Over 1 million tech questions and answers.

What is Heur.Agent/Gen-WhiteBox?

Q: What is Heur.Agent/Gen-WhiteBox?

Hi, I am new here, I appreciate being able to put my question here It may be nothing.....but this has popped up today while running my daily SuperAntiSpyware scan. Just what is Heur.Agent/Gen-WhiteBox? Is it harmless? Thank you! SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/26/2012 at 08:05 AM Application Version : 5.0.1142 Core Rules Database Version : 8168 Trace Rules Database Version: 5980 Scan type : Quick Scan Total Scan Time : 00:09:56 Operating System Information Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 567 Memory threats detected : 0 Registry items scanned : 17168 Registry threats detected : 0 File items scanned : 10785 File threats detected : 4 Adware.Tracking Cookie .atdmt.com [ C:\DOCUMENTS AND SETTINGS\RE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GHIM0J8F.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\DOCUMENTS AND SETTINGS\RE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GHIM0J8F.DEFAULT\COOKIES.SQLITE ] .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\RE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GHIM0J8F.DEFAULT\COOKIES.SQLITE ] Heur.Agent/Gen-WhiteBox C:\DOCUMENTS AND SETTINGS\RE\DESKTOP\PROGRAMS\XP-CODEC-PACK-2.5.1.EXE

Read other answers
RELEVANCY SCORE 200
Preferred Solution: What is Heur.Agent/Gen-WhiteBox?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 106.4

Is it safe to remove the following detected by SuperAntiSpyware ;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/15/2013 at 07:26 AM

Application Version : 5.6.1040

Core Rules Database Version : 10831
Trace Rules Database Version: 8643

Scan type : Complete Scan
Total Scan Time : 00:53:14

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 36350
Registry threats detected : 0
File items scanned : 37874
File threats detected : 1

Heur.Agent/Gen-Whitebox
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02F049B6-3E4B-4D6F-8AAB-381EEAFD87DA}\RP12\A0005854.EXE
Considering which file it is in

I have just set a restore point pre removal whitebox and then I clicked on the report to discover where the infection is, so am wondering it I let SAS remove the program is it going to cause a problem with system restore?

Is it safe to remove this program?
 

A:Heur. Agent/Gen- Whitebox ~ safe to remove?

you cannot remove individual objects from system restore
attempting to do so breaks the restore point and makes it unusable

That is a heuristic detection by SAS and in 99.999% of the time, it is an INCORRECT detection so I would be more inclined to ignore it or check with a series of other scans by other anti-malware programs before considering any action
 

Read other 1 answers
RELEVANCY SCORE 58

Hi all. I'm a new poster. I'm trying to figure out how to "disinfect" my system. On Dec. 1st Trogan.agent/Gen-Nullo [Short] was found by Superantispyware and it was quarantined and removed (so it said). The computer never recovered from that and I find pages load slowly, typing lags severely when posting to blogs and such and sometimes in email, and going from tab to tab is very slow as well. I don't think the virus/trogan has been completely removed. I've scanned with GMER and dds. I've included them. I'd appreciate any help I can get.

A:Superantispyware found Heur.Agent/Gen-FakeSAS

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433104 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 4 answers
RELEVANCY SCORE 57.2

Hello!
 
Every month, I scan my computer just in case i had a virus, using "deep scan". I have the clasic "pack 3" (Avast free, Free Comodo firewall and Malwarebytes Premium),  so i scanned with those.. well, only with avast and malwarebytes. They didn't find nothing bad.
I found another Scanner ( Kaspersky Security Scan ) to scan a last time, "just in case" again, but it found 1 trojan:
 
Kaspersky Security Scan
HEUR:Trojan.Script.Agent.gen
- C:\ProgramData\InstallShield\Update\isuspm.ini
 
Is that a real virus/trojan? or a false positive?
 
The computer doesn't have any typical problem ( slow, pop ups, or weird behaviors)
 
After that, i scanned again with tdsskiller in safe mode but it didn't show nothing bad.
 
 
What should i do?
I had Windows 10, Avast free, Free Comodo firewall, Malwarebytes Premium
Thanks!

A:HEUR:Trojan.Script.Agent.gen inside isuspm.ini ?

Heur...heuristic....meaning something about that file caused Kaspersky to point to it as possibly malware.
 
I doubt that it is malware as the INSTALL SHIELD UPDATE is a legit program. If you are not experiencing well
known malware or adware issues I would suggest considering it a false positive.

Read other 3 answers
RELEVANCY SCORE 57.2

Those are just some of the thing my computer are infected with. I've been helped before but i think i've been hit really hard this time... My computer is going extremely slow. My internet is a whole different story i'm supposed to be getting 6 Mbps of D/L and right now it's at like 500Kbps. I've tried to run Pandaactive scan multiple times and keep recieving an error message. I have Avira Antivirus.. most of those viruses are quarantined (i know of at least 3 that aren't) I ran DSS 6 times and it would not produce a extra.txt so here's the main.

