Over 1 million tech questions and answers.

Trojan horse detected by Superantispyware

Q: Trojan horse detected by Superantispyware

Hello,

My superantispyware has detected a trojan horse, but I can't remove it even after Ihave performed multiple scans as it requested I also have microsoft security essentials, malwarebytes, and microsoft fix cleaner full versions installed on my laptop, so I have no idea how my system could have gotten infected with a trojan horse when they scan every almost every hour and update definitions constantly. PLEASE HELP!

Idris Abdul-Latif

RELEVANCY SCORE 200
Preferred Solution: Trojan horse detected by Superantispyware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Trojan horse detected by Superantispyware

Closing duplicate, please reply here:

http://forums.techguy.org/virus-oth...stant-flickering-within-all-applications.html
eddie

Read other 1 answers
RELEVANCY SCORE 96

I have posted two separate threads this week on trying to get rid of this trojan horse, but no one is responding to me. I need help removing a trojan horse from my system. I have microsoft security essentials, superantispyware and malwarebytes. I don't know how I managed to get a trojan. PLEASE HELP! SOMEONE RESPOND!

Thanks,

Idris
 

A:Trojan horse detected by Superantispyware

Closing duplicate, please reply here:

http://forums.techguy.org/virus-oth...stant-flickering-within-all-applications.html

eddie
 

Read other 1 answers
RELEVANCY SCORE 71.6

I just ran SuperAntiSpyware and it detected the listed threat. I did some searching with Google and it seems this has happened to others and all with similar results that I am having.

MSE detects nothing, Malwarebytes detects nothing.

I would like some opinions, please

A:SuperAntiSpyware detected Trojan.Dropper/Win-NV

get superantispyware to remove it and download this software install it update and do a full scan
a squared free:
Emsisoft Anti-Malware - Best protection against Viruses, Trojan Horses, Spyware, Worms, Dialers, Adware, Keyloggers and Rootkits

Read other 5 answers
RELEVANCY SCORE 70

Title: SuperAntiSpyware detected Trojan.Agent/Gen-Fakealert[Local]Hey guys. I downloaded a friend's rar recently. I did my daily scan with Avast's Boot-Scan (With PUP-scanning enabled), and MBAM on Full Scan. However, when I tried out SuperAntiSpyware, it picked up Trojan.Agent/Gen-Fakealert[Local] on the exe, located inside C:\Users\Lishy\AppData\Local\Temp\Rar$DRa0.677\????? ~ Kioh GyokuSo MBAM picked up nothing, and neither did Avast's Boot-Scan. but SuperAntiSpyware picked it up (Along with a bunch of adware.tracking cookie)I did some googling, and I don't see any fake antivirus things yet.. So either I have a false sense of security, or it's a small-fry.I use SUper-Antispyware to remove it, and SAS asks for a reboot. However, it appears again if I rescan the directory!I manually deleted the directory of the trojan, and it does not pick it up again, however, I am worried I am still not clean. So then I scanned with GMER.After running GMER, since all my other programs were disconnected anyways, I decided to perform another complete scan with SAS and it detected nothing. So...WTF is going on? Am I still infected or not? Was the trick simply to delete the file?And why is it the "temp" directory containing the game's contents were infected, but not the actual game directory itself? I can run the game, re-scan with everything, and not be infected. So... WTF is going on!?Here are my Super-AntiSpyw... Read more

A:SuperAntiSpyware detected Trojan.Agent/Gen-Fakealert[Local]

Hey guys. POTENTIALLY a followup to my other thread:http://www.bleepingcomputer.com/forums/topic445574.htmlToday I received a strange email sent to my YMAIL account:
FULL HEADER OF EMAIL ON YMAIL:
From Windows Live Team Fri Mar 9 08:52:14 2012
X-Apparently-To: LISHY'[email protected] via 98.136.167.125; Fri, 09 Mar 2012 08:52:15 -0800
Return-Path: <[email protected]>
Received-SPF: pass (domain of windowslivemail.com designates 65.55.238.140 as permitted sender)
IHlvdXIgV2luZG93cyBMaXZlIGFjY291bnQgKG1lZ2FtYW4wNzdAaG90bWFp
bC5jb20pLiBZb3UgY2FuIHVzZSB0aGlzIGNvbXB1dGVyIHRvIHJlc2V0IHlv
dXIgcGFzc3dvcmQgaWYgeW91IGZvcmdldCBpdC4KICAgICAtICBUcnVzdGVk
IFBDOiBMSVNIWS1QQwoKSWYgeW91IGFkZGVkIHRoaXMgY29tcHV0ZXIsIGdy
ZWF0ISBVc2UgdGhpcyBsaW5rIHRvIGNvbmZpcm0gTElTSFktUEMBMAEBAQE-
X-YMailISG: 5EIOi3IWLDsgVlNLUgTPw6ccMmNNCoSRm1N1zj7RdQMQ.EqJ
zTjP7oSMXDHwZERTME4h9cSCkNwMQatkJzrEHwkN8UUdzNdZEgxWJVhiQI5m
r2YOmdqX0R52JcK3UALzoqIDy7PyLF.ABzQNlZaDtnWjrK0OkynKfCExLTka
1jDlRqS1hwu0.hiDx3s4LDBgnnb0TVKH2cJNG4Y3dcrpZz9sRD2qCTbNP_uJ
mX.jfUP2AA9F620ixRfNxS0zVBwmxXAkPP.nGSaq6Qo5C.W_.GlpMkVCy2Uk
FJKMgidrsJ0zyPlNqzNC.GJnwc84M2vYtV50LweFWN5MdtD9aQ7V8SqaHNLT
ekaA8sXTMghWwM16.MeCyK6tM2LGldrh_cRDSHcNuMyDhYUa9ioOisMOmP.y
VMatpSx_6x8Yt_ADyVCn5.TKWNg9xfIRPRbWwuPHoJv5JxWBYBJd4sJrNBZ0
9PXNCS.M3Geq1EYrGdVfWASKbIn9nCPQqigXUJKXvRnaiVKMrYr0IWkD8Zgr
9sF6zq.4LtT8DzoVWPolSUbO3hcHTAU5Ggi8BQszcfX1KKHTGPXkM2wdZLX.
Y7EB5oIMKoFLs15ozjhjj0eglVzAKnj.52r03MlrAZ18SaZ4bdsec___MT8x
oXUdW_XHRH.cvx6ydTy... Read more

