up (to places I had never been before) before it was all over. Main.txt is pasted below, extra.txt is attached;

Deckard's System Scanner v20071014.68
Run by Debby on 2008-03-24 06:42:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-03-24 11:42:51 UTC - RP1907 - Deckard's System Scanner Restore Point
75: 2008-03-24 02:17:16 UTC - RP1906 - Installed Java(TM) 6 Update 5
74: 2008-03-23 07:01:56 UTC - RP1905 - System Checkpoint
73: 2008-03-22 07:00:55 UTC - RP1904 - System Checkpoint
72: 2008-03-21 06:47:47 UTC - RP1903 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-22 09:16:18 UTC - RP1832 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-24 06:44:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.... Read more

A:generic dropper.au - won't go away

Missing attachment for original post is attached here

5 more replies
Answer Match 86.1%

ran avg and it says i have Trojan Dropper Generic fwkLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:39:33, on 19/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxctcoms.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Spyware Doctor\svcntaux.exeC:\Program Files\Spyware Doctor\swdsvc... Read more

A:Dropper Generic Fwk

Hello mog1673 Welcome to Bleeping Computer! Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to take a look at it for you. ===== I also need to see a different type of log from Hijackthis: Run Hijackthis.Click on "Open the Misc Tools section".Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file.Place the content of that file here in your next reply.Thanks, for your patience. Stelios

1 more replies
Answer Match 86.1%

I need help!!! I have a Trojan horse called Dropper. Generic. BR and I don't know how to get rid of it. I am running Windows XP PRO. Now I am also being told I have another Trojan called Trojan/CWS Combo. I don't know what the heck to do.
 

A:Dropper. Generic. BR

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en (XP and W2K only)

DL them (they are free), install them, check each for their
definition updates and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize
______________________________
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your C: Drive
This will take some time... Read more

1 more replies
Answer Match 86.1%

I'm running AVG Free Edition on a Compaq Presario desktop and on, it looks like, every single downloaded audio or video file, it detected Trojan horse Dropper.Generic.ELZ. (I mean, it just kept scrollin'...) I Googled it and found no matches at all. Anyone familiar with this?
RTG
 

A:Dropper.Generic.ELZ

11 more replies
Answer Match 86.1%

Hi Tech Guys

I had some warnings form mcafee in the last few days. one of them was about "generic dropper".
I use the newest firefox. fw: zonealarm, vs: mcafee.

thanks for helping me

here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:45, on 01.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Intel\AMT\atchksrv.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Intel\AMT\LMS.exe
C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Programme\McAfee\Common Framework\FrameworkService.exe
C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr... Read more

More replies
Answer Match 86.1%

Thanks in advance? I appreciate that you?re here to help!!

OS: Windows XP-pro SP2 on a Dell GX-620
Whatever "infections" I have, besides causing the typical website redirection, have disabled the ability to System Restore and to run some programs including your recommended scanner GMER as well as Spybot (double click, but program does not start). When trying Ad-Aware (now un-installed), it scanned very slowly and eventually identified some problems, but without being able to take action. Also, my security programs are not able to update definitions, though the network connection is fine (I can access an email server for instance). This includes Ad-Aware, Spybot, McAfee and Windows Defender.
At the first sign of a problem (when the notification message appeared about my Security Center features being disabled) I scanned with McAfee Anti-Virus (Enterprise edition? yes, an old program that updates definitions daily) and found?

- Temp\winloggn.exe (Generic Dropper.bu) and
- infected system volume information Generic.dx (C:\System Volume Information\ restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1173\A0135946.dll).

I?m not sure if it actually cleaned or quarantined properly, but at this point I?m very hesitant to continue much activity, particularly since I got some very ?weird? reactions to my navigating with Explore. I?m hoping there?s nothing destructive associated with this bug(s).
Oddly? my hard drive constantly runs with... Read more

A:Generic Dropper.bu and MORE

Hi, welcome to tsf!

please rename gmer.exe to gmir.exe then re-run it.

post the log when it's done.

14 more replies
Answer Match 86.1%

can someone please help me? I have McAfee viruscan and it has begun popping up an alert that it has detected the Trojan GenericDropper.au. I have already scanned and removed all viruses and adware that McAfee can remove, I have even washed the internet temp files under advanced settings. IDON'T know what else to do. A friend of mine, who is an IT guy at my job, says I may need to backup all my desired files to an external source and completely restore my C drive. Does anyone know of another option? And will this option work?

A:Help! I have a Generic Dropper.au!

Quote:





Originally Posted by gdeuce2


can someone please help me? I have McAfee viruscan and it has begun popping up an alert that it has detected the Trojan GenericDropper.au. I have already scanned and removed all viruses and adware that McAfee can remove, I have even washed the internet temp files under advanced settings. IDON'T know what else to do. A friend of mine, who is an IT guy at my job, says I may need to backup all my desired files to an external source and completely restore my C drive. Does anyone know of another option? And will this option work?




Not to blow you off but maybe you should check

http://forums.mcafeehelp.com/

I'm sure you can get specific help from them since that's the pgm you use.

2 more replies
Answer Match 86.1%

Hi all,I am running XP Pro SP3 on a 3.2ghz extreme box. I have recently picked up an annoying virus detected by McAfee as "Generic Dropper.ew". Besides that, I have received another application that redirects yahoo and google browser searches. Also, when Windows loads, I get a "rundll" dialogue box that says "protect.dll" cannot load and is either damaged or missing. *** McAfee just came up with the following***- A0003718.dll (in folder: C:\system volume information\_restore(79163E8B-4980-4270-9F2E-4414B6E0D560)\RP7 (deleted) in application: C:\Windows\System32\svchost.exe- A0003716.DLL (in folder: C:\system volume information\_restore (79163E8B-4980-4270-9F2E-4414B6E0D560)\RP7 (deleted) in application: C:\Windows\System32\svchost.exe- CHKDISK.DLL (in folder: C:\documents and settings\computer user\start menu\programs\startup (deleted) in application: C:\Program Files\Exterminate It!\ExterminateIt.exeHere is the Hijack This log.Any help would be greatly appreciated.*****************************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:34:30 PM, on 4/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\servi... Read more

A:Generic Dropper.ew

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log

3 more replies
Answer Match 86.1%

Hi


Have manage to inflict the afore mention virus upon myself, what do we know about it.

Thanks

mrboris1

I am running the following

XP Ver 2002
Service Pack 2

Mcafee Security Centre
Ver 8.0
Build 8.0.247

Virus scan
Ver 12.0
Build 12.0.177

Personal Firewall
Ver 9.0
Build 9.0.136

A:Generic Dropper.au

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments.
When the tool is finished, it will produce a report for you.
Please post C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

NOTE: Combofix prevents autorun of all CDs, floppies and USB ... Read more

1 more replies
Answer Match 85.68%

First of all would like to say hi to everyone at TSG!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\s... Read more

A:Solved: Help Removing Trojans : New Malware.j / Generic Downloader.f / Downloader-AYL

13 more replies
Answer Match 85.26%

I am using Win XP Home Edition Version 2002 Service Pack 2 and IE 7. McAfee Seurity Center has been reporting that I have the trojan Generic Dropper.au, however it can not correct it.