Deckard's System Scanner v20071014.68
Run by kelly mckenzie on 2008-04-26 21:03:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as kelly mckenzie.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:51 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 50

Hey again. I'm getting a whitebox for my new system, as I already have a legit copy of windows 7 ultimate.
Is there any other issues I should know about when it comes to a whitebox?
Do I have to install all drivers for everything then?
I mean BIOS and all?

A:WhiteBox Question

It will have a BIOS, whether it's the latest one is another question.

If you're getting a new system with no OS, then you will have to install everything - drivers and all.

Read other 9 answers
RELEVANCY SCORE 49.2

Hey I'm looking to sell my old laptop and probably get around $400. I want to make my own laptop but i have no idea of what to get. I saw similar threads on building a pc and i was looking for some help on laptops. I guess i am looking to spend no more than $1200. Can anyone help me out here? Thanks
 

A:Building a Whitebox/Barebones Laptop

I think you would be much better off buying a off the shelf laptop. Not to many regular people build their own laptops.
 

Read other 3 answers
RELEVANCY SCORE 48.4

Tiger Direct has a store here in Raleigh NC.

They have a special deal on a barebones kit (after rebate $99)

A Soyo Ultra Mini Dragon ATX case (Chieftec case)
Soyo Dragon PI845PE V1.0 socket 478 motherboard
400 watt WhisperTech power supply
Intel 845PE chipset
800MH front side bus
3 DIMM slots support 2GB of PC 2700 DDR 333 memory
one 4X AGP slot, 6 PCI slots
IDE ultra ATA100 controller
USB and SATA raid controller
USB 2.0
10/100 LAN
onboard 4 channel audio

I recognize the Soyo and Chieftec brand names, have a favorable impression of them, but good companies can make bad products.

Is this a reasonably good set of specifications for a first time do it yourself "white box" ? (it would really be red!)
 

A:Solved: Advice for newbie whitebox builder

Read other 8 answers
RELEVANCY SCORE 43.2

This weekend we're going to have an "old folks LAN", mostly AoE2, OpenTTD & Quake3. So now I am setting up a couple of notebooks that really needed a makeover. I ran into troubles with a "Whitebox"-machine, belonging to my home master. She says the company is Chinese and went bust, well, I can't find all I need and I am running out of time. Does anybody know the producer? I lack, amongst others, the graphics drivers, see screenshot. Funny thing is that I wrote that down beforehand (Mobile Intel 915 GM/GMS, 910 GML), and I installed the supposedly proper software. But it's not working. I even copied the system32/drivers-folder of the former XP-installation, but I can't find the right drivers there. There is also a problem with a multimedia-device, and I don't get it. So if anybody knows the machine, or has quick solutions, I would be VERY happy!
 

A:New XP setup of "Whitebox" laptop; lack drivers

If you haven't already, try going to Intel's website and download the drivers for the 915 chipset.
 

Read other 2 answers
RELEVANCY SCORE 42.8

I have Win XP Media Edition....Today my computer started shutting down by itself. So, I remebered a friend advising me the MSSE was not really up to date on its protections. Not sure...so downloaded Malwarebytes and ran a full scan.

I found SpamTool.Agent, Trojan.Agent, and 2 Rootkit.Agent infections.

My research lead me to this site to get rkille.exe, rkill.com, etc.

How do I find this and then the tdss killer?

Other sites mention this and want you to sign on with them. But, I heard this was a free download from bleeping computer? Where can I find it?
Bill

A:Rootkit.Agent, Trojan.Agent, SpamTool.Agent Removal???????

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

Read other 1 answers
RELEVANCY SCORE 39.6

JAVA/Dldr.Agent.W; JAVA/Agent.M.1; JAVA/Agent.AN; HTML/Infected.WebPage.Gen were detected separately between 2 scans from Anti Avira, however, Malwarebyte scans have shown nothing. Thanks for the helpDDS (Ver_10-03-17.01) - NTFSx86 Run by user at 0:02:07.42 on 09/01/2010 WedInternet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Home Premium 6.1.7600.0.950.852.1033.18.3037.1732 [GMT -7:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\nvvsvc.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Lenovo&#... Read more

A:JAVA/Dldr.Agent.W; JAVA/Agent.M.1; JAVA/Agent.AN; HTML/Infected.WebPage.Gen detected by AntiAvira

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 18 answers
RELEVANCY SCORE 37.6

Hi Boopme
Are you here?
Do I need to post everything that I have already posted to you here?: http://www.bleepingcomputer.com/forums/forum103.html
or is someone else going to help me? if so please let me know and I will give details to them.
By the way - this morning before work - I deleted my quarentine folders from SuperAntiSpyware and the logs from my desktop and ran a scan and it didn't pick anything up! But my Malwarbytes will not load again from the task bar when I click on it - it would not let me stop it by right clicking either so hoping it wasn't running a script for the DDS scan? - so I'm afraid my trojans might be back! I was going to run the Rkill one more time - but I didn't
I couldn't run GMER - I have Windows 7 64 bit and it would run but it didn't give me any options to check mark. I was using the 34 bit explorer (does that matter?)
Also the defogger - I'm not sure it worked as it didn't come up for me to click the finish button - it just went back to the little box that says disable? But I did get the DDS logs.
Here is my DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by tamhbrih at 18:15:58.57 on Mon 02/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.802 [GMT -7:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/... Read more

