Over 1 million tech questions and answers.

Trojan and Worm Detected

Q: Trojan and Worm Detected

Hi,

I ran a program called Hitman Pro and it detected the following:

C:\Documents and Settings\Our Computer\My Documents\Downloads\FlashPlayer_V.82511273c.exe
Size . . . . . . . : 573,160 bytes
Age . . . . . . . : 85.7 days (2013-04-22 16:57:35)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 64E8843A0B26E4DF8C014F39431733ABE90F1DD20E6EF104F1C88A426983135F
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Emsisoft . . . . . : Trojan.Win32.DomaIQ.AMN!A2
Fuzzy . . . . . . : 99.0

C:\Documents and Settings\Our Computer\My Documents\Downloads\winzip setup.exe
Size . . . . . . . : 990,872 bytes
Age . . . . . . . : 48.7 days (2013-05-29 18:42:25)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 7D459DF662DB375267E74BB420E6661A53490216C3E202B160EB505B81ED63D4
Version . . . . . : 1.0.0.0
RSA Key Size . . . : 2048

Here is my HiJack This log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:57:32 PM, on 7/23/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Content Manager\CmTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Our Computer\Local Settings\Temporary Internet Files\Content.IE5\T8MEO5CJ\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - (no file)
O3 - Toolbar: (no name) - {96f454ea-9d38-474f-b504-56193e00c1a5} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CmTray] "C:\Program Files\Content Manager\launchCM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1370036208812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1370036981812
O18 - Protocol: avgsecuritytoolbar - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WinSock Extention Manager (WinExtManager) - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe
End of file - 8086 bytes

Here is my DDS and Attach File:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Our Computer at 19:00:48 on 2013-07-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.468 [GMT -4:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [CmTray] "c:\program files\content manager\launchCM.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1370036208812
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370036981812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{978169FC-E851-4283-B6C3-AE183D83E912} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: avgsecuritytoolbar - <Clsid value has no data>
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - LocalServer32 - <no file>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-14 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-14 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-14 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-14 369584]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2005-3-11 1984]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2007-10-13 110304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-14 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-14 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-14 46808]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-7-13 106280]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2011-6-4 3207184]
R3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2007-10-13 1527900]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-1-25 24416]
S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2007-10-13 544768]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-7-16 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" /S
.
=============== Created Last 30 ================
.
2013-07-15 00:17:20 19537 ------w- c:\windows\system32\drivers\BRPAR.SYS
2013-07-15 00:16:44 -------- d-----w- c:\program files\Brownie
2013-07-15 00:07:45 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2013-07-15 00:07:45 100920 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2013-07-15 00:07:36 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2013-07-15 00:07:35 24223 ------w- c:\windows\system32\brlm03a.dll
2013-07-15 00:07:20 192512 ------w- c:\windows\system32\Pdrvinst.dll
2013-07-15 00:03:46 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2013-07-15 00:03:44 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2013-07-15 00:03:41 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2013-07-15 00:03:37 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2013-07-15 00:03:26 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2013-07-15 00:03:01 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2013-07-15 00:02:50 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2013-07-14 15:11:17 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-14 15:11:16 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-14 15:11:15 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-14 15:11:14 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-14 15:07:16 41664 ----a-w- c:\windows\avastSS.scr
2013-07-14 15:00:36 -------- d-----w- c:\program files\AVAST Software
2013-07-14 14:58:42 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-07-13 13:40:09 -------- d-----w- c:\program files\HitmanPro
2013-07-13 01:24:21 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-07-13 01:01:10 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2013-07-13 00:59:48 -------- d-----w- c:\documents and settings\all users\application data\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-07-13 00:59:41 -------- d-----w- c:\documents and settings\all users\application data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-07-07 12:37:18 214256 ----a-w- c:\windows\system32\muweb.dll
2013-07-07 12:37:17 210968 -c--a-w- c:\windows\system32\dllcache\wuweb.dll
2013-07-06 17:55:53 -------- d-----w- c:\documents and settings\our computer\local settings\application data\LogMeIn Rescue Applet
2013-07-05 16:16:04 -------- d-----w- c:\windows\system32\winrm
2013-07-05 16:16:04 -------- d-----w- c:\windows\system32\GroupPolicy
2013-07-05 16:15:21 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-06-24 23:21:00 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-24 23:20:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-07-17 14:24:13 692104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-17 14:24:09 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-24 23:20:13 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-24 23:20:13 789416 -c--a-w- c:\windows\system32\deployJava1.dll
2013-06-08 03:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 16:43:16 1696256 ------w- c:\windows\system32\wmv9vcm.dll
2013-05-09 04:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:26:26 2193536 ------w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2003-07-16 20:48:39 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll
.
Here is my Attach file:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2005 1:26:46 PM
System Uptime: 7/18/2013 12:41:55 PM (127 hours ago)
.
Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================