Here is my HijackThis log, please help!!!
Thanks,
Michele

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:37 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\antiviirus.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDevice... Read more

A:Infected with Generic Dropper.au

Next download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-... Read more

5 more replies
Answer Match 85.26%

Ok, I'm not super computer literate as far as technical stuff so bear with me.
I'm Running XP, and Firefox. On Sunday evening I became infected with what Mcaffee's anti virus has named Generic Dropper.au. The alert window that comes up indentifies the virus and indicates it's the program files as tmp0.exe, tmp1.exe, tmp2.exe and tmp3.exe. Mcaffee's site lists itas low risk, with a date of March 10th 08. All programs seem to run although super slow. I've got the stereotypical taskbar alerts and spyware phishing popups. The virus is using Explorer to try and connect to the site www.safenaweb.com and a couple of others that I didn't catch. When I say stereotypical spyware popups, I mean the general reading of "You have spyware on your machine, click ok to get rid of it type stuff" One of the messages is detailed enough to list Win32 as a virus name. The windows come up with a firewall locked down, so i know they're all internal. I've run Mcaffe anti virus, Webroot's Spysweeper and Antivirus lots of time over the last 3 days. Almost everytime I run either program I get something showing up from basic spyware to several trojans. The Mcaffee as well as Spysweeper have claimed to eliminate the Trojans, but obviously not or I wouldn't be here. At startup, which is super slow for this machine, Mcaffee pops up 4 seperate times to anounce the Trojan (with the name) it also goes on to say that it can't even be quar... Read more

A:Generic Dropper.au Infection

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Sh... Read more

1 more replies
Answer Match 85.26%

I have three things happening:
1 - I use Firefox 3.5.5 - when I do a Google search, the results are randomly hijacked. Sometimes I click on a link in the Google results and it clicks through, sometimes it takes me to a random ad page that I have to close.
2 - I get pop-up tabs - In Firefox, all during the day, tabs will pop up to the same random ad pages that the hi-jacked google links go to. I went to work on Thursday with a Firefox window open, and when I got home there may have been 20 tabs that had popped up.
3 - The "Resident Shield Alert" in AVG constantly (once every five minutes) is popping up to tell me about Dropper.Generic.BHHB, but it cannot do anything to fix it.

Here is this, thanks in advance for any help.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 8:57:17.35 on Sat 12/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.338 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program F... Read more

A:Dropper.Generic.BHHB

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

4 more replies
Answer Match 85.26%

I got it last night. I have Mcafee and it said it blocked a trojan about 10 times in 30 seconds, but it got through and it has totaly taken over my computer. I am using a friends right now to type this. I read through other posts and it appears I need to run hijackthis so I will do this and post results. Any help is greatly appreciated.
 

A:I have a generic dropper trojan PLEASE HELP

8 more replies
Answer Match 85.26%

Hi there...

My Thanks in advance for taking the time to read this post.I run windows 7 with AVG full licensed installed. My computer got a Trojan detected by AVG but unable to delete it (it said it has 4 Trojan dropper Generic 6).Today the computer does not even start...just works in safe mode..so I am quite desperate as I do not know what to do...While in safe mode I run Avast (free version),which was already installed, and it did not pick up anything.... I also run AVG but it does not seem to help as the computer still will not start in normal mode. Not sure if it helps but it seems there are some files that AVG can not access as they appear to be locked (it says so in the commands)
Any help is much appreciated!!!

Laia

A:Trojan dropper Generic 6

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the t... Read more

42 more replies
Answer Match 85.26%

I can't delete TMPO.EXE
Can't run DSS.EXE sorry
I have the active scan log if you need
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:25, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\antiviirus.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Softw... Read more

More replies
Answer Match 85.26%

I have problems removing Generic Dropper.au. Each time when I reboot my computer, my McAfee antivirus software gives me a message 'Trojan removed' or 'Trojan Detected'. When I scanned my PC, the trojan was detected and quarantined but is never removed. I keep getting Spyware alert messages, pop-ups, my desktop is a blue screen spyware alert message, frequent IE windows to various sites advertising spyware protection (seems pretty ironic), system is slower than usual. I could really use some help. One of the alerts warns of my having Worm.Win32.netsky.

McAfee recognizes the Generic Dropper.au virus but provides no info on removal.

Also would like to know if you think there is a danger in using my e-mail account before this virus is removed? Thanks for your help.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-23 18:59:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-03-24 01:59:59 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-03-23 14:07:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis Clone ----------------------------... Read more

A:Generic Dropper.au - constant pop-ups

Bump!

4 more replies
Answer Match 85.26%

Hello! I Hope you can help me! ^^Deckard's System Scanner v20071014.68Run by Administrador on 2008-05-15 22:47:24Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --228: 2008-05-16 01:47:57 UTC - RP228 - Deckard's System Scanner Restore Point227: 2008-05-15 23:52:52 UTC - RP227 - Installed Altia PhotoProto 1.04.20226: 2008-05-15 23:19:32 UTC - RP226 - Last known good configuration225: 2008-05-15 23:19:25 UTC - RP225 - Installed Noiseware Professional Plug-in224: 2008-05-15 23:19:25 UTC - RP224 - Installed MySQL Tools for 5.0-- First Restore Point -- 1: 2008-05-15 23:18:38 UTC - RP1 - Ponto de verifica??o do sistemaBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Administrador.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:51:06, on 15/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WI... Read more

A:Dropper.generic.tht? Mrofinu312.exe

Hello, and welcome to the forum.My name is Simon V., and I'll be glad to help you with your computer problems.Please download and install CCleaner.Open CCleaner. On the Windows tab, leave the default options alone.On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.Click on the Run Cleaner button at the bottom right hand corner.When the cleaner has completed, click Tools in the Left Pane.Verify that Uninstall is highlighted in color, or click on it. In the lower right, click Save to Text File. Pull down the arrow at the top of the Save dialog and choose Desktop as the location. You can leave the filename as install.txt. Click Save, then exit Ccleaner._______________________________Please visit this webpage for download links, and instructions for running ComboFix -http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says -The Recovery Console was successfully installed.Please continue as follows -Close/Disable all anti-virus and anti-malware programs so t... Read more

17 more replies
Answer Match 85.26%

Hey, AVG found my services.exe file infected with trojan horse dropper.generic c.MMI. I tried to follow some instructions on this forum and i ran combo fix to try and cure the problem, but AVG still says its infected. Here is the combofix log.
Any help would be appreciated.

ComboFix 12-07-11.03 - Marcus 12/07/2012 0:10.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3838.2576 [GMT 1:00]
Running from: c:\users\Marcus\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 23:17 . 2012-07-11 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 22:15 . 2012-07-11 22:15 -------- d-----w- C:\Marcus
2012-07-11 21:42 . 2012-07-11 21:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-11 20:31 . 2012-07-11 20:32 185480 ----a-w- c:\users\Marcus\AppData\Roaming\Microsoft\Hkvzhub\hkvzhub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 18:12 . 20... Read more

More replies
Answer Match 85.26%

Hi, thanks for helping. Here's what happened...
I tried to download a viewer to see a video clip - it never downloaded but then all hell broke loose.

1) McAfee started with the Generic Dropper.au
2) My background was some anti-virus software (privacy protector)
3) Pop ups for virus protection up the ying yang
4) Explorer Windows minimize and maximize without prompting
5) Task manager is disabled
6) Home page Ultimate Cleaner 2007 - even when I change it back, it goes back to Ultimate Cleaner

With DSS, I tried to have it access the internet after downloading but it was blocked. There is only the Main.TXT document. I also have the scan results document from the online tool.

I have attached the ActiveScan.TXT file results.