A:Infected with Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake] &Trojan.Agent/Gen-PEC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 23 answers
RELEVANCY SCORE 37.6

Recently upgraded to v1.8 and now we are getting permissions errors from our SIEM when trying to get Security logs (collects system, application just fine).  I went through the logs and confirmed that all of our dc's (dozens) stopped collecting within
seconds of the Microsoft ATA Gateway (Light) agent upgrade from v1.7 to v1.8.  Any ideas??  Already tried running the SIEM agent service as several different admins with no difference.  
Does the new v1.8 ATA agent "harden" the Security logs via permissions to protect it against attacks?  

Daniel  

DB

Read other answers
RELEVANCY SCORE 37.6

old sony laptop with windows xp pro sp3 intel pentium 3 with 640 MB rami've got some nasty bugs on my laptop. i can remove them with spybot or malwarebytes, but they come back every time i restart the pc. they are able to turn off windows firewall and symantec anti-virus autoprotect. my laptop got infected after my desktop, so both are only in safemode and off the network for now. any help would be greatly appreciated.from spybot:win32.delf.ucfrom malwarebytes:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\llpinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\nvtpm32.dll (Spyware.Agent.H) -> Delete on reboot.C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\azton.mt (Trojan.Agent) -> Quarantined and deleted successfully.Here is my log from HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:41:32 AM, on 3/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.ex... Read more

A:Laptop infected with win32.delf.uc, Spyware.Agent.H, and Trojan.Agent

you can close this out as i actually just did a clean reinstall of the OS. however, if anyone can help me with my other PC i'd prefer to not reinstall it as well:http://www.bleepingcomputer.com/forums/t/207842/desktop-infected-with-trojanagent-more/it has:trojan.agentadware.cometadware.starwaretrojan.dnschangerthanks!

Read other 2 answers
RELEVANCY SCORE 37.6

This virus was unknowingly attached to a game that was downloaded on my pc. I am using a different pc to post here as the virus prevents me from launching websites that offer support for its removal. Other posts that I have read recommend running an online scanner from eset. Unfortunately, for me, this would be one of the many sites the virus prohibits me from accessing. If I attempt to locate a help site from a search engine, I am redirected to other random sites. If I manually type the URL of a help site in the address bar, the site is blocked.I was able to run HijackThis and am providing this log. Any assistance that you can offer will be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:59:04 PM, on 9/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\basfipm.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINNT\Explorer.EXEC:\Program Files\Symantec AntiVirus\... Read more

A:Trouble With Virus: Win32.agent.gvu / Trojan.downlader.agent.aejp

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 37.6

When I restarted my Vista 64bit Gateway Desktop PC 5 days ago, I recieved a BSOD stating Driver Power State Failure 0x0000009F. Ever since I have rebooted, I am getting constant freeze ups and extremely slow start ups rendering the function of most programs useless. I have tried running normal Avast scans in regular mode without success, but in safe mode, I was able to run a complete Avast scan in safe mode which no major results, and after running Superantispyware free edition scan it located and quarantined:
 
Rogue.Agent/Gen-Nullo [dll]
Trojan.Agent/Gen-Autorun
Heur.Agent/Gen-whitebox
 
I then proceeded to run a Malwarebytes Full Scan but the scan always gets stuck on: File C:\windows\syswow64\sql..... srv32.rll,  wid.dll, woa.dll 
I have run these scans for over 12 hours but most of the time it freezes up at 6hrs 53 mins... There are 37 infected files detected, but I cannot fix them since the scan never finishes. 
 
I also had a 'not a genuine windows' issue pop up in the bottom right corner which cant be correct because this desktop has not been modified in anyway and it came with a certified Vista 64bit OS pre-installed by Gateway. I seemed to have remedied the pop up from appearing, but I suspect this has something to do with the other issues I am having. 
 
I have tried using an earlier system restore point, but it did not remedy the problem
 
.I've also recieved a pop-up in the middle of the screen a few times now that sta... Read more

A:Rogue.Agent/Gen-Nullo & Trojan.Agent/Gen-Autorun Viruses Detected Need Help!

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

Read other 3 answers
RELEVANCY SCORE 37.6

My computer runs slow at times, so I started a boot scan with Avast Free Home Edition. Scan results showed Java: Agent-TB and Java:Agent-WY. Boot Scan didn't complete due to a brownout in our neighborhood. I had to use System Restore to reboot computer.

I'm running Windows 7 Home Edition on a Toshiba A665-S6090 64-bit laptops
Avast Free Edition version 6.0.1289 Update Engine and Virus Definitions version 111016-1 COMODO Firewall Free Edition version 5.5.195786.1383
Malwarebytes' Anti-Malware 1.51.2.1300, Database version 7962
SuperAntiSpyware Free Edition 4.33.1000, Database Definition Version Core: 7801, Trace 5613
Ad-Aware Free Edition 9.5.1
Glary Utilities Free Edition 2.38.0.1288, Database 2011-09-30.