Read other 3 answers
RELEVANCY SCORE 65.6

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 63.6

hello.
my laptop detected a trojan horse virus this morning. symantec has cleaned the virus but the start up of my windows vista is really slow. below is the hijact this log.
thannks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:36 PM, on 7/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Mai... Read more

Read other answers
RELEVANCY SCORE 63.6

Some Time Back My System Is Detected With Trojan Horse By Avg.
Everytime I Start The System It Stopped Startup Programs From Loading. After Resetting The System For 2 To 3 Times They Used To Load. And Now They Stopped Permanently And Even No Otehr Program Is Working. When I Try To Run An Exe File It Opens Openwith Dialog Box. And When I Try To Open A Shortcut It Shows Error Message Application Not Found. I Am Unable To Run Antivirus Also. But The Programs Are Abe To Run Through Command Prompt. My Os Is Xp. Kindly Help

A:Trojan Horse Detected

you don't say if you have got rid of the trojan horse. If you have not, or you are not sure, your first port of call should be the Hijack This forum, they have a 5 step program to go through.
If you are absolutely sure the trojan horse is gone, I think you should post your system specs here.

Read other 1 answers
RELEVANCY SCORE 63.6

Hello,
I keep getting error messages about a trjoan horse being found. Please help by reviewing the JT below....
Thank you very much!

Logfile of HijackThis v1.98.2
Scan saved at 19:46:40, on 18/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Barak013\fts.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Grisoft\AVG6\avgw.exe
D:\&#1497;&a... Read more

A:Trojan horse detected

Please download and run the following programs:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer.

SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems'', Then restart your computer.

Then, after rebooting, please post another log and we’ll see what’s left to get rid of.
 

Read other 3 answers
RELEVANCY SCORE 63.6

Tonight while trying to open an internet shortcut my AVG notified me that the shortcut had a trojan horse. I quarantined it and have no signs of trouble. My question is how did I get it? Where did it come from? Why did it attach itself to a shortcut? Why didn't my Comodo firewall stop it? I'm totally paranoid now. Any feedback would be appreciated.

A:Trojan Horse Detected

Here is some reading material:So how did I get infected in the first place?

Read other 1 answers
RELEVANCY SCORE 63.6

Hey
So about 2 weeks ago I was on Tumblr, and the Moneypak Met. Police Virus Page thing came up asking me to pay £100 so I knew it was a virus, I deleted my blog instantly. I system restored my laptop, did a virus scan with AVG and the trojan was moved to the vault.I then did regular whole computer scans with AVG and did some recently with malwarebytes, and nothing was detected. I thought that my laptop was fine because of this.
However, tonight, I can't remember what page it was, but SSL Security Certificate perhaps? Something about the websites security certificate not being recognised OR that I was under attack by hackers? SO, this lead me to believe that perhaps my laptop still had a trojan or something so I went into safe mode and did a quick scan with malware bytes, and nothing was detected. HOWEVER, with AVG, pretty much every single file is coming up as "Locked File. Not tested.". Just now a notification came up "AVG Command Line Scanning Utility has stopped working."  I honestly don't know what to do, I recently purchased items online on that computer and don't want my bank details or personal details (Facebook) to be known. I don't know what to do? How do I get rid of it?
Please help me.