==== Installed Programs ======================
.
µTorrent
Adobe Acrobat 4.0, 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Brother HL-4040CN
Brother MFL-Pro Suite MFC-495CW
Browser MOUSE
BufferChm
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
CCleaner
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V.9x 56K DF PCI Modem
Content Manager
CueTour
CutePDF Writer 2.7
Destinations
Director
Drivers Install For Linksys Easylink Advisor
File Viewer Utility 1.2
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
HP Photosmart Essential
HP Product Detection
HP Software Update
HP Update
HPSystemDiagnostics
InstantShare
Intel(R) PRO Network Adapters and Drivers
iTunes
Java 7 Update 25
Java Auto Updater
KhalInstallWrapper
Linksys EasyLink Advisor 1.6 (0032)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
MovieEdit Task
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
Overland
PaperPort Image Printer
PhotoGallery
PhotoStitch
Picasa 3
PrintScreen
PS8100
PSPrinters06
QuickProjects
QuickTime
RAW Image Task 2.2
RemoteCapture 2.7.0
SAMSUNG Intelli-studio
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB2845142)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Shockwave
SkinsHP1
SoundMAX
The Sims™ 3
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB971029)
uTorrentControl_v6 Toolbar
WebFldrs XP
WebReg
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.20 (32-bit)
Wisdom-soft ScreenHunter 6.0 Free
==== End Of File ===========================

I tried to download the GMER scan, but when it was scanning, I got the "Blue Screen of Death" and had to restart. If you must have it, I can try to run it again.

Thank you very much for your help.

Tim

RELEVANCY SCORE 200
Preferred Solution: Trojan and Worm Detected

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Trojan and Worm Detected

I'm not sure if my post was seen. Posted on July 23rd. I read the "PLEASE BE PATIENT" disclaimer, but not sure if more time is needed. If so, just let me know.

Thank you,

Tim

Read other 1 answers
RELEVANCY SCORE 63.6

AVG detected a few trojans, couldn't heal them, but moved them to the vault
Trojan horse downloader.Dsfica.3.AK
Trojan horse downloader.Generic.DTH
Trojan horse backdoor.Generic3.REW (3 times)

AVG also popped up with this message,
C:\SYSTEM.SAV\MSMoney\MONEY\IE\AXA.CAB:\unaxa.exe
virus identified 1-worm/generic.APW
infected, embedded object
infected, archive

Pretty sure the files are harmless now that AVG moved them to the fault, but to double check here is the hijack log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:39:22 PM, on 23/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Craig .OFFICE\Desktop\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...1w4FlSX+sAMtg7
R1 - HKCU\Software\Microsoft\Internet... Read more

A:Trojan and worm detected...

Bump.

Read other 12 answers
RELEVANCY SCORE 62.4

My pc has been acting a bit odd for a few months. This has included icons requiring multiple depresses to open, hard drive capacity barely increasing after removing programs, and deleting files. There are also the occasional screen freezes. A scan with Malwarebytes ver. 1.44 detected "Malware.Trace, Trojan.Vundo, and Worm.Kolab" in "Category: Registry Key." Any assistance in removing these "offenders," would be appreciated.
I have provided my Attach and ark zipped files as requested.

Here is my DDS.txt Log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Lil Momma at 20:15:42.64 on Wed 01/13/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.307 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100113-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.ex... Read more

A:Malware, Trojan, and Worm Detected via Malwarebytes

BUMP, please.