I primarily use Firefox 7.0.1 and Opera 11.51.

Ad-Aware and CCleaner don't seem to complete there scans recently.

DDS Log File

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by bondzephyr at 22:52:43 on 2011-10-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1630 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {249382... Read more

A:Avast Boot Scan found Java: Agent-TB and Jave: Agent-WY

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad... Read more

Read other 17 answers
RELEVANCY SCORE 37.2

Good Day,

Are there any issues with putting an ATA gateway agent on a DC while that DC is also running another HIDS agent (alien vault)?
I am updating our ATA installation from 1.4 to 1.7 and would like to use the new agent but don't want to impact the existing setup.

thank you,
Franz

Read other answers
RELEVANCY SCORE 37.2

Hi

My Neighbour has asked me to have a look at her laptop as all her programs, desktop icons and desktop background have disappeared and I have exhausted all avenues to try and fix it for her. Below is a list of what i have done and found.

Acer Aspire 7540 series Laptop running windows 7 home premium 64bit operating sysytem

1 Mc affee full scan found nothing

2 Ran Rkill then maleware bytes and it found 10 infections and removed them.

3 Ran Rkill then SAS and SAS found tracking cookies and two trojans which are Trojan.Agent/Gen-IExplorer[Fake] and Trojan.Agent/Gen-PEC. SAS managed to delete all the tracking cookies however these aforementioned trojans are persistent and SAS reports as removing them but on a re scan with SAS the are still there. I can see from the logs that It is IExplorer.exe that is the issue here but i am now at a loss as to what to do.

4 Ran unhide.exe which brought back most of the files however the program files from the start menu still show as being empty.

I think that the problem is the fake Iexplorer starts and runs at startup and cant be stopped by rkill but am unsure as I am a hardware diagnostic engineer with limited experience on software issues and people keep asking me to have a look at there computers for them and i like to try and help people as much as i can but am stumped on this one.

Any assistance that you can give me would be greatly appreciated

Many thanks

Read other answers
RELEVANCY SCORE 36.8

I want to start by saying this is my third time here and you guys have been absolutely FABULOUS the other two times. (I say that not by way of pressure! but appreciation for all you all do!).I have run McAfee, Adaware, Malwarebytes, and superantispyware, and got the above items quarantined, but am still having non-stop popups, and I can type in a URL but if I click a link who knows where I'll end up. Looks like most of the required stats are in the dds file, so here it is. If you need anything else, just let me know. Oh, and I'm attaching my attach.txt but can't attach the ark file, as gmer gives me a BSOD every time I try to run it. No error codes, just "your computer has encountered blah blah and has to shut down." If you need the precise text of that I'll recreate it for you.Also, the date on these files is 7/31, but they should still be current since the PC's been sitting turned off and disconnected from the internet since then, but if I should run updated files, again, just let me know.Thanks in advance!LynnDDS (Ver_10-03-17.01) - NTFSx86 Run by Lynn Springle at 15:56:45.03 on Sat 07/31/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1007 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===========... Read more

A:trojans: .fake-alert, .agent, .vundo, .bho, and .downloader; spyware.banker, adware.popcap and rogue.agent/gen-nullo[dll],

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 27 answers
RELEVANCY SCORE 36.8

Hello. I have been directed to post an SSD log on this forum board for diagnosis. From this topic: http://www.bleepingcomputer.com/forums/t/203036/systemexe-problems/ ~ OB About midway through January, my computer caught a very strange virus, causing my desktop background to be changed to some "Warning: Your computer is infected with PassCaptures, many viruses blah blah..." I remember seeing the exact same background that I had on my desktop on the Home section. But after running MBAM, my computer seemed to work normally. Now everytime I scan my computer with MBAM, the same Malwares show up. I am stuck on what to do next. At the moment, my computer is only exhibiting minor symptoms, such as when I open my Firefox Browser Shortcut on my Desktop, a box titled "Malformed File" pops up and reads "Firefox could not install this item because "install.rdf" (provided by the item) is not well-formed or does not exist. Please contact the author about this problem." But as soon as I press "OK". Firefox opens up. Some sites appear different though. I also have several "iexplore.exe" that are in the "Processes" tab of the Task Manager. Finally, my computer will beat periodically and randomly every 2-3 minutes. All right here is the SDD scan, and its attachment:DDS (Ver_09-02-01.01) - NTFSx86 Run by Akaash Prasad at 21:59:42.85 on 2009-02-27Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.664 [GMT -8:00]AV: AVG An... Read more

A:Backdoor.bot, Trojan.agent, Rootkit.agent, and others on my Comp

Hello aNimosity1 and welcome to Bleeping Computer,I'm afraid I have bad news for you I see you're dealing with Virut on top of the other nasty malware on your system. In that case, it's unfortunately a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.htmlGreetings,Thunder

Read other 7 answers
RELEVANCY SCORE 36.8

Hello-

My Malwarebytes Antimalware scan shows these infections:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent)
C:\Documents and Settings\MH\Local Settings\Temp\dgankqeo.dat (Rootkit.Agent)

My Avira scan shows: Trash.gen

Both programs say that these infections are locked and will be removed when I restart the computer, but they are still there when I recheck. I've tried turning off system restore, but this doesn't seem to make a difference. I've run SuperAntispyware, Adaware, SpywareBlaster, and CCcleaner, but nothing gets rid of them.
Please help!