A:Trojan Horse - not being detected.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523318 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

**This is possibly a double post, the forums were acting strange when I posted the first time - if that is the case then this is the correct post***Hello,I am a new IT guy in a small non-profit company and we are running a Windows XP on our domain.Ever since I have started this computer has been performing slowly. It is a newer PC (relatively speaking, for non-profit new means < 5 years old), Symantec Endpoint Protection won't update regularily, the computer is running very slowly and if I run Hitman Pro it comes up with hits but Symantec throws an error which says access is denied. The 80 gig hard drive is almost (~70 gigs full, but using Treesize doesn't show what the space is being take up by. Normally we have about 15 gigs being used as not much data is stored on the machines. I have tried Malware Bytes and Hitman Pro to see if I can detect the problem.When scanning the following alert comes up from Symantec:Scan type: Auto-Protect ScanEvent: Security Risk Found!Security risk detected: Trojan HorseFile: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4b8c0db8.tmpLocation: QuarantineComputer: **********User: AdministratorAction taken: Quarantine succeeded : Access deniedDate found: Wednesday, April 21, 2010 09:24:17 AMThe files the scans find are C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Antivirus Corporat... Read more

A:Trojan Horse Detected

This problem has been resolved and this thread can be removed.Thank you for anyone who had looked into it.

Read other 2 answers
RELEVANCY SCORE 63.6

Hello. My AVG just gave me a warning that I have winupdate4181470[1].exe Trojan. I had AVG Heal it and now it is in my Vault. I also got a warning that I had winupdate49576881[1].exe. Both of these were found in my Temp Internet Folder. AVG labeled them as Trojan Horse Drop.Small.18.av

Does anyone know anything about these? Should I delete the from my vault? Thanks.

A:Help. [1].exe Trojan horse detected?

if AVG healed it, then its ok.

Read other 5 answers
RELEVANCY SCORE 63.6

Hi,

First of all, Happy Thanksgiving and Happy blackfriday shopping, enjoy your holiday... I don't expect any response today.

I just have this trojan detected by Symantec. It just says "Trojan Horse" in the tittle. It was quarantined, but it kept coming back. I copied the directory of these files, and they are:
C:\SYSTEM~1\_RESTO~1\RP87\A0012725.dll
C:\SYSTEM~1\_RESTO~1\RP87\A0012739.dll
C:\SYSTEM~1\_RESTO~1\RP87\A0012759.dll
C:\SYSTEM~1\_RESTO~1\RP87\A0012779.exe
C:\SYSTEM~1\_RESTO~1\RP87\A0012682.dll

So far, there's not thing unusual with the machine yet, and everything runs fine except for the notice of trojan infected once in a while. I did all the required steps and attached all the files in here. Please help, thank you in advance. I really appreciate it.



DDS (Version 1.0) - NTFSx86
Run by Trinh at 19:21:08.50 on Thu 11/27/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.278 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\P... Read more

A:Trojan Horse detected

Hello Sakait and welcome,


I refuse to shop on Black Friday.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 9 answers
RELEVANCY SCORE 63.2

AVG has detected a threat in the file: 'C:\Users\T Godson\AppData\Local\Windows\winhelp.exe'. When I select remove selected threats the file is deleted momentarily, then returns.Any help would be appreciated. TomDDS (Ver_10-03-17.01) - NTFSx86 Run by T Godson at 17:57:34.67 on 16/08/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3263.1878 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k... Read more

A:Trojan Horse detected in winhelp.exe

Hello tag404Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Read other 2 answers
RELEVANCY SCORE 63.2

My antivirus, Panda Free Antivirus, detected a trojan horse in system 32. The path is: c:\Windows\system32\oobe\OEM\OOBE.cmd and it's called Deldir.A. The Panda database has this information on it.
What do I do? Is this for real? How dangerous is it?

A:System 32 trojan horse detected?

I'm leaning toward that detection as being a false positive. But, since Panda says it isn't, best to scan the file at VirusTotal - Free Online Virus and Malware Scan. It will be scanned
by multiple well known security programs.
You can post the results if you like or if other programs say the same as Panda please let us know.

Read other 0 answers
RELEVANCY SCORE 63.2

I recently downloaded Avast! Anti-Virus and it found a Trojan that no other virus scanner I've used detected. I originally just needed a few questions answered about Avast! and upon clearing out McAfee using the McAfee Removal Tool and restarting my computer, Avast! picked up a Trojan Horse.

Here is a link to the original topic: http://www.techsupportforum.com/f112...ml#post2204621

Here are my DDS.txt, Attach.txt, and ark.txt:

DDS.txt:

DDS (Version 1.0) - NTFSx86
Run by Alex and Kyle at 16:15:22.90 on Tue 06/23/2009
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.628 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
svchos... Read more

A:Avast! detected a Trojan Horse!

Hello again -

Based on the comments made in the other thread regarding proquota.exe, I believe we should run this tool.

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 13 answers
RELEVANCY SCORE 63.2

hi guys...
Please do help me!
I ran symantec full scan on my windows vista home basic.
It found many Trojan virus: Trojan horse, trojan Zlob, trojan.adh
one of it cant be cleaned or deleted. file name is java plugin.exe

I ran hijack this and the log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:01, on 2011/2/18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18565)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\wuauclt.exe
C:\Program ... Read more

A:Help numerous Trojan horse detected

Decided to bump my post back up as it has been more than 24hours. So sorry! But I do need help with this.Thank you so much in advance!
 