THANK YOU! Michael

DSS RESULTS:

uDeckard's System Scanner v20071014.68
Run by MichaelN on 2008-03-26 13:10:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-26 13:11:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\sys... Read more

A:Generic Dropper.AU - Major Pop-Ups, etc

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

If you have any questions along the way, STOP and ask them before proceeding.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

It does not appear as though DSS was allowed to download and install HijackThis. To produce a HijackThis log for your next reply, please do this:

Please download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

-------------------------------------------------------------------... Read more

19 more replies
Answer Match 85.26%

Problem exists on my son's computer and I have disabled his access to the internet because whenever he goes onto the internet the screen becomes very active and Spyware Dr starts to block all sorts of activity. We have also noticed that more adware is being added.When PC is switched on get Desktop message:"Could not load or run c:\users\David\AppData\Local\Temp\ljhhf.exe specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry."We then click on OK and get a RunDLL message:"Error loading c:\users\David\AppData\Local\Temp\sstro.dll. The specified module could not be found."At the same time McAfee reports the Generic Dropper Trojan in file c:\users\David\AppData\Local\Temp\ljhhf.exe and says it has been blocked and removed.I have followed the instructions in the Preparation Guide for use before posting a HijackThis log and have performed several scans.- McAfee Scan is clean.- Spyware Dr Scan is clean- Adware scan reports "1 registry vlaue identified" in regfile\shell\open\command "" ("regedit.exe" "%1") which has a description of a general windows security issue and cannot be deleted. HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:48:06, on 02/02/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.... Read more

A:Generic Dropper Trojan

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Jan SoallMy name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Click Start and choose Control Panel:- In Control Panel double click on the "Programs and Features" icon.- Here you can find all the programs and items which are installed in Windows Vista.- Now remove all older versions of Sun Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java versions.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.Please disable UAC [User Account Control].1. Click Start and then click the picture at the top of the right column on the... Read more

7 more replies
Answer Match 84.84%

First of all would like to say hi to everyone at Tech Support!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusche... Read more

A:Help Removing Trojans: New Malware.j / Generic Downloader.f / Downloader-AYL

Hello parry, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 ? TEMP... Read more

14 more replies
Answer Match 84.84%

Hello everyone. I had a problem with my PC once in the past & someone here was really nice & showed me how to fix it so here I am again with another problem hoping that someone can help me again.

I got a result in my AVG Anti-Virus scan that had 10 infected files that were not removed.
These are the files:

C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038551.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A003851.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038556.exe
Trojan horse Generic11.AV
C:\System Volum... Read more

A:Trojan horse Generic 11.AV & Trojan horse Dropper.Generic.AAMD

9 more replies
Answer Match 84.42%

I need help removing the Trojan Horse Generic Dropper bug from my computer. I have tried several novice things I read online, and have AVG, but cannot get it removed. We have removed most all of our files & even tried to reset the computer to factory settings but it is still here. I just want to wipe it out, install a better security program, and start all over. If not possible, then I will buy a new laptop but of course would like to prevent that if possible. Thanks for your help in advance!

A:Trojan Horse Generic Dropper

Hello and welcome. I moved this to the Am I Infected forum for now..What did you run?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an ... Read more

17 more replies
Answer Match 84.42%

ok.... i have run a scan with avg and have come up with over 40000 files in the \windows\fonts folder which seem to be videos,programmes,films etc with .zip file extension.

I have downloaded hijackthis and i have posted my log fle below, can you please tell me what i will need to get rid of to fix my problems as i have no idea:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:04, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime... Read more

More replies
Answer Match 84.42%

Hello,

I have been searching for a fix for this since yesterday to no avail. I have run Malware-bytes, AVG scan, and SUPER Anti-Spyware as well. AVG is detecting it as well as multiple tracking cookies. Any help would be greatly appreciated.

Thanks.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Frankris at 12:47:53 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1766 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\E... Read more

A:Trojan horse Dropper.Generic c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

70 more replies
Answer Match 84.42%

My computer was lagging and running slow and I followed the instructions I found on the Internet and on BC to clean it up (Defragment, Clean Disk, Add-Ons, etc.) I did everything from updating Windows, running anti-spyware (Walwarebytes Anti Malware) and virus scans (ABG)in regular and safe mode, chkdsk, etc., etc. AVG caught a "Trojan Horse Dropper Generic 7.SIF" and I had difficulty removing it so I did a Destructive Reinstall of Windows XP with the disc that came with the computer.

I don't know much about computers but after the fresh reinstall, I could see that there were settings that just didn't look right and had been altered:

1. The System Restore was turned Off;
2. The Remote Access was turned On;
3. In Control Panel>Internet Options>Security, I noted that certain settings were altered. For ex., in the "Internet, Local Intranet, Trusted Sites, Restricted Sites" I saw that the "Launch Unsafe Application and Files" was Enabled. I am not experienced enough to know what half of these settings are, but I am guessing that this shouldn't have been enabled;
4. In the Firewall, the WEBFramework and UPnP Framework were Unblocked for "Any Computer."
Attached are DDS logs. I have Windows XP, Media Center Edition, Version 2002, SP 3. Any guidance would be greatly appreciated. Thanks - EileenNOLA

A:Trojan Horse Dropper Generic 7.SIF

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass... Read more

11 more replies
Answer Match 84.42%

AVG detected a tojran dropper generic2 and set it to virus vault but i checked the services that are running and found something suspicious Wsearch googled that and it says its a malware what should i do?

A:im infected with trojan dropper generic 2 need help

Hello and welcome. First disable Spybot for all theses.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after ru... Read more

1 more replies
Answer Match 84.42%

I have problems removing Generic Dropper.au. Each time when I reboot my computer, either I get a message 'Trojan removed' or 'Trojan Detected'. When I scanned my PC, the trojan was detected and quarantined but is never removed.

My antivirus software says that it is in my program files but I can't find it in my C: drive.

My operating system/service pack is :
MS Win XP
Home Edition
Version 2002
Service Pack 2

My McAfee products are :
1. Security Centre
Version 8
Build : 8.0.247

2. Virus Scan
Version 1.0
Build : 12.0.177
DAT Version : 5252.0000
Engine version : 5200.2160

3. Personal Firewall
Version 9.0
Build : 9.0.136

4. Site Advisor
Version 2.6
Build : 2.6.6253

The infected file is C/Progam Files/TMP0.EXE. Note that this file cannot be found when performing search in Windows Explorer.

How do I get rid of this trojan for good??

A:Generic Dropper.au - Stubborn Trojan

Hi,

Download Deckard's System Scanner to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - main.txt.txt<<this one will be maximized and extra.txt <<this one will be minimized.
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt.txt in your next reply.
6. Please copy and paste the contents of main.txt and extra.txt to your post.

8 more replies
Answer Match 84.42%

AVG found this and I have no idea what I'm doing. I haven't really encountered any problems yet. I was using winRAR to extract something which ended up being a trojan. I immediately ran spybot S&D and Ad-Aware as well as AVG. I also disabled system restore (Vista).. I ran hijack this as well and here is the log.. everything seems okay other than slowness.

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\conime.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Int... Read more

A:Trojan Horse Dropper.Generic.RGQ

7 more replies
Answer Match 84.42%

Someone please help me!! I am running AVG and it has identified Trojan horse Dropper.Generic_c.MMI in C:\windows\system32\services.exe. Says the object is white listed and should not be deleted. Also says Found Luhe.Sirefef.A in c:\program files (x86)\Internet Explorer\iexplore.exe Object is inaccessible. It shows three instances of the last error that cannot be deleted. It lets me delete others but the just come right back. What should I do?

Thanks!!

A:trojan horse dropper generic

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

18 more replies
Answer Match 84.42%

Hi to all members,pls help me my avg free has detected a virus called trojan horse dropper.generic.DZD,my avg free was able to heal the virus but can i safely wipe it at the virus vault?will it be gone forever if i do that?pls help me!many thanks!!
 

A:Trojan Horse Dropper.generic.dzd

11 more replies
Answer Match 84.42%

So I got a virus called "Anti-Malware Doctor" a week ago, I removed that and everything was good until I suddenly get random Tabs opening on firefox, and AVG detected one of them as a Rogue virus. So I left it, then I got on my computer yesterday, and AVG Resident shield keeps popping up an alert saying that there's a Trojan Horse Dropper Generic 2 UHE virus, and that its creating folders in my Windows>Temp Folder. I've tried enough Anti viruses, and Malwarebytes shows nothing, please help, and if you say just move it to the virus vault, I've tried but it never shows anything in the vault : Here's a screen shot of what I'm talking about :

A:Trojan Horse Dropper Generic 2 UHE?

Anybody? The stinking alert keeps popping up every 5-8 minutes, and my machine makes a noise that's noticeable when its about to pop up .