Here's the DDS.txt:
DDS (Ver_09-03-16.01) - NTFSx86
Run by MH at 11:11:16.46 on Sun 04/19/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.542 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: Online Armor Firewall *enabled*

============== Running Processes ===============

C: ... Read more

A:Infected with Trojan.Agent, Trash.gen and Rootkit.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 36.8

Hi I'm brand new any sort of forum - so don't really know the form. What I know is that my daughter's laptop has the above Trojan Horse viruses that have knocked out the AVG control centre, any internet connection and the C drive (probably lots more as well). So I'm doing this on my PC. The HijackThis log file follows - very grateful for your help to recover things: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:50:28, on 21/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\WINDOWS\SYSTEM32�... Read more

A:Trojan Horse Dropper.agent.git & Backdoor.agent.pta

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 49 answers
RELEVANCY SCORE 36.8

I am working on my fiance's laptop. She gave it to me after seeing AVG Resident Shield warnings last night. AVG scan (free) identified Trojan PSW.Agent.AGLY and AVG Resident Shield identified Rootkit-Agent.EG, Virus BAT/Deleter & Exploit. AVG could not clean or heal the infections saying object is inaccessible. The Resident Shield found the Trojan horse Rootkit-Agent.EG under C:\Windows\system32\drivers\asyncmac.sys and said "Object is white-listed (critical/system file that should not be removed).I do not get a dialog/Open box to attach the attach.txt and ark.txt files. Please let me know if these can be pasted or why I possibly cannot get the box to open. It appears the Browse button is depressing, but I do not get a dialog box to select the files.Please help! DDS.txt:DDS (Ver_10-03-17.01) - FAT32x86 Run by Suzanne at 13:03:07.71 on Fri 05/21/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.632 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\S24EvMon.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Fi... Read more

A:Infected with Trojan PSW.Agent.AGLY & Rootkit-Agent.EG

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 13 answers
RELEVANCY SCORE 36.8

Hello,

I am new to the forum and just learning my way around. What a great resource! Thanks.

I am running AVG, and it informs me (threat detected!) that I have some trojan horses:
tojan horse agent.AABY and trojan horse agent.AACL

I have tried to heal the files to no avail. I have tried deleting the files and nothing.

I downloaded and ran Malwarebytes Anti-Malware and it found 6 affected files which I deleted, and I am still getting the message from AVG...

I appreciate your help!

-Cynthia

A:Trojan Horse Agent.aaby And Agent.aacl

Did AVG provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?

Read other 7 answers
RELEVANCY SCORE 36.8

Hi, Thanks in advance for your assistance. I'm new to this forum (any forum). Below I've listed what procedures I performed and selected resulting logs. Let me know what additional information I can provide to assist. I received repeated pop-up Windows Security Alert warning of a potential spyware operation. I performed the following:NOTE: I do not have access to the control panel.1. I believe I have my system set to show hidden files, but can?t confirm since I don?t have access to the control panel. Perhaps there is another way?2. I downloaded and ran, the following recommended software from MISEC.NET forum and/or BEEPINGCOMPUTER:a. Spybot-S&D,b. Ad-Aware,c. A-Squared,d. CCleaner, safe modee. TrojanHunter, safe modef. SuperAntiSpyware (2 errors resulted in regular mode and safe mode); do you need the log? Where is it saved?g. Could NOT load F-Secure Blacklight with AVG running/disabled. Would not uninstall.h. BitDefender (not remote). i. Could NOT load/run REMOTE scan with BitDefender, could not change to administrator since I don?t have access to the control panel. Perhaps there is another way? I ran in regular mode. Could not determine how to copy/paste log. Advise if needed and steps to take.3. Made HijackThis log.NOTE ? I just found another list of suggested procedures that include a few different antivirus/spyware programs to be run. If needed just let me know and I will download and run. [not run ? Housecall anti virus; panda anti virus and mcaffee a... Read more

A:Recurring Pop-up; Trojan.agent.afhf; Possibly Agent.100

Hello TPayne,Sorry for the long delay, we are really swamped with logs right now. NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of the SmitfraudFix report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 31 answers
RELEVANCY SCORE 36.8

I believe it is time to find the perfect accomplice (Analyst) to get me out of a gap between the rock and a hard place. you see, not only the agent trojan infected my computer, but several others. No popups after I have remove the infection with ewido and tried to uninstall MyWaySearch Toolbar, but it has been set to where my mouse is acting strangely like a keylogger has been lurking on my system. Here is my log. Are you in for the challenge?