Read other 1 answers
RELEVANCY SCORE 63.2

Hi there, i may have a trojan horse on my pc, can you pls analyze my hijack log, thx!

here it is:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:27, on 30-7-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\ALCWZRD.EXE
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\s... Read more

A:Trojan horse detected; hijack this log

Read other 16 answers
RELEVANCY SCORE 63.2

I have Norton SystemWorks 2003 and it has detected a Trojan Horse virus in C:\WINDOWS\system32\req.dll, I have tried to delete the virus, but Norton will not delete it. I have also tried to delete the virus by going into Windows XP safe mode (while shutting off the system restore), and a menu bar appears saying: this file you are trying to delete is being used by another person, or program right now. I have no idea how to get rid of it, and before I spend money to get a computer tech to fix it, I thought I might as well try you guys out. Please help me!

Thank you
 

A:Solved: Trojan Horse Detected In Req.dll

Read other 13 answers
RELEVANCY SCORE 63.2

HP 2000 Notebook x64 based PC
Microsoft Windows 8.1 version 6.3.9600 Build 9600
AVG AntiVirus Free Edition
Program file version: 2016.0.7442
AVG Framework version: 1.52.1.51612
AVG Setup Version: 1.52.1.51612
Security Information:
Virus database version: 4522/11612(2/12/2016, 10:09 AM)
LinkScanner version: 2829
Anti-Spam Version: N/A
 
I was attempting to update drivers through HP driver/software website and AVG stopped the setup file from finishing (auto detect drivers..).
 
AVG report:

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSIEC54.tmp

Secured

2/10/2016, 9:06:53 PM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSI75B3.tmp

Unresolved

2/10/2016, 8:27:36 AM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSIA7BE.tmp

Unresolved

2/10/2016, 8:26:43 AM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSI3B3C.tmp

Secured

2/10/2016, 8:24:05 AM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Trojan horse Crypt_c.APWH, c:\Windows\Installer\MSIAE7.tmp

Secured

2/10/2016, 8:18:25 AM

File or Directory

c:\Windows\SysWOW64\msiexec.exe

Found MalSign.Generic.139, c:\Users\Administrator\AppData\Local\Temp\is-ITFND.tmp\OCSetupHlp... Read more

A:AVG detected c.APWH trojan horse

Hello novice3,
My name is Ray and I'll be assisting you with your issue. Please give me about a day to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.
Thank you for your understanding, I'll be with you shortly!
RayS

Read other 20 answers
RELEVANCY SCORE 63.2

Hello. I have followed the instructions, and am ready to post. I will now describe my problem.

AVG has detected something called "Trojan Horse Generic9.AVRP". The letters after the dot often vary. The location is in system32, and it is always .dll. It seems that AVG detects a fresh batch every time I start up.

Thank you very much in advance for any help you may give me, as I am quite annoyed with this virus. That being said, I am very patient and willing to work through this.

I am posting the following:
1. Hijackthis Log
2. Panda Online Virus Scan Report
3. Main.txt from Deckard's

I seem to have lost the extra.txt file, and after re-running deckard's it was not created a second time.

Thanks again for any help

Sincerely,
James

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:38 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.... Read more

A:Trojan Horse Generic9--detected by AVG

Hello -

I'd prefer to see the first main.txt, along with the extra.txt

They should both be located at C:\Deckard\System Scanner\< a numbered folder >\

Please locate them and post.

Read other 3 answers
RELEVANCY SCORE 63.2

AVG found trojan horse "downloader VB.3.F" & "Dyfica.AJ." I ran Ad-aware & Spybot and then ran AVG again, all clear.

How does the log file look?
Logfile of HijackThis v1.97.7
Scan saved at 7:53:33 AM, on 4/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PowerPanel\upssrv.exe
C:\PowerPanel\upsio.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wjview.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Soft... Read more

A:hijackthis log, trojan horse detected

Run HJT again check:

O2 - BHO: (no name) - {112C020C-CCE3-4174-ABE3-AFE372E5B7FA} - C:\WINDOWS\aktyyqfg.dll
O4 - HKLM\..\Run: [anueeo] C:\WINDOWS\ijnm.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\couponsandoffers_script0.htm
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab

Close all browser windows and applications before clicking "fix checked".
 

Read other 1 answers
RELEVANCY SCORE 63.2

Hi all

It seems i have a virus and i have no real idea what to do ... so im asking for help !

Ive just scanned the computer and here is the log details.