Read other 1 answers
RELEVANCY SCORE 62.4

I use windows XP and having problem to load Firefox or Opera. Someone also manage to penetrate my Egold account and steal my money Scan with Karspersky reveal Worm & Trojan below and they are all deleted. But I still can't access Firefox or Opera. I'm alo not sure whether it is safe now to access some site with password. Pls check my HT log & advice on what should I do to eliminate all threat on my PC. Thanks.Protection----------Total scanned: 8891Detected: 12Untreated: 0Start time: 3/9/2007 9:27:17 PMDuration: 00:26:35Detected--------Status Object------ ------deleted: virus Worm.Win32.AutoIt.c File: c:\windows\system32\rvhost.exe/PE_Patch.UPX/UPX/script.au3deleted: Trojan program Trojan-Spy.Win32.Goldun.ow File: C:\System Volume Information\_restore{64B6130F-E872-42E5-AD76-035663AFE8F5}\RP109\A0129150.0LLdeleted: Trojan program Trojan-Spy.Win32.Goldun.om File: C:\System Volume Information\_restore{64B6130F-E872-42E5-AD76-035663AFE8F5}\RP109\A0129178.0LLdeleted: Trojan program Trojan-Spy.Win32.Goldun.om File: C:\System Volume Information\_restore{64B6130F-E872-42E5-AD76-035663AFE8F5}\RP112\A0129821.0LLdeleted: Trojan program Trojan-Spy.Win32.Goldun.ow File: C:\System Volume Information\_restore{64B6130F-E872-42E5-AD76-035663AFE8F5}\RP113\A0129933.0LLdeleted: Trojan program Trojan-Spy.Win32.Goldun.ow File: C:\System Volume Information\_restore{64B6130F-E872-42E5-A... Read more

A:Worm & Trojan Detected By Karspersky & Deleted

Welcome Nickkin Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.*******************************Download Killbox by Option^Explicit:http://www.killbox.net/downloads/KillBox.exeSave it to your desktop.Please double-click Killbox.exe to run it.Select: 'Delete on Reboot'. Then Click on the 'All Files' button.Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\SYSTEM32\flwzx.dllC:\WINDOWS\System32\msindeo.dllReturn to Killbox,go to the File menu,and choose 'Paste from Clipboard'.Click the red-and-white Delete File button. Click 'Yes' at the 'Delete on Reboot' prompt. Click OK at any 'PendingFileRenameOperations' prompt.If your computer does not restart automatically,please restart it manually.... Read more

Read other 7 answers
RELEVANCY SCORE 49.6

I have restored and restored can someone please help! I cant update my Avira!Avira AntiVir Personal - Free Antivirus Updater Complete product updateCreation time: Fri Jul 02 16:39:53 2010Operating system:Windows Vista () [6.0.6000] 32 bitProduct information:Product version: 10.0.0.567Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.29Update resource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0Library: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 10.0.0.8GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\Installation Directory: C:\Program Files\Avira\AntiVir Desktop\Updater folder: C:\Program Files\Avira\AntiVir Desktop\AppData folder: C:\ProgramData\Avira\AntiVir Desktop\Proxy settings:System settings used16:39:57 [UPD] [INFO] Checking whether newer files are available.16:39:57 [UPD] [INFO] Select update server 'http://62.146.66.188/update'.16:39:57 [UPD] [INFO] Downloading of 'http://62.146.66.188/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop�... Read more

A:worm/im.sohanat.b (worm)and tr/crypt.xpack.gen (trojan)

DDS (Ver_10-03-17.01) - NTFSx86 Run by Grow Up at 16:50:09.74 on Fri 07/02/2010Internet Explorer: 7.0.6000.16982Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1918.942 [GMT -7:00]AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: avast! Internet Security *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exesvchost.exesvchost.exesvchost.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\mobsync.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exeC:\Users\Grow Up\... Read more

Read other 2 answers
RELEVANCY SCORE 48

Hi, I am completely new to this, so please be patient. All I know is that my new computer has detected the Trojan files listed in the subject and I don't know how to get rid of them. I am running Vista premium and this is my first post, so I need to know what I can do to remove this stuff before it starts wreaking havoc. Thanks!
 

A:Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

Closing duplicate.