Logfile of HijackThis v1.99.1
Scan saved at 7:56:54 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\aarons\Desktop\Misc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = htt... Read more

A:Help!!! Agent Trojan et.al trapped this secret agent (jspygone007)

New log... IN NORMAL MODE!!!

Logfile of HijackThis v1.99.1
Scan saved at 11:14:55 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tra... Read more

Read other 13 answers
RELEVANCY SCORE 36.8

I was getting popup windows saying "MSVideo.dll is not a valid Windows image". (See previous discussion in link). Norton Internet Security 2011 and Malbyteware found nothing. SuperAntiSpyware found the above viruses and removed them. I continued to see popup windows after doing this. To see if everything is gone I was instructed to create log files with DDS and GMER. The dds.txt file is pasted below. The attach.txt and ark.txt files are attached. I just tried to run SuperAntiSpyware and got the same error page about msvideo (see attached image). So something is still wrong.DDS (Ver_10-12-12.02) - NTFSx86 Run by Les at 11:48:20.37 on Fri 02/25/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1331 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Motive&#... Read more

A:Rogue Agent and Trojan Agent/Popup windows

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 32 answers
RELEVANCY SCORE 36.8

I had noticed recently that my pc hard drive would by spinning up nad my hd activity light would be on like constant flickering red even when i wasnt using it at all. I did an online scan with eset online scanner just to see if i could tarck down the problem. Unfortunately for whatever reason when i looked at the log it was supposed to save of the scan it had not saved anything that would describe what it found and removed. I do know it was something about Agent.nbl & Agent.nbs And to do with possible java something or other. I am including the logs from Hijack This and other reqested items Although as I have 64 bit system i cannot use Gmer.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:55:54, on 16/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\D-Link\DWA-140 ... Read more

A:eset online scanner found Agent.nbl & Agent.nbs

Read other 8 answers
RELEVANCY SCORE 36.8

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 36.4

I can't post a log because when I run MalwareBytes and Copy the log to clipboard it comes up empty.  But Malwarebytes keeps finding three persistent malware that it keeps saying it quarantined and I try to delete, but they show up after every single scan.
 

 
I've posted the image above and attached it to this post.  Help me get rid of these please.
 
Trojan.Agent   Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/5/2015
Scan Time: 11:31:39 PM
Logfile: 
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2015.02.06.03
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: SillyTilly
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373147
Time Elapsed: 22 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end) 

A:Trojan.Agent, Backdoor.Agent.CHGen, & Backdoor.Agent.E

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, ... Read more

Read other 36 answers
RELEVANCY SCORE 36.4

Trojan appears to be gone but computer doesnt function normally. I have tried several malware removal tools, forum solutions of somilar issues, and restore to a previous time with no luck.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by carol at 13:57:24.79 on Fri 03/18/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2500 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless... Read more

A:trojan.agent/Gen-iefake trogjan.agent/Gen-PEC

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 4 answers
RELEVANCY SCORE 36.4

I am running Windows 7, 32-bit.  I use AVG and Spybot S&D as antivirus, and haven't had an issue in over 10 years that I wasn't able to clear up myself with these antivirus programs and by reading through these forums ;)   My computer has been running very slow for several months, but I haven't bothered to mess with it much.  With the introduction of smartphones and tablets, my family doesn't use our desktop as often.  Long story short, I haven't kept up on updating and scanning my computer.  I finally decided to look into it, and I seem to have something that is being extremely deceptive that I have never dealt with before.  I ran my normal antivirus and was told on top of several PUPS, I had Trojan.Agent/Gen-Agent and exploit:js/axpergle.  These were found by different antivirus software, I cannot tell you which ones as I've run so many since then I can't remember.  Anyway, the programs say they've taken care of the issue, but clearly I am still harboring a Trojan. Problems I've encountered since "removing" these Trojans: unable to start command prompt - I received an error.  Unable to turn on Windows Defender - error.  Unable to update other antivirus programs - error.  With some antivirus programs I get an error saying it can't update, then it says it was updated.  Then I run it, it finds issues, it says it has deleted them, but it hasn't done anything.  I have run all of these things in s... Read more

A:Trojan.Agent/Gen-Agent and exploit:js/axpergle

Greetings kls_01 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter proble... Read more

Read other 67 answers
RELEVANCY SCORE 36.4

I can't get rid of those trojans here is the hjt log plus the files emplacements PLEASE HELP.
 

A:I'm stuck with 4 trojans.agent.fd and a backdoor agent.ahj

Read other 16 answers
RELEVANCY SCORE 36.4

Like everyone else who writes, I need HELP. Last week I ended up with Trojan.Agent on my computer but was able to get rid of it with Malwarebytes and several other programs. A couple of days ago I noticed I have no sound on my computer. I ran Malwarebytes again and it found and quarantined CrackTool.Agent. I went ahead and deleted it thinking that would solve my problem. Nope. I have read other fixes for this on your site but am not savvy enough to feel comfortable just executing without some hand holding. Can you help?