7 more replies
Answer Match 84.42%

hi guys
shoting in the dark with this cos ive never had a trojan before in my life msn crash on me and cant get it to work again for love nor money weather i unistall/reinstall... tonight avg tells me i have a trojan horse dropper.generic VUZ .......avg tells me its in 2 places 1) in (c/windows\system32\svchost.exe) 2nd is in ( c\program files\windows defender\MSASCui.exe) i went to remove the first and the result was its in moved to virus vault when trying to remove the 2nd it says that it cant find the file? weather this is good or bad i have no idear?

is there away to get it total of my hard drive without doing a wipe hard drive and fresh window install ? im useing window vista ult' 64bit
 

More replies
Answer Match 84.42%

Hi, after your help here folks,
before the attack I already had AVG,spybot search and destroy and spyware blaster updated and running, my windows updates are all done and I hope I have followed the '5 step' programme properly I 'opened' a file sent to me on messenger live, and have been trying to rid the putor of this for five days, I manage to stop the browser helper actually getting onto the toolbar by denying it access with spybot, avg picks up lop and psyme and puts them into the vault and heals the trojans as they pop up but i can't get them off the putor
Your help will be greatly appreciated in this,
Anne

Deckard's System Scanner v20071014.68
Run by Anne Ardern on 2008-03-19 20:19:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-03-19 20:20:22 UTC - RP101 - Deckard's System Scanner Restore Point
51: 2008-03-18 22:17:22 UTC - RP100 - Software Distribution Service 3.0
50: 2008-03-18 13:39:19 UTC - RP99 - Removed VC_MergeModuleToMSI
49: 2008-03-16 10:32:41 UTC - RP98 - System Checkpoint
48: 2008-03-14 22:43:13 UTC - RP97 - Last known good configuration


-- First Restore Point --
1: 2008-03-14 22:42:43 UTC - RP50 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physi... Read more

More replies
Answer Match 84.42%

McAfee has quarantined Generic Dropper.au on my computer, but I can't find out how to delete it or what I should do? It has changed some of my desktop settings, but I am afraid to do anything else to see anything since I don't know enough about a trojan to know what is ok to do at this point and what's not. Please advise.

Thanks!

A:Help - McAfee found Generic Dropper.au

After my initial post I found where I was supposed to follow the 5 steps which I have now done. Below is a copy of my main.txt and I will also attach a copy of extra.txt. After going throug the steps Panra found 21 infections on my computer. I need guidance on what I shoul do now. I am not very computer savy so I will need some step by step guidance to get the computer back together. Thanks!

Deckard's System Scanner v20071014.68
Run by Donna Allbritton on 2008-03-21 20:55:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-03-22 00:55:09 UTC - RP568 - Deckard's System Scanner Restore Point
47: 2008-03-22 00:47:16 UTC - RP567 - Software Distribution Service 3.0
46: 2008-03-21 18:00:56 UTC - RP566 - System Checkpoint
45: 2008-03-20 17:52:15 UTC - RP565 - Software Distribution Service 3.0
44: 2008-03-18 19:31:02 UTC - RP564 - System Checkpoint


-- First Restore Point --
1: 2007-12-23 20:40:20 UTC - RP521 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-21 20:57:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE:... Read more

1 more replies
Answer Match 83.16%

AVG keeps coming up saying this threat was found. If I click anything except close it freezez the laptop. I haven't found anything on BYHJ. Can anyone help me?
 

More replies
Answer Match 83.16%

I hv mcafee enterprise install.

Problem one:
When window starup,window say cannot find vtstu.exe

Problem two:
When using IE,error message (microsoft visual C++ Runtime Llibrary) saying buffer overun detected on c:\windows\explorer.exe and need to be close

After that mcafee will detect and remove vtstu.exe,
detect and remove Generic Dropper.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:19 AM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGEN~1.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program... Read more

A:Infected by Trojan VTSTU.exe and Generic Dropper

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


Combofix
Download ComboFix and save it to your desktop. Alternate links here or here.

**Note: It is important that it is saved directly to your desktop**

CAUTION! Combofix should not be run without supervision - we cannot be held responsible if you end up having to re-install Windows!

1. Close any open browsers and physically disconnect from the Internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a guide to disabling AV, Firewall and Anti-malware programmes.
Double click on combofix.exe & follow the... Read more

1 more replies
Answer Match 83.16%

I have been struggling with my laptop all summer trying to clean/rid myself of these evil viruses. I was reading through some of the other posts but it seems like i might need to post my own computer info and get some expert advice. I am currently running windows 7 64 bit. I am receiving no error messages, however if I click on any links while on the web I am redirected more often than not. I wait anxiously for your response, thank you in advance.

A:Luhe.Sirefef.A & Trojan Dropper.Generic

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

28 more replies
Answer Match 83.16%

Have tried a number of things as directed in the "Am I infected" Forum, to no avail. This is a resistant little thing. When I click on GMER, half of the boxes are gray and it won't let me select them or the "show all" option. Below is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by DOWNS-Laptop at 12:54:05 on 2012-09-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.525 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32... Read more

A:Infected with Trojan Dropper Generic Virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

3 more replies
Answer Match 83.16%

AVGFree Virus Scan is popping up with numerous events of dropper.generic.bhhb Trojan.It is normally finding them at windows\temp\****.tmp\svchost.exe The **** is always a different random set of characters. When I tell AVG to "heal" the problem it says the file cannot be found. I am running XP. The process name reported for the virus is windows\system32\svchost.exePlease help! I think it's multiplying.Below is my HijackThis logfile: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:47 AM, on 12/4/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\P... Read more

A:dropper.generic.bhhb TROJAN infection

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 83.16%

Hey guys,

I'm using AVG Antivirus and it detected Trojan.Horse.Dropper.Generic.cMII in my C:/Windows/System32/services.exe. and it's been redirecting my searches. The detection only pops up when I boot up or come back from sleep mode. I've been racking my brain trying to get rid of this and any help would be appreciated.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:48:23 PM, on 7/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Exp... Read more

A:Trojan.Horse.Dropper.Generic.cMII

6 more replies
Answer Match 83.16%

Heya,

yesterday my avg found that my computer was infected with

trojan horse dropper.generic c.MMI in my services.exe


avg could not remove it as the file was whitelisted
after i finally managed to remove it with running in safe mode and running a sfc /scannow

i cleaned up other infections with avg ,malewarebytes, spybot and superantispyware

which seems to have removed everything so far
i would like to know if there are any infections left that those programms where not able to find and remove

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:21:53 PM, on 7/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Users\Yuki\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Inte... Read more

A:trojan dropper.generic c.MMI removal complete ?

16 more replies
Answer Match 83.16%

Hi I am new and would like help in removal...I am running AVG on HP computer with windows XP.

1: Constant is Microsoft Script Editor popup with Runtime Error, Debug Now? Even if you say yes, it shows error DW is undefined.

****went to Tool, internet options & checked box for DISABLE SCRIPT DEBUGGING
Still getting pop ups in Explorer for Runtime Error Debug Now...

Pop up of RESIDENT SHIELD ALLERT: TROJAN HORSE DROPPER SMALL ENF

Pop up of c:\windows\eholakiz.dll then another one that i did not get to write down..

I installed Panda Cloud Antivirus. it caught numerous TROJAN HORSE GENERIC PAKES DROPPER.SMALL ENF.
i installed Malwarebytes.
I started in safe mode. will not scan.

***Also internet suddently does not connect..well i checked in IE
tools
internet options
connections
LAN
and checked is the box for proxy...
i uncheck shut down and start computer again..
same thing...it will not remain unchecked...
when it is unchecked , i have internet!

is all this malware, spyware, virus? what can i do? thank you

Any suggestions are appreciated thank you.