Please continue here:

http://forums.techguy.org/showthread.php?t=610916
 

Read other 1 answers
RELEVANCY SCORE 48

Today Norton Antivirus began to block threats from Trojan.Zeroaccess.B, Trojan.Gen, Trojan.Gen.2, and Trojan.Zeroaccess.C. I have been prompted to do a manual removal of Trojan.Zeroaccess!inf4 from c:\windows\system32\services.exe. Additionally, Bitcoinminer is being repeatedly detected, blocked and quarantined. I'm not sure if Norton is having a problem deleting/quarantining Bitcoinminer, or if it is actually being downloaded over and over. I suspect that these two problems are related, as they started at the same time.

From what I gather, the fix seems to be quite complicated and I would appreciate some help.

My system is running 64 bit Windows 7 Home Premium w/ SP 1. Looking at similar threads, it looks like I'll need to use a flash drive to run removal tools. I do not currently have a flash drive on hand, but I do have an 4 GB SD card. Will that be a sufficient replacement?
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Ii-chan at 21:49:01 on 2013-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.6060.2045 [GMT -8:00]
.
AV: Norton AntiVirus *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows... Read more

A:Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 14 answers
RELEVANCY SCORE 48

mcafee detected a worm on my computer. and just to be sure that it's really clean, i scanned it with hijackthis, but i'm not sure if there's any problem. would appreciate it if someone could point out to me if there's something not right. and i've been getting alot of these worms attack lately. what can i use to guard my computer against these attacks?

Logfile of HijackThis v1.99.1
Scan saved at 10:47:21 AM, on 1/25/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\S3apphk.exe
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\eMule\emule.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Documents and Settings\Administrator\My Documents\my folder\cleaners\HijackThis.exe
C:\Documents and Settings\Administrator\My Documents\my folder... Read more

A:worm detected

i ran ewidow too. this is the results. 14 infected and cleaned.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:53:02 AM, 1/25/2006
+ Report-Checksum: 8B7293B6

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Adm... Read more

Read other 17 answers
RELEVANCY SCORE 48

This is my first post so bear with me. My laptop would boot up, icons load and then shut down.

Took it to have repaired, they did a system restore and loaded a anti virus program.

I had to re-load Aol software. Now, when I got on computer this is the message I received.

threat detected filename/user/patrick/patrick.exe
threat name virus identified worm/vb.7.a
detected on open

Details:
process name c:/program files/common files/aol/1256342570/ee/aolsoftware.exe
process id 3644

Then I have to answer this question before I can shut down or anything.
move to vault
go to file
ignore

I am totally lost as to what this means and what I need to do next.

Please help!!!
 

A:Worm detected

Read other 9 answers
RELEVANCY SCORE 48

I just ran adware scan and it detected C:/win32.p2p-wormalcan.a reg key Ihave zonealarm running
thx

A:HJT worm detected

Please read and follow the five step process outlined in this post.

Then download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. Open up the result.txt file created. Copy the whole result.txt log and post it back here. Do not fix anything in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well.

Read other 1 answers
RELEVANCY SCORE 47.6

My oldest son just graced me with the computer of his finance'. With lots of applications and the Windows 2000 Professional operating system, it would be great if it did not shut down soon after turning it on.

They bought a bundled computer at Costco and claim they never had any operating system discs.

Is there anything I can do to help mend this thing so that it will stay on and remain stable?
 

A:LSASS and no Worm Detected! Now What?

If you can stay on-line long enough, please do this. Click here:

http://www.sherrylynn.us/HijackThis.exe to download Hijack This. It’s very important that you save it to its own folder on your hard drive, such as program files (not temporary files or the desktop), so that it can create proper back-ups and be able to restore them if necessary.

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the log and advise.

If you're having trouble staying on-line long enough, probably due to a virus like Sasser, you can abort the shutdown by doing this:

To stop the computer from shutting down, go to Start - Run - and type in
"shutdown /a" (no quotes)
 

Read other 2 answers
RELEVANCY SCORE 47.6

Hi Guys

I ran a Malwarebytes scan and it detected Worm.autorun.

I have run allthe necessary scansandhopeyoucan assist me in cleaning up my pc.