A:Trojan.Agent last week, now CrackTool.agent

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

Read other 18 answers
RELEVANCY SCORE 36.4

Hi,

I currently am running windows xp and performed a virus scan using avira antivirus. The scan came back with two different viruses showing up. One was TR/agent.66048.153 and the other was adware/agent.180224.a. These both showed as being unppc.exe and ppal3ppc.exe. I have people pc files still on my computer but i thought i had deleted the program and the files ages ago. Am i infected with viruses?

Thanks.

A:TR/agent.66048.153 and adware/agent.180224.a

Hello, unppc.exe is a process from PeoplePC. It can be found in the location of C:\. It is a potential security risk which can be modified maliciously by virus. unppc.exe virus should be disabled and removed.Lets scan further.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmart... Read more

Read other 8 answers
RELEVANCY SCORE 34.8

I believe I was infected last night when a website somehow redirected me to liteautogreatest{dot}cn.I'm running XP Home SP3 and the ZoneAlarm Internet Security Suite (just updated earlier today).ZoneAlarm continually finds a couple of problems and hibernates them but they do not go completely away after a reboot.The ZoneAlarm active monitor scan shows the following...Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BNB.tmp on 4/20/2009 13:29:22Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BNA.tmp on 4/20/2009 13:23:26Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN9.tmp on 4/20/2009 13:17:40Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN8.tmp on 4/20/2009 13:14:30Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN7.tmp on 4/20/2009 13:07:26Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN6.tmp on 4/20/2009 13:02:40Rootkit.Win32.Agent.ikz was found in C:\WINDOWS\system32\drivers\systemntmi.sys on 4/20/2009 12:57:48Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\T... Read more

A:Infected with Rootkit.Win32.Agent.ikz, Trojan-Dropper.Win32.Agent.amzh, Trojans? Malware?

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.alternate download linkThen download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, re... Read more

Read other 3 answers
RELEVANCY SCORE 34.8

From: Eric

I received a computer running XP Media Center Edition from a friend. Its desktop was being hidden automatically unless I told it to "show desktop". I ran SuperAntiSpyware and MBAM on it. They seemed to have removed the viruses. In preparation of this topic I ran GMER, which would not run so I ran TDSSkiller. TDSSkiller got rid of a rookit virus. What I need now is to make sure that the computer is completely clean. Here are the DDS and GMER reports.

Thank you

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by sherri cordry at 20:08:08 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1770 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device S... Read more

A:Comp was infected with Trojan.Agent/Gen-Fake AV, Trojan.Agent/Gen-Hullo[short], Rootkit virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426646 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 26 answers
RELEVANCY SCORE 34.8

Greetings,I seem to have gotten infected with the Rootkit.Agent.H and Trojan.Agent malwares.I have: run disk cleaners CCleaner manually emptied the IE (which I don't use) and Firefox caches and cookies cleaned all my temp files emptied my recycle bin run Trend Officescan, which didn't find anything run SUPERAntiSpyware, which didn't find anything. run MalwareByte's Anti-Malware, which found the two dealies above and said it was going to fix them on reboot, but didn't (log below). run Combofix, which said that it found and deleted the two dealies above, but didn't (log below). have a HijackThis log. I don't know what to do from this point. The only two things that actually find these infections are mbam and combofix, but neither of them seem to be able to clean them from my system.HELP!!!Pax Dominus-------------------------------------------MalwareByte's Anti-Malware LogMalwarebytes' Anti-Malware 1.34Database version: 1801Windows 5.1.2600 Service Pack 32/25/2009 8:23:51 AMmbam-log-2009-02-25 (08-23-32).txtScan type: Quick ScanObjects scanned: 82083Time elapsed: 4 minute(s), 7 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)... Read more

A:Rootkit.Agent.H and Trojan.Agent

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 22 answers
RELEVANCY SCORE 34.8

Whenever I join a Gunz game, i see at the bottom left

Agent Error:Agent Not Available.

This is usually a port-forwarding issue, but mine are fine. I have played this game fine before with max settings, and it ran smooth. Now its just acting up. I have re-installed and still nothing. I can walk around but shows everyone lagging(which means I am).

Please help, it will be most appreciated.
 

Read other answers
RELEVANCY SCORE 34.8

Hi there, thanks for the help in advance.

I have the following problems: I reinstalled vista and several programs a few days ago, probably my computer got infected in some way. I started having a black screen after windows logon (I needed to run taskmgr and then run explorer for windows vista to finish the startup). Just today I noticed my date was changed to 2088, an error of svchost trying to run TDSScrrx.dll, my Windows Security Center could not be turned on. Then I removed Norton, after it did not work at all, I installed Malwarebytes and it detected and quarantined several files. The TDSScrrx.dll error at startup stopped happening. I also got into regedit Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and altered "Shell" from "Explorer.exe "C:\Windows\mchost.exe" to "Explorer.exe", this seemed to correct the Black screen at startup problem but unfortunately every time I restart the Shell is changed back to "Explorer.exe "C:\Windows\mchost.exe"". What can I do to correct this forever? Also I have ran services.msc and trying to enable automatically the Security Center service (only successfully after changing "shell" at registry as previously commented) but once again, after booting my windows Security Center appears disabled every time. I just reinstalled NAV 08 but it seems I still have the problem with my registry changin... Read more

A:Trojan.Agent and Rootkit.Agent

Hi

If you still have above mentioned problem post a fresh dds log, please.