More replies
Answer Match 83.16%

Hello, I have AVG free, (but do not have the option of 'healing' the virus) I attempted to move a virus it discovered, a trojan horse called Dropper.Generic.DZD, to the AVG quarantine vault, It told me that the "requested action is not available for this object. Access to the file has been denied. I then checked info on it but could not find it in thier virus encyclopidia...It was detected while a was not at home, AVG explains my computer at some point tried to open the file:

C:\System Volume Information\_restore{9E60382B-316D-4310-AF10-975781FAD3E2}\RP418\A0268648.exe

I just got home and checked my computer to find the virus dedtected window, dont know how long it has been on my computer, though I did click on a few myspace links posted in bulitens from my freinds, it gave me pop-up windows galore, I suspect that freind's account has been hacked, thinking that the popups may have given me somthing, I scanned my computer right after with AVG and it turned up nothing, that was last night. Today I found the Virus Detected window. What can I do to get rid of this virus? and how will it hurt my computer in the meantime?

Assistance Appreciated,

Gantunie
 

A:AVG finds Trojan Horse Dropper.Generic.DZD

If you disable - then re-enable System Restore - it should flush it out
 

1 more replies
Answer Match 83.16%

A recent Anti-Virus scan turned up "Trojan Horse Dropper.Generic.jgy". I am pretty stubborn, as my wife is quick to point out, and have tried hard to get rid of it myself but this time I have to admit defeat and I think the only way out is a re-install. I have turned off the auto restore and run the spyware programs numerous times. If anyone can help prevent me having to do this it would be greatly appreciated.

The trojan has resulted in my internet broadband download speeds stopping because information is being uploaded! I cannot use Panda and have had to use a second computer to manually download updates to my various anti-spyware etc software and transfer them across. I have also manually installed additional anti-spyware etc to help deal with the problem without success. My Windows XP is authentic and I regularly update this as well as the spyware.

I'm able to "move to vault" or "heal" the infected file but it replicates itself within a couple of minutes. It shows up in the windows Temp file usually looking like 1234567.exe or some variation of.

Below is a HijackThis scan of my system. I will have to separately post the Combo Fix scan as the messsage is too long to attach to this post.

Thank you.

Challenge

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:14:34 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe... Read more

A:Solved: Trojan Horse Dropper.Generic.jgy

Below is the san produced by Combo Fix

Thanks,

Challenge
- 2007-05-18 15:09:56 Service Pack 2
ComboFix 07-05.17.6.V - Running from: "C:\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\install.log
C:\install.log
C:\WINDOWS\start.exe
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 ))))))))))))))))))))))))))))))))))
2007-05-18 15:43 0 --a------ C:\WINDOWS\SYSTEM32\agpbrdg5.sys
2007-05-18 15:06 1,084,008 --a------ C:\ComboFix.exe
2007-05-18 14:58 <DIR> d-------- C:\DOCUME~1\ELSMQU~1\APPLIC~1\Webroot
2007-05-18 09:33 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-05-18 09:29 22,080 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2007-05-18 09:29 21,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2007-05-18 09:29 20,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0509.sys
2007-05-18 09:29 144,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2007-05-18 09:29 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-05-18 09:25 <DIR> d-------- C:\Program Files\Webroot
2007-05-18 09:25 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\Webroot
2007-05-18 09:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-05-17 21:20 <DIR> d-------- C:\Program Files\Active Ports
2007-05-17 21:03 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\Prevx
2007-05-17 21:02 77,312 --a------ C:\WINDOWS\ua2.... Read more

1 more replies
Answer Match 83.16%

I visited a website and AVG 9 popped up warnings. I closed Firefox and tried to run Malwarebytes but it would not open. I ran AVG and it found the subject of this thread. ntdevice.exe closed when I disconnected my ethernet cable. I then restarted in Safe Mode and ran Malwarebytes and AVG multiple times. I have added these logs to the attach.zip file. I performed these operations before finding this site. Every time I restart the computer I get 2 messages "Windows cannot find Locals~/temp/dwm.exe" and a message that the registry cannot locate the same file etc. I have a Windows CD.

Thanks in advance for your help. I have replaced my name with my initials in the dds txt file below:

DDS (Ver_10-03-17.01) - NTFSx86
Run by c b at 7:08:34.46 on Tue 09/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1595 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs... Read more

A:Trojan Horse Dropper Generic 2.AXMW

Bump please

19 more replies
Answer Match 83.16%

Hello,

I am trying to help a friend of mine who has a trojan horse. She is running WinXP and AVG. AVG reports a trojan horse called "trojan horse dropper generic 2.ango". I don't know what to do and was hoping one of you is able to help me out. I've read something about HijackThis and this is what it finds (pasted below). I really hope someone can give some useful information. Thanks a lot in advance!

Cheers,
Manje

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:54:40, on 31-8-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Lava... Read more

More replies
Answer Match 83.16%

i started dealing w/ the popups a week or so ago, my sister was visiting a page for myspace layouts, can't remember the name and clicked on a link when the firewall popped up saying it stopped trojan from downloading. however, that's when the popups started. i ran ad aware, remove it pro 4.1and ran norton antivirus (subscription expired months ago tho). did this several times, sometimes in safe mode, several things were removed including trojans, but the popups remained. mainly they were from outerinfo and winantispyware pro...but there are a lot of others from random websites. i found out how to uninstall outerinfo on their website, and have had no more problems with it, but the others keep coming. also, i noticed under the privacy tab of internet options the settings keep resetting to "accept all cookies". i've changed it to medium-high several times, it keeps resetting. a few times i have received a "buffer runtime error" message and the desktop reloads, sort of acts like the computer restarts but all of the programs stay on the screen.

panda log:


Incident Status Location

Adware:Adware/DnsInsider ... Read more

A:popups; Trj/Downloader.OZB, Generic Malware, Trj/Downloader.PCQ

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Once we've gotten a handle on the infection, we'll uninstall Norton (or you should renew the subscription) and get you a free Anti-Virus so the machine is protected. Having an outdated Anti-Virus program is almost like not having one at all.

---------------------------------------------------------------------------------------------
Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. ... Read more

19 more replies
Answer Match 82.32%

Hello, all.

I am sending this on behalf of a friend who's on the internet and too far away for me to deal with the machine directly.

Her machine has been infected by malware. AVG reports an infection with Dropper.Generic.BHHB, and says that there are infected svchost.exe files in c:\windows\temp\xxxx.tmp, where xxxx changes. It seems to be happening a lot, and more frequently after a reboot.

Moreover, when she attempts to restart the machine in safe mode, the machine gives the BSOD.

I have attached the Attach.txt file.

Any help would be very greatly appreciated.

Here is the DDS.txt file she was gracious enough to send (username obscured):
DDS (Ver_09-12-01.01) - NTFSx86
Run by abcdef at 17:53:02,56 on 03.12.2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1033.18.1014.226 [GMT -8:00]

AV: System Defender *On-access scanning enabled* (Updated) {08D58008-3BA2-4027-B635-9F8DF2407650}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: System Defender *enabled* {A7B555AD-ECFD-40A1-9C7C-4F0FB2D523C4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\... Read more

A:Infected with Dropper.Generic.BHHB Trojan Horse

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 82.32%

AVG keeps telling me that i have this virus even though the scan has said its been removed.It redirects my Google searches to other fake websites.It says its in my system32 folder and service.exe .here is my hijack log. Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:17 PM, on 7/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\... Read more

More replies
Answer Match 82.32%

Hello,I'm new to the forums. A couple of weeks ago, my wife responded to a fake pop-up message while surfing the web, saying our computer had been infected with viruses. She thought it was legitimate....thought it was our McAfee antivirus. She ended up installing Power Antivirus 2009, not realizing it was malicious. (Luckily she didn't purchase it!)I removed this program using Malwarebytes, cleaned it from our registry, etc. But every day since then, I have been getting warning messages from our McAfee security center, saying it detected and cleaned a trojan. For several days, it was Vundo. Then for a couple of days, it was Generic Dropper.p. Last night, it was something entirely new (Exploit*... sorry, I'm at work and can't verify the name). The warnings typically display as soon as I launch an application like IE, Firefox, MSN Explorer, or WebRoot SpySweeper. Once McAfee removes the trojan, it usually detects another one (of the same type) a couple of hours later! So these nasty things are apparently being regenerated throughout the day, or overnight.I was up all last night, running full scans with McAfee, HouseCall Antivirus, Super Antispyware, and AVERT Stinger....and nothing was detected on my computer. I rebooted and ran HijackThis. Following is the log file.Any help would be appreciated. And just a general question: in the event that these trojans attempt to access my computer or log keystrokes, am I safe as long as I have the McAfee firewall installed? I woul... Read more

A:Multiple Trojan Infections - Vundo, Generic Dropper.p, Etc.