Malwarebytes' Anti-Malware 1.32
Database version: 1617
Windows 5.1.2600 Service Pack 2

01/05/2009 3:36:08 PM
mbam-log-2009-01-05 (15-36-08).txt

Scan type: Quick Scan
Objects scanned: 60034
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekabpjcqdrv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaeaootkpu.dll (Trojan.A... Read more

A:Trojan Horse Generic_c.TSW detected

Now rescan again with MBAM but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for updates through the program's interface (preferable way) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If us... Read more

Read other 3 answers
RELEVANCY SCORE 63.2

Norton Antivirus has detected a Trojan Horse in file c:\windows\system32\cfgmgr3.dll

It is a HBO Trojan Horse.

I saw some other dude on this forum has had a similar problem and I tried following the advices given to him but it didn’t help.

I have tried running Hijackthis, Combofix, Superantispyware, Vundofix and KillBox and neither of them has solved the problem.

I tried running them in safemode aswell.

Hijackthis can see the file but can’t delete it.

Killbox can’t delete the file directly and if I try making it delete it on reboot I get the following error message, while it is verifying registry entries:

“PendingFileRenameOperations Registry Data has been removed by external Process”
Here you have my Hijackthis, Combofix, Superantispyware and Vundofix logs.
Hope you got an idea of how to proceed.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:07:26, on 17-12-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Programmer\Brot... Read more

A:HBO Trojan Horse Detected in CFGMGR3.DLL

Anyone got any idea of how to proceed with this problem?

any help would be greatly appreciated.
 

Read other 1 answers
RELEVANCY SCORE 63.2

Hi guys, running AVG virus scan pops up a few trojan horses that have been detected. I'm going to list the following ones that come up:Trojan horse.Collected.ZTrojan horse.Downloader.Generic3.TKJAll of the files are located in my C:\Documents and Settings\LocalService\Temporary Internet Files\Content.IE5\ folder, and they have the extension of a .htm or .txt file.I have already ran the following programs:SpybotSuperAnitSpywareAdawareCCleanerVCleaner from AVG (just because)and a couple others I forget about.I used to have a bunch of files in my c:\ that would be created when I rebooted but they seem to have disappeared (possibly because I turned off system restore option).Below I'm going to post my HiJackThis log, I've never used this before so hopefully I do it right, let me know if I didn't. Any help would be greatly appreciated because I can't find any information online anywhere.THANKS!Logfile of HijackThis v1.99.1Scan saved at 9:12:51 AM, on 27/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.e... Read more

A:Annoying Trojan Horse(s) Detected

This topic is closed,'Duplicate'.

Read other 1 answers
RELEVANCY SCORE 63.2

AVG Free firewall reported that it had detected this virus. Based on a similar post, I downloaded and ran Deckard's System Scanner (DSS).

I have attached file extra.txt. The contents from main.txt is:
Deckard's System Scanner v20071014.68
Run by Peter on 2007-11-26 20:58:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2007-11-26 09:58:20 UTC - RP667 - Deckard's System Scanner Restore Point
46: 2007-11-25 23:14:14 UTC - RP666 - System Checkpoint
45: 2007-11-24 09:38:23 UTC - RP665 - System Checkpoint
44: 2007-11-22 10:51:04 UTC - RP664 - System Checkpoint
43: 2007-11-20 06:03:35 UTC - RP663 - System Checkpoint


-- First Restore Point --
1: 2007-08-28 22:24:47 UTC - RP621 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).
System Drive C: has 5 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-26 21:00:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WIN... Read more

Read other answers
RELEVANCY SCORE 63.2

Someone gave me a CD with a copy of Photo Shop on it and I put the disc in the tray and ran it, .


My Scanner flashed a warning that it was on the CD so I have it in the AVG Vault, . .

I discontinued running the CD, . . but today I noticed saving a Paint that I could not find it, and searched it the search revealed that it was in My Docs, but I could not find it, I sent it into my Docs file from the search and it was then there however another search then reveals two copies , and now three, I can only account for one, . .

is it possible that it may have done some damage, as it seems that the warning and having it removed to the vault should have prevented it from running, I did another full scan of dick C:
and found nothing therefore I assume that if it detected it the first time there should be no further problem ?? Right ?

A:Trojan horse Agent CBX detected

That should be correct. C is the CD drive with the CD in it? In other words scan the Hard drive and the suspect CD. Is the removed file in the AVG quarantine?

Read other 5 answers
RELEVANCY SCORE 63.2

I realized I posted this in the wrong forum originally so I'm going to repost it here. If someone can delete it from here: http://www.bleepingcomputer.com/forums/t/83003/annoying-trojan-horses-detected/ it would be greatly appreciated.Hi guys, running AVG virus scan pops up a few trojan horses that have been detected. I'm going to list the following ones that come up:Trojan horse.Collected.ZTrojan horse.Downloader.Generic3.TKJAll of the files are located in my C:\Documents and Settings\LocalService\Temporary Internet Files\Content.IE5\ folder, and they have the extension of a .htm or .txt file.I have already ran the following programs:SpybotSuperAnitSpywareAdawareCCleanerVCleaner from AVG (just because)and a couple others I forget about.I used to have a bunch of files in my c:\ that would be created when I rebooted but they seem to have disappeared (possibly because I turned off system restore option).Below I'm going to post my HiJackThis log, I've never used this before so hopefully I do it right, let me know if I didn't. Any help would be greatly appreciated because I can't find any information online anywhere.THANKS!Logfile of HijackThis v1.99.1Scan saved at 9:12:51 AM, on 27/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\W... Read more