Read other 2 answers
RELEVANCY SCORE 34.8

Hi,

I'm bringing in my girlfriend's laptop, she downloaded something which harmed her laptop. I can't connect to the internet, whatever it is seems to halt any connection. I did an Avira boot up scan because there was no way anything could run once windows vista would start running. Please help, I would like to remove whatever it is that was downloaded.

Thank you!

Julio.
DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Erika at 21:31:31.35 on Sun 11/21/2010
Internet Explorer: 8.0.6001.18975
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4062.2671 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:&... Read more

A:Infected with Meredrop/Agent HY/Agent AH

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 34.8

Samsung NC10 notebook running Windows XP, Avast (free), Zonealarm, Spywareblaster, Firefox & Opera are favoured browsers. It is my usual practice to run at least one of Avast/SuperAntiSpyware/Malwarebytes daily.~~~~~~~~~~A few days ago a full scan with SuperAntiSpyware found and removed two Trojans: Agent/Gen-Siggen and Agent/Gen-AgentSmall. A second scan immediately after restarting the computer was clear, as was a scan with Malwarebytes for a second opinion. The problem since then is with Avast, it seems to have been disabled.The 'Fix now' button does nothing and the 'Start program' link does nothing. It is the free version and the current registration is valid until 25 January 2013.I tried System Restore for two dates well before the infection but they both failed.I have tried to install AVG for some protection in the meantime but get a message saying that an administrator needs to perform the installation - I am the sole user of this computer which makes me think that some setting has been tampered with.I have run either Malwarebytes or SAS (or both) daily since the Trojan removal and they have been clear every time.So my main question, is it likely that I am still infected?If not, how do I reinstate Avast?Any advice appreciated, thanks in advance.~~~~~~~~~The scan log for the Trojans:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 12/21/2012 at 05:47 PMApplication Version : 5.6.1014Core Rules Database Version : 9776Trace Rules Dat... Read more

A:Agent/Gen-Siggen and Agent/Gen-AgentSmall

Hello, these are new False Possitives and shoud not be Removed. This should be fixed in the next update.
Easiest way to fix this is to Uninstall Avast and Reinstall it.

Until the update uncheck these so they will not be removed
https://www.dropbox.com/s/jxeqimsbatm7y4f/SAS%20issue.png

Read other 3 answers
RELEVANCY SCORE 34.8

Was trying to open internet explorer and a virus popup occurred. Stated that I had multiple viruses and started scanning my computer.
This popup was not from my anti virus program, so I closed the program and and my virus program scanned and these items appeared. Now
every time I look up a website, I get redirected,especially when I was looking for help from your site and others. I could not click on the
main web page site, I would have to click on on of the forum feeds in order to not be redirected.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Brenda at 20:01:56.59 on Fri 12/17/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.1468 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32�... Read more

A:TR/Agent.163840.A, TR/Agent.awz & TR/Spy.24064.7

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Download TDSSKiller and save it to your Desktop.

Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

Now click Start Scan.
If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
Click Close
Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Read other 19 answers
RELEVANCY SCORE 34.8

It looks like Thursday afternoon a virus started to take over my laptop.  Initially, the computer slowed way down.  I tried to clean up the hard drive with windows utilities.  Then I ran Malwarebytes, which temporarily improved performance.  The next day, it was once again running very slow.  I re-ran Malwarebytes and then ran SuperAntiSpyware.  As I recall, both times that I ran Malwarebytes, it found trojan files.
 
I never received any messages asking for ransom money or anything else announcing the virus prior to running Malwarebytes.
 
The virus has encrypted all of my files.  Most of my files are on an external hard drive.  I have not found any that are not encrypted.
 
The virus has also used up all of the previously available 30+ gb of hard drive space on the internal drive.
 
I have since ordered a new laptop.  I'm ready to move on from the HP Elitebook.  What I really need is to be able to unencrypt the files that are on the external hard drive.
 
Any help would be greatly appreciated!
 
DDS Log
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64  
Internet Explorer: 9.0.8112.16592  BrowserJavaVersion: 10.25.2
Run by 467065 at 15:31:59 on 2015-01-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3887.209 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabl... Read more

A:Infected with Trojan.Agent.0BGen & Trojan.Agent.ED - hard drive files encrypted

I just found the Cryptowall 3.0 files on the hard drive.  I read the FAQ at
 
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information
 
so, I guess that's all I really need to know.  Thank you for the information.

Read other 3 answers
RELEVANCY SCORE 34.8

Can someone please give me some help regarding this?
I can provide screenshots if a volunteer helps.

A:Computer infected with Trojan.Agent, Worm.Agent, Music folders& Aplikasi folders

hi Ambience,
 
Need to see this topic about generating and posting a FRST log. You can start at Step 6
 
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
 
Iam usually only on line once or twice per day so you may not get a response back from me until the following day.

Read other 23 answers