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.

2 more replies
Answer Match 82.32%

Hello,

I have recently been infected with Trojan Dropper.Generic.BHHB. My OS is Windows 7 Ultimate and my AV is AVG 9.0. I also use Spybot S&D. The symptoms are thus: use of an internet browser results in random hijackings that take me to rogue sites; and every 2-5 minutes AVG 9.0 catches a spawned file and banishes it to the virus vault. These spawn files are found in the Windows/Temp folder and are usually followed by .svchost in their names. I saw some people have luck with Combofix but apparently the Windows 7 build is still in beta and I can't use it. I am posting and uploading my DDS logs below. Strangely, I am unable to run RootRepeal. I am given the error FOPS-DeviceIoError! Error Code = 0xc0000024 Extended Info (0x000000f8). Anywho, here is my DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Logan at 23:14:38.47 on Sun 12/06/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1208 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RP... Read more

A:YAY! Another Comp Infected with Trojan Dropper.Generic.BHHB

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

2 more replies
Answer Match 82.32%

Windows 7 RC Build 7100Sony VGN-AR15e LaptopThe virus appears to be self replicating. It only replicates when I have an internet connection, so I'm assuming that the virus is using the connection to download new viruses. Every couple of minutes AVG's resident shield pops up and shows 2 new viruses that have been detected.They always show under the following directory:C:\Windows\Temp\yovm.tmp\svchost.exe.The .tmp filename always changes but there are always 2 of them with the same filename. The process name changes though between to executable files: C\Windows\System32\SearchProtocolHost.exeC:\Windows\System32\svchost.exeAVG lists the infection as Trojan horse Dropper.Generic.BHHB. The virus appears to be new.When I first got the virus I tried to get rid of it and when I restarted my computer windows explorer would not open and neither would any other startup program. Task Manager would crash every time I opened. So I restarted in Safe Mode and successfully Restored the system. I have gone through this process twice. I have received error messages when trying to open Task Manager and AVG but they have not come back since I have completed a System Restore. I do not remember what they had said.I have scanned my computer with the following programs to no avail:AVG 9.0Found the following viruses:12/06/2009C:\Windows\Temp\qvpy.tmp\svchost.exe;"Trojan horse Dropper.Generic.BHHB";"Moved to V... Read more

A:Virut? Trojan horse Dropper.Generic.BHHB PLEASE HELP

I am afraid I have very bad news...Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary. The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.CA Virus ... Read more

1 more replies
Answer Match 82.32%

This is my log file form completing comboxfil process. Please help with the further removal of this trojan. Thanks.ComboFix 10-09-04.06 - Kim 06/09/2010 13:06:08.1.2 - x86Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1014.348 [GMT -2.5:30]Running from: E:\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\programdata\FullRemove.exec:\programdata\Microsoft\Network\Downloader\qmgr0.datc:\programdata\Microsoft\Network\Downloader\qmgr1.datc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}c:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome.manifestc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome\content\_cfg.jsc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome\content\overlay.xulc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\install.rdfc:\users\kim\appdata\local\temp\cbywvs.dllc:\users\Kim\AppData\Local\Temp\wvvsss.dllc:\users\Kim\AppData\Local\Windows Serverc:\users\Kim\AppData\Local\Windows Server\admin.txtc:\users\Ki... Read more

A:Trojan horse dropper generic 2, log file from combofix.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Answer Match 82.32%

Since i just searched on thread for a quick solution. And the thread was in system volume etc and so was my bro. So i just chose the answer someone gave and disabled the system restore and re enabled it is it clean ? heres the hi jack log P.S i wont respond till tommorow around 4:00 pm P.S.S Well i might be able to respond tonight just maybe.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:12 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program F... Read more

A:Did i did something wrong to remove Trojan horse Dropper.Generic.DZD

13 more replies
Answer Match 82.32%

Not sure what information you need but my computer is infected! Ready to give you any info you need. Thanks for the help... I started out with one white-listed Trojan horse, but as I tackle the problem, the infections are multiplying by a huge amount! I've got three different viruses and one repeated in my detection program 3 more times, and I'd really appreciate rapid help! I think the original infection may have been linked to Java or Flash, which had been constantly trying to update themselves recently. I'd like to eradicate these viruses, so please help! Who's going to rescue me?? I need a superman!
Thanks,
Teen In Need

A:HELP! Generic28.anic, Backdoor.Generic,Dropper.Generic_c.MMI

We haven't used the computer since the infection. I'd want to help my son get this fixed and we would be happy to provide any information you need. Thanks for your help. We have used this site to fix other problems and it's been great but with a lot more going and being unsure where to start and feel we need an special "prescription" this time and have joined the Bleepingcomputer.

71 more replies
Answer Match 82.32%

Like Fizzy jay, I have the exact same thing. I am computer illiterate and am too afraid to mess with viruses and computers.

On my daughter's computer, the red small window shows up telling us that there is a Trojan Dropper generic virus on services file, system32 and all we can do is ignore it. I think this virus was from a flash player update.

I also have another virus but since I have no access to the computer right now I'm doing this by memory. It's in C:\users/kabance/App data/local/microsoft windows...Temp files. It's called JS/Redirect. When you open up a web page, a second one loads as well.

Coincidentally, I was trying to do a virus scan but it doesn't get beyond 71%. It slows down when it gets to C:\users/kabance/App data/local/microsoft windows...Temp files. It looks like AVG is scanning them but it won't go any further. Also is it possible to have 2468598 file on your computer???

The trojan says that it has been white listed and the other one says that the file is inaccessible, whatever that means. I know nothing about computers but when my friend gets back, I'll have them do it since they know what they are doing. I don't want to deal with it. I just want to make sure that the viruses CAN be obliterated.
 

More replies
Answer Match 82.32%

Hi guys. I'm a complete computer novice here. I'ver been infected by a trojan horse called droppper.generic.DZD. I've run several antivirus programs without any success in removing the trojan. Any help you could give me in removing it would be greatly appreciated. I've seen other posts on this forum dealing with this exact subject and from what I understand after reading these posts, it seems that removal procedure may differ depending on what is on my hijack this logfile. So here goes:

Logfile of HijackThis v1.99.1
Scan saved at 02:39:52, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSched... Read more

A:Help needed to remove trojan horse dropper.generic.DZD

8 more replies
Answer Match 82.32%

Hi,

I use Ad-Aware 2007 and McAfee Virus scan for regular monitoring of my PC. Yesterday, Ad-Aware detected and deleted a generic dropper trojan it found in C:\windows\temp (called PK388.tmp).

The problem is that it doesn?t stay deleted. It comes back again and again, even though Ad-Adware says it deletes it. It comes back with reboot, without reboot, and even restarting Ad-Aware immediately will turn it up again (the file Ad-Aware finds and deletes each time is just a varient of the first file---PK15D1.tmp, PK373.tmp, PK6F6.tmp, PKA7D.tmp, PKDEC.tmp).

I?ve followed the 5 STEPS. Below are my log files. Extra.txt attached.