A:Annoying Trojan Horse(s) Detected

Welcome Craiggerz Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.****************************Download and scan with the free 15 day trial of CounterspyOnce installed launch Counterspy.Click on 'Spyware Scan',then click 'Updates' at the top right.Once any available updates have been installed,click the 'Scan Now' button.Save the report when it's finished:1.Once Counterspy has done scanning,the 'Scan Results' box will appear.2.Click on 'View Results'.3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.4.Then click on 'Take Action'.5.Once everything has been removed,click on 'View Details'.6.Copy and Paste those details into a Word/Text document,then save it to your desktop.****************************Download 'e Scan MWAV' from here to your desktop:http://www.mwti.net/download/tools/mwav.exeDisconnect from the internet,close all running programs.Double click on the mwav icon on your desktop.The program will start,the Licence Agreement will pop up.Select 'I accept the agreement',then press Ok.The program will open,leave all the settings as they are.Now press the 'Scan & Clean' button.The program will now start scanning your pc.Once the scan has finished,post the results from the lower window 'Virus Log Information'.Reboot... Read more

Read other 7 answers
RELEVANCY SCORE 63.2

Hi,
AVG Pro just detected TrojanHorse BHO.BPY.
When I was surfing, AVG popped up and asked what to do. I selected Heal, which it stated it had done so successfully.
Then I just ran a scan in AVG on my non-Admin account(the account I was on when this happened) and it found it again and says it deleted it.
How should I proceed? Should I stay on the non-Admin account? Run Hijackthis? Only it's on the Admin account. Can I log out of the non-Admin account and go into the Admin account to run Hijackthis?
Also, is the trojan really deleted as AVG states it is?
How to proceed...Thanks for your time
 

A:Solved: AVG Detected Trojan Horse

Read other 8 answers
RELEVANCY SCORE 63.2

Hi,

This machine is running windows XP home service pack 3 and AVG Anti Virus Free Edition 8.5.421 and has been infected with the SHeur2.BJYP virus, it has 2 external hard drives E and F, when the virus was first detected the C drive was formatted and windows re-installed, and then the AVG detected the SHeur2 trojan when opening the F drive, this is all I know at this point, I am looking forward to your help, Thanks in advance. Here is the DDS data as requested. Also, the RootRepeal detected MBR rootkit, I have attached the ark.txt logfile. I have also attached an image of the last threat detected, Exploit RealPlayer Import exploit.
DDS (Ver_09-10-13.01) - NTFSx86
Run by Jeff at 19:52:44.51 on Tue 10/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.106 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\... Read more

A:SHeur2 Trojan Horse Detected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 63.2

So I went to open the internet tonight on my computer and AVG comes up with this warning for me about picking up this trojan horse.........My computer has definately been running very slow lately and now I have an idea why......Any help on removing this would be appreciated...this doesnt seem to be the first time that AVG has detected this in the last month or so keep trying to heal the file but it always seems to come back. I have also noticed a strange program running in task manager under processes called bakweb something?>
Enclosed is an HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:11 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\eh... Read more

A:Trojan horse generic5.ujx detected!

And on a side note after doing a scan with spybot it detected virtumonde generic.....
Any help removing this stuff would be greatly appreciated as I have tried multiple times and it keeps returning.
 

Read other 2 answers
RELEVANCY SCORE 63.2

AVG popped up with a threat detection message saying:c:\Windows\System32\services.exeTrojan horse Patched_c.LXTDetected on open.and only gave me the option to ignore. How do I remove it?Screenshot:Thank you!!Sammy

A:AVG detected 'Trojan horse Patched_c.LXT'

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 1 answers
RELEVANCY SCORE 62.4

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 62.4

My AVG antivirus said my laptop is affected with Trojan Horse Agent.AIIK Thanks in advance for the help.

Here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:26 PM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program F... Read more

A:Trojan Horse Agent.AIIK detected!

I saw another thread on this forum which has similar virus. I followed the first few steps from that thread. I've downloaded ComboFix and ran a scan. Here's my ComboFix log