Thanks for the help!

...G

======================== PANDA ACTIVESCAN LOG ========================


Incident Status

Location





Spyware:Cookie/WebtrendsLive Not

disinfected C:\Documents and Settings\G. Cleveland\Application

Data\Mozilla\Firefox\Profiles\ru6d2799.default\cookies.txt[statse.webtrendslive.com/]



... Read more

A:Generic dropper trojan returns after deletion - repeatedly

I just ran Ad-Aware again, and this time a remote admin tool was found and deleted. It was called psexec.cfexe in a folder called C:\327882RFWJF.

I'm not an expert, but this seems to be getting worse.

2 more replies
Answer Match 82.32%

DDS (Ver_09-07-30.01) - NTFSx86
Run by conrad at 16:34:48.67 on Mon 08/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3007.2349 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Anti-virus Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\OpenOffice... Read more

A:Infected with trojan horse dropper.generic.avjt

hi Naphtali,

Sorry for delay, no shortage of posters. Your log is several days old, if you still need help with malware reply to my post.

1 more replies
Answer Match 81.48%

My AVG antivirus version 8.5 keeps detecting Trojan Horse Dropper Generic AFNC in files in my Temporary Internet Files directory. Everytime the Resident Shield detected one, I sent it straight to the Virus Vault, but it kept coming back.

I don't know if it's connected, but recently I have the Downadup infection. I can't access major antivirus sites. I've downloaded fixdownadup and run it, but the downadup kept coming back. Recently I tried the downadup removal tips in this site. I downloaded the Bit Defender downadup removal tool and run it. It says my system is clean but I still can't access major antivirus sites. I've installed the Windows updated and have deactivated the autorun feature in my computer.

This is my DDS log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by user at 10:00:37.43 on Thu 04/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.239.21 [GMT 7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG�... Read more

A:Trojan Horse Dropper Generic AFNC and possibly Downadup

An update:

I've managed to download an update for malware bytes from another site and run it on my computer on April 27. It caught 7 files infected with conficker and 2 registry. I deleted them all.

Here is the log:

Malwarebytes' Anti-Malware 1.34
Database version: 2015
Windows 5.1.2600 Service Pack 2

4/27/2009 4:04:25 PM
mbam-log-2009-04-27 (16-04-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 124131
Time elapsed: 1 hour(s), 30 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2T03VXE3\bcgq... Read more

55 more replies
Answer Match 81.48%

Got infected while running McAfee - first noticed browser re-directs then got the "File Recovery" malware which changed all of my files to hidden and read-only, wiped out my desktop etc. Manually got rid of that with process explorer and AVG (I have since removed AVG because of McAfee). Since have been fighting Dropper.Generic,ZeroAcess and FunMoods. Downloaded Malware bytes which keeps blocking a program outgoing to 206.161.121.3 which it says is a known bad site. Things are not getting better and I am losing the battle. McAfee keeps saying my computer is at risk (like I didn't know that)

Attached are the Hijack this file and 2 GMER scans (one from this morn and one from this eve) I tried to run DDS 3 times and it locked up after 10 min about 2/3 complete. Had to force a shutdown of the computer. If I have script blocking on I don't know what it is. Before it runs I get this message - Load Driver["c:\DOCUME~1\Richard\LOCALS~1\Temp\pwlikoc.sys"] error 0XC000010E Cannot create a stable subkey under a volatile Parent key

Thanks in advance for your desperately needed help

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:53 PM, on 8/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\syst... Read more

A:Dropper.Generic, ZeroAccess, FunMoods, FileRecovery Browser redirect need help please

16 more replies
Answer Match 81.48%

Statistics:HP Pavilion a375c; 3.00 GHz Intel Pentium 4 with HT; 2.75 GB RAM currently installed. Microsoft Windows XP Home 2002, SP2. Automatically updated. Microsoft Internet Explorer Version 6.0.2900.2180.xpsp_sp2_gdr.070227-2254, SP2. (IE7 not used, due to incompatibility with an application on intranet for work.) Temporary Internet Files folder emptied when browser is closed. Cookies deleted frequently. History kept for 1 day. Home networked with spouse?s computer, using a NETGEAR wired router. NAT and SPI are enabled.DSL connection at 1MBps, with a local ISP.McAfee 3-User Internet Security Suite (10-in-1), with SiteAdvisor. This is the current version. All protections (except Data Backup) enabled, including real-time scanning. Firewall security setting had recently been changed from tight to standard, as there was trouble accessing certain things. Smart recommendations and startup protection enabled. Also automatically updated. Other anti-malware installed: Windows Defender, automatically updated; SpywareBlaster, Spybot Search & Destroy, and Ad-Aware SE Personal (now Ad-Aware 2007) ? all three updated 2-3 times weekly, and full scans run frequently.Infection History:The evening of 01 Feb 2008, McAfee?s real-time scanning engine automatically repaired (removed) two files, SiteAdvisor and ActiveSync, although NO alerts were seen. VirusScan DAT?s had been updated that day.The morning of 02 Feb 2008, when beginning a Google search, a McAfee alert popped u... Read more

A:Generic Downloader.af

Speedy TurtleSorry for the delay.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.

36 more replies
Answer Match 81.48%

[font=Verdana]I have tried to remove this Trojan, and everytime I reset my computer, it is back again!! When I try to Delete, Quarantine or clean this file, I keep being told that it is not possible to perform this action. I used the HiJack This program, but had a very hard time understanding the results and was concerned about deleting things I should not delete. Any help will be greatly appreciated.....Dash-mom

A:Generic Downloader.ab

I used the HiJack This program, but had a very hard time understanding the results and was concerned about deleting things I should not deleteHijackThis is an advanced tool that requires advanced knowledge about the Windows Operating System. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as your Internet no longer working or problems with running Windows itself. If you do not have advanced knowledge about computers you should NOT fix anything using HijackThis without consulting a expert as to what to fix. We may be able to remove this Trojan without using Hijackthis. Please try the following:If your using Win XP or Win 2000 download and scan with Ewido Anti-Malware v3.5Ewido Install and Scan InstructionsWhen done perform this online scan: a-squared Web Malware Scanner[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component]There are three options: Quick Scan, Smart Scan, Deep Scan and Custom Scan. The default selection is Smart Scan which is fast and scans the most important folders.1. Click "Scan Your PC".2. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click "Insall ActiveX component".3.... Read more

4 more replies
Answer Match 81.48%

McAfee alerts me that C;\windows\system32\xlibgf1254.dll is infected with generic downloader.btt and that it cannot be deleted. I try to delete, clean, and quarantine, but none of these options will work because the file is protected (I think that is why it says it cannot be deleted).

I know practically nothing about computers, what should I do? Below is the HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 7:16:11 AM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\hkcmd.exe... Read more

A:Generic Downloader.bt

Hi cantillon,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here?s what we do first.


Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please download the Killbox by Option^Explicit and save it to your desktop.

NOTE: In the event you already have Killbox, this is a new version that I need you to download.
Please double-click Killbox.exe to run it.
From the main Killbox window, select:"Delete on Reboot".
"All Files".

Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C:

C:\windows\system32\xlibgf1254.dll

Return to Killbox, go to the "File" menu, and choose "Paste from Clipboard".
This is pasted into the "Full Path of File to Delete" field.
There?s a little arrow (drop-down arrow) next to that field. If you expand it, the lines that you pasted must be there together (if the files are present!).... Read more

1 more replies
Answer Match 81.48%

Like many, I'm having problems with pop-ups. I've done a search on this board and maybe it's a Java update problem? Here's my Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:14 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox... Read more

A:Generic.dx Downloader BEA

11 more replies
Answer Match 81.48%

Last week, McAfee apparently detected a trojan on my computer. The scan logs contained the following information:

3/21/2010 2:41:40 PM Quick Scan Cannot be removed
One or more items were detected on your computer.
Detection name: Generic Downloader.x!dhy (Trojan), Generic Downloader.x!dhy (Trojan)
File: C:\WINDOWS\SYSWOW64\PACONSPE.DLL

3/21/2010 2:44:59 PM Real-Time Scan Repaired (removed)
One or more itmes were detected on your computer
Detection name: Generic Downloader.x!dhy (Trojan), (this detection name was then repeated 34 times)
Registry: C:\Windows\SysWOW64\paconspe.dll
Process: C:\Program files (x86)\Malwarebytes' Anti-Malware/mbam.exe
Process description: Malwarebytes' Anti-Malware

I have since run scans with McAfee, Ad-Aware and Malwarebytes. None of them has detected anything malicious. I ran HijackThis last night and can post that log if necessary.
My computer appears to be operating normally, but I want to confirm that I no longer have an infection.
Thanks in advance for any help.
(Edit: I am using Windows 7 Pro, 64 bit.)

A:Generic Downloader.x!dhy

Update:
I scanned the computer with ESET and it reported the following:
C:\Windows\Installer\127dcb.msi Win32/TrojanDownloader.VB.OIC trojan deleted - quarantined
I also ran SuperAntiSpyware, but it came out clean.
Please, can anyone advise what I need to do? Am I okay to use this machine now or should I still be concerned about possible infections?
Thanks.

5 more replies
Answer Match 81.48%

Recently AVG has been popping up showing a trojan downloader.generic.hgt on my computer. i'm not sure how to get rid of it and several other spyware/malware seem to be on my computer such as something called Look2me which windows defender keeps picking up.

Here is my hijackthis log file

Logfile of HijackThis v1.99.1
Scan saved at 7:10:04 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\regsvc.exe
C:\Program Files\TFTP Turbo\tftpt.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\defender22.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\w... Read more

A:Downloader.Generic.Hgt

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

18 more replies
Answer Match 81.48%

Caught this with mcafee scan but will not delete or quarintine. In file C:\WINDDOWS\SYSTEM32\xlibgfl254.dll -- any suggestLogfile of HijackThis v1.99.1
Scan saved at 4:53:09 PM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVD... Read more

A:generic downloader.bt -- win xp

7 more replies
Answer Match 81.48%

Hey guys,

I was here a good while back and you were able to help me out perfectly - thanks! But alas, I've a new problem. McAfee was detecting the generic downloader.ab and unable to delete it, it just kept coming back. I turned off system restore and ran a scan in safe mode and this seemed to work better, but it came back again. I had to go away for the weekend and my dad allowed one of the programs through the firewall (Microsoft MediaUpload? - bgates.exe) and now my computer is littered with phoney antivirus software and security alerts. The homepage has changed too. Here my hijack this log... any help would be greatly appreciated...

Logfile of HijackThis v1.99.1
Scan saved at 10:53:38, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system3... Read more

A:Generic Downloader .ab

Hey, I've tried ewido and spysweeper in safe mode since posting this... They detected reams of stuff, but the infection seems to be still there. Here's the latest HijackThis logfile...

Logfile of HijackThis v1.99.1
Scan saved at 14:57:01, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\... Read more

3 more replies
Answer Match 81.48%

Every Friday McAfee finds 1-3 files infected with Generic Downloader Trojan in windows/system32 folder. I've seen several blogs/forums addressing the issue, but I'm really PC ignorant and haven't been able to follow. It really hasn't affected my PC performance, but my firewall has detected strange programs attempting to access the internet.

Please help.

Thanks,
 

A:Generic Downloader.S

16 more replies
Answer Match 81.48%

I am running Windows XP Pro and IE7. I have McAfee anitvirus and Windows firewall behind a firewalled wireless router. AFter a recent Windows update, it removed the browser from the task bar and I can not find out how to get it back. Now every time I start Explorer, McAfee alerts that is has detected and removed viruses called "pws-wow", "generic downloader" and "online games." The files are different names but have been mf0824.exe, sl3.exe, db820.exe, sgxlxxaspf.080825.exe, us.exe, and dwbins.exe to name a few. Today it was "123123.exe". I have seen file paths to temp internet files/content/, local settings/temp, and documents and settings/administrator. I also occasionally get a window open for a porn site such as stickytube.com or letusshearch.com.I have run Adaware and shows no objects. Super Anti Spyware shows no objects. Spybot shows no objects. McAfee Stinger shows no objects.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:22:55 PM, on 8/27/2004Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\svchost.... Read more

A:Pws-wow, Generic Downloader, And Others

Hello Vmaxxed and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

1 more replies
Answer Match 81.48%

My McAfee anti-virus software is detercting a trojan caled Generic Downloader.z but it cannot clean, delete or remove it. Please advise me n how to remove it. I am using Windowns XP Profesional. Below is my HijackThis log. Thanks in advance for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:14 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\... Read more

More replies
Answer Match 81.48%

hello i need help,,,,i have a virus but cant remove it of comp. its called generic downloader.cits in c:\windows\system32\st3.dll. my comps runner slow loadin up anything pls help.Mod Edit: Moved topic to more appropriate forum, and resized excessive font and closed open tag. ~ Animal

A:Generic Downloader.c

Quickest solution is to post a log file of Hijack This.

2 more replies
Answer Match 81.48%

I have been infected by this trojan and i have no idea how to get rid of it. can someone help

A:generic downloader .bt

Hi b mercey and welcome to TSF

Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt back in this thread (do not attach it).
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box: C:\ComboScan\Supplementary.txt

Click Upload.

3 more replies
Answer Match 81.48%

Logfile of HijackThis v1.99.1Scan saved at 5:05:00 PM, on 10/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\program files\mcafee.com\vso\mcvsshld.exec:\program files\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Dell AIO Printer A940\dlbabmgr... Read more

A:Generic Downloader.c

1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exehttp://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall=========================Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop.When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.3. On the main screen select the icon "Update" then select the "Update now" link.o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".6. Under "Reports"o Select "Automatically generate report after every scan"o Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do Not ru... Read more

1 more replies
Answer Match 80.64%

Hey guys, I recently turned on my computer and was greeted by McAfee's message about a trojan called Generic Downloader.z However, McAfee said it could not delete or quarantine the file. My computer is running alot slower and I have no idea what to do. I am home for the weekend for Thanksgiving before going back to college next week so I am hoping I can fix this as fast as possible. Thanks in advance for the help.

Here is my Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:33 AM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Expl... Read more

A:Generic Downloader.z/trojan?

14 more replies
Answer Match 80.64%

I've been dealing with some type of infection for a few weeks now. When I run my McAfee scan it runs smoothly until it hits about 35000 files that it has scanned and then every file after that it detects and names a detection. I've tried to let it run completely as it says it is either "quarantining" or "deleting" the files, but it would take days to let it run through every single file and complete the scan. The items that it is detecting are: Downloader-BEA (Trojan), Vundo (Trojan), Vundo.dr (Trojan), Generic.dx, and Generic Downloader.k. It started out with just the "Vundo" items which I thought I had gotten rid of. I had read another post on here an followed the directions by downloading and running the "VundoFix" program. It detected some infected files but apparently did not remove everything. Now there are even more files infected and even more types of infections that I don't recognize.

I have run other scans besides McAfee before. The scans that I've run include AdWare2007, PCPitstop Extermniate, RegCure 1.5.0.0 and XoftSypSE.

I have also run Ccleaner, scanned with Super AntiSpyware Free (in safe mode) and removed, reinstalled and scanned with the VundoFix again as someone had instructed me to do.

The results of the Super AntiSpyware Free are as follows:

Threat Detection/Detected Items

Adware.Vundo Variant (6)
Adware.Vundo-Variant/Small-A (12)
Trojan.Downloader-Gen/DDC (5)
Adware.Tracking Cookie (19)
... Read more

A:Downloader-bea, Vundo, Generic.dx-i Can't Get Rid Of

12 more replies