ComboFix 09-03-23.01 - Yong Jian 2009-03-25 21:33:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.924 [GMT 11:00]
Running from: c:\documents and settings\Yong Jian\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 00:22 . 2009-03-24 00:22 <DIR> d--h----- c:\windows\PIF
2009-03-24 00:21 . 2003-12-19 19:48 89,184 --a------ c:\windows\system32\drivers\imagedrv.sys
2009-03-24 00:21 . 2004-01-14 18:57 57,344 --a------ c:\windows\system32\ImageDrive.cpl
2009-03-24 00:15 . 2009-03-24 00:15 <DIR> d-------- c:\documents and settings\Yong Jian\Application Data\Ahead
2009-03-24 00:14 . 2009-03-24 00:14 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-24 00:14 . 2009-03-24 00:20 <DIR> d-------- c:\program files\Ahead
2009-03-24 00:14 . 2001-07-06 13:41 569,344 --a------ c:\windows\system32\imagr5.dll
2009-03-24 00:14 . 2001-07-06 11:44 544,768 --a------ c:\windows\system32\imagx5.dll
2009-03-24 00:14 . 2001-07-06 17:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2009-03-24 00:14 . 2001-07-09 10:50 155,648 --a------ ... Read more

Read other 2 answers
RELEVANCY SCORE 62.4

See my log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:59:48 AM, on 07/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\WINDOWS\s... Read more

A:Threat Detected, Trojan Horse Sheur.cps

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ssowder My name is Richie and i'll be helping you to fix your problems.Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.----------------------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log.

Read other 1 answers
RELEVANCY SCORE 62.4

This was just detected by Malware Hunter.  File was located at: C:\Program Files\Dell\Dell Foundation Services\ShellHelper.exe
 
Not sure of process needed to remove this.  Been experiencing odd events lately and suspect this is the cause.
 
Any help would be greatly appreciated.

A:Trojan horse TR/Dropper.MSIL.Gen detected! Now What!!

Hello delaroo and welcome to Bleeping Computer.This is not so much of a malware issue as a "Dell" issue with certain models.See this article. Hope it helps.

Read other 0 answers
RELEVANCY SCORE 62.4

Could someone please help me?

For a couple weeks now my avg anti virus has been detecting Trojan Horse Generic5.PVX. I keep clicking on Remove Threats but it keeps popping up again and again. I am no expert so I went on google and typed in the name of the threat in the hope that I could find the solution there. The page that I navigated to said that I should download hijackthis, do a log scan and submit it to a forum. Is there anyone that can help me with this problem. I have used AVG, Spyhunter v3, SpyDoctor and XsoftSpy and either they do not detect it or it simpley returns. Here is my log File.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:03 PM, on 7/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPo... Read more

A:Threat Detected: Trojan Horse Generic5.PVX

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

We want all our members to follow our 5 Step process outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 62.4

Hey there,I'm new to this forum so I might do some things wrong. I have read the Preparation guide and made the logs. Excuse me for my english, wich isn't the best.My AV ( avg ) detected a trojan horse (generic20.JFZ) in winhelp, located at /users/public/documents/windows/winhelp.exe. Now my AV cant do anything to this and i cannot manually delete the file. There for i made the logs wich were recommended in the guide, hope that you guys can help me out.DDS log.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mathieu at 21:38:58,72 on zo 27-03-2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.31.1043.18.2815.1458 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k ... Read more

A:Trojan Horse detected & Google keeps redirecting

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 12 answers
RELEVANCY SCORE 62.4

Hi,Could somebody please help with the removal of this pesky Trojan Horse. AVG does *not* " heal" or "Move to Vault" and Trend Micro HouseCalls does not even find it and an older version of HJT also did not remove the file identified. (have not tried with this version yet)Thanks in advance for any assistance! MHLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:43 AM, on 06/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Lexmark 1200 Series\lxczbmgr.exeC:\PROGRA~1\Grisoft&... Read more

A:Avg Threat Detected - Trojan Horse Clicker.ndn

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please go to this page and scroll down to step 6.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Follow the directions there to run DSS and then post those logs back here in your next reply.

Read other 13 answers
RELEVANCY SCORE 62.4

Hi
 
I have a 32 bit HP PC running Windows XP SP3.
 
AVG is reporting that Trojan Horse Rootkit-Pakes.BI has infected c:\windows\system32\driver\volsnap.sys. I have attached a screen shot of the AVG report.
 
I have tried many things over the last couple of weeks try and get rid of it.
 
I cannot list everything I done because its all happened in a bit of a mess! Most recently I have:
 
Run combofix (I have attached the report)
 
I followed this by running the online scanner from eset which detected nothing.
 
Previously I have tried to run malware bytes anti-malware which also detected nothing.
 
Any help is most appreciated.
 
Matt
 
ComboFix 13-02-23.01 - Administrator 23/02/2013  17:02:36.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3055.2212 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\Malware Removal\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-23 to 2013-02-23  )))))))))))))))))))))))))))))))
.
.
2013-02-23 16:43 . 2013-02-23 16:43    --------    d-----w-    c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-02-23 16:42 . 2013-02-23 16:43    --------    d-----w-    c:\program files\SUPERAntiSpyware... Read more

A:Trojan Horse Rootkit-Pakes.BI Detected by AVG

Hello scatymaty Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at ... Read more

Read other 21 answers
RELEVANCY SCORE 62.4

Hi,
My virus protection program, MicroTrend's pc-illin keeps on detecting this trojan horse program and is unable to clean it. I have repeatedly deleted the file it says are infected but it continuously reappears. It located in my temporary internet files, the exact location is....

c:\documents and Settings\my name\Local Settings\Temporary Internet Files\content.IE5\FAWR3XWX\

and now also in this location as well

c:\documents and Settings\my name\Local Settings\Temporary Internet Files\content.IE5\89NH33GV\

There are other subsequent .exe files in my C:\DOCUME~1\JOSHUA~1\LOCALS~1\TEMP location that are being brought up under as a virus as well but I am pretty sure they are related to the trojan horse I have as when I get one warning about about the upayb[1].int trojan horse, I get a warning about a virus detected in that temp folder as well....

Thanks a bunch!
 

A:upayb[1].int trojan horse program detected

I noticed that everybody else was posting HJT information so I thought I would add mine....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:59 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microso... Read more

Read other 1 answers
RELEVANCY SCORE 62.4

Last night my AVG free piped up claiming that 2 Trojan Horse Generic29.AJGE viruses had been detected, and could not be removed by the software. Since then I have tried many different solutions that people have posted on the internet but to no avail, this thing will just not go away!
 
EDIT:   This is what AVG is saying about them:
 
Detection name: Trojan horse Generic29.AJGE
Description: c:\$Recycle.Bin\S-1-5-18\$35d59ab0ddcae84948f3b4dc0bfd8615\n
Severity: High
State: Infected
Source: Resident Shield
Date: 06/05/2013, 13:46:30
 
Extended element information:
Process name: C\Program Files (x86)\Malwarebytes' Anti-MAlware/mbam.exe
Process ID: 4292
Created: 06/05/2013, 13:46:30
Username:
Session ID: 4292
 
I downloaded Malawarebytes (I was surprised that I didn't have it installed already but hey ho) and performed a quick scan, it did find something but it clearly wasn't anything to do with the trojans as they are still here!
 
I can see that there are other threads concerning this same problem, but thought it would be wise to begin my own concerning my problem specifically, as it seems possible to me that I might not be having the EXACT same problem as somebody else and my problem will be resolved more efficiently if I can get some one-on-one advice concerning my specific issues. 
 
Since the Trojans appeared, my genuine version of Windows 7 is now claiming that it is not genuine after a restart. Great... 
 
I ... Read more

A:AVG detected 2x Trojan Horse Generic29.AJGE

Hi James,
 
Welcome to the forum.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

Read other 9 answers
RELEVANCY SCORE 62.4

Been through a long series of events and have so far been unable to remove this piece of malware.

Norton's 2009 says it is a "Trojan Horse" and the infected file is C:\windows\system32\gaopdxtsmyvudx.dll.

Have run Spybot, Malwarebytes and NAV but it cannot be exorcised. Everytime I open the brower it returns and NAV says it is "resolved".

Any ideas or should I post some logs of some sort?

Thanks in advance.

A:Trojan Horse detected at browser startup

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

Read other 4 answers
RELEVANCY SCORE 62.4

Hi there! I was doing a routine scan using AVG Free Anti-virus on my PC and this came up. I did a scan using Malwarebyte with similar results. Been googling for a solution for the past hour, please advise on how I should rectify this.

This is what's on my resident shield alert:

Malwarebyte has similar reports and requesting me to reboot my PC, I'm just to freaked out to that:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4202

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/16/2010 2:47:35 PM
mbam-log-2010-06-16 (14-47-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 292606
Time elapsed: 1 hour(s), 12 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 173

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funshion (Adware.Funshion) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Funshi... Read more

A:PLEASE HELP ME! Trojan horse Rootkit-Agent.EL detected

Read other 16 answers
RELEVANCY SCORE 62.4

Hi I am running windows 7 on my laptop and have Kasprsky Internet security 2010 installed whicih has identified 3 trojans and 1 virus { virus:HEUR Trojan-Downloader.script.generic} the laptop runs very slow at times and internt explorer also stops responding. When I try connecting the laptop to the printer it the printer also doesnt print what I want it to. Here is the HJT logfile:
Logfile of HijackThis v1.99.1
Scan saved at 20:00:11, on 20/07/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_DPPE03.EXE
C:\Windows\system32\spool\DRIVERS\W32X86... Read more

Read other answers
RELEVANCY SCORE 61.6

Hi there,

I'm a first time user to this forum. I use AVG and today when I logged on, they had a pop-up notification for a Trojan Horse PSW.Agent.ABKU, I've googled it and it seems nothing has popped up about this specific Trojan Horse.

AVG keeps informing me that it has infected my C:\\Windows\system32\winlogon.exe.

I am definitely not anywhere near a computer expert and am desperately seeking help! Any information would be appreciated!

(Also, I have performed a quick scan by Malwarebytes and nothing came up, I am currently performing a full system scan in hopes of finding something). Any help or suggestions would be greatly appreciated!!!

Thank you so much!!

-Way Lee

A:Help! AVG Detected Trojan Horse PSW.Agent.ABKU. How do I remove this?

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if... Read more

Read other 4 answers