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:20 PM, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program ... Read more

A:Worm Detected Malwarebytes

Read other 8 answers
RELEVANCY SCORE 47.6

Hello, I have recently acquired a worm through a security hole that was downloaded by shareware (My Fault). This worm Disabled - Task Manager, "Run", Control Panel, "All Programs" on the start Menu, and most links on the right side of the Start menu. From my research, i conducted that this virus (or worm) is a very high danger. It acts like a key-logger, and displays the following message and other pop-ups -(Yellow Triangle with "!" Mark (Picture))Title - "Security Warning!"Message - Worm.Win32.Netbooster detected on your machine. This virus is distributed through the internet via the e-mail and Active-X objects. This worm has its own SMTP engine which means it gathers e-mail and re-distributes them. In worst cases... (Continued)Skipped a line - "Type" - "Virus"Skipped a line - "Security Risk" 5/5Etc. These and several other messages pop-up which lead to a rouge anti-virus known as WebAnti-virus 2008. I have tried scanning Trend, Spybot S&D, Malbyte's Anti-Malware, Kaspersky, and Nortorn, but they all do NOT detect it. This virus is manually controlled, up to an extent. When i try to download an anti-virus, or any other protection file, it starts bombarding me with pop-ups, slowing the speed dramatically. The same goes with scans. This might be programmed to do that, but it looks like someone is manually controlling it. Also, 3 new icons appeared on my computer labaled - "System Error Fixer... Read more

A:(Not Detected By HJ) Unremovable Worm

Hi ,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note 1:The logs will be created in this folder: C:\rsit

Note 2:The tool takes not more than one minute to scan the system.Tell me if you have run any other tool other than those you have mentioned.

Tell me about the current condition of your computer.

Read other 23 answers
RELEVANCY SCORE 47.6

I know i have downloaded an file from my email that i shouldnt have
i scanned with ewido and it found several worms and trojans and i got rid of them
here is a highjackthis log, i dont know if i got rid of everthing please let me know
thanks
Logfile of HijackThis v1.99.1
Scan saved at 1:32:44 PM, on 9/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ALLTEL DSL Check-... Read more

A:Solved: worm detected

Read other 9 answers
RELEVANCY SCORE 47.6

please help.. AVG anti-virus has detected several viruses in my computer. it has been placed in the virus vault. But after this, I have been receiving a pop-up error everytime i open any application from my computer that says "The application or DLL C:\WINDOWS\system32\kernel32.sys is not a valid Windows image. Please check this against your installation diskette." what shall i do? please help...
 

A:Solved: worm detected

Read other 11 answers
RELEVANCY SCORE 47.2

Referred from here: http://www.bleepingcomputer.com/forums/topic403674.html ~ OBHave reinstalled windows and both entities are still present and the slow crunching sound of the hard drive is occasionally heard.Have not had any luck reformatting the disk. Have changed boot order in bios but still find operating system will boot from hard drive over the cd rom. Was going to attach hard drive to another computer and format it there as the operating system would not be in use on the infected drive but then saw your reply and here are the logs. Remember I have reinstalled windows and removed all extra programs prior to. Question can the bios get affected with a virus issue like I have?I did trial 10 bit products security 360 and Advanced system care 4 and have a feeling that this is where the infections have come from. Thankyou for your help.
 Attach.txt   4.2KB
  2 downloads.DDS (Ver_2011-06-12.02) - NTFSAMD64 Internet Explorer: 7.0.6001.18000Run by gino at 23:35:04 on 2011-06-17Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.6142.4972 [GMT 10:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalSys... Read more

A:Trojan and worm removal W32/Cubot-J worm and IRC backdoor and Backdoor.Fuwudoor backdoor Trojan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 1 answers
RELEVANCY SCORE 47.2

Hi. I've been getting frequent notifications from ESET NOD32 Antivirus 4, about some IP addresses being blocked by it. Because of this I scanned my PC with it. It detected some viruses but I still get the same notifications. To be more specific, I'll attach the scan logs.

***********************************
ESET NOD32 Antivirus 4 scan logs
***********************************

12/8/2011 2:43:15 PM HTTP filter file http://112.205.70.205:4852/x Win32/AutoRun.Delf.AI worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:40:50 PM HTTP filter file http://112.207.137.162:14676/x Win32/AutoRun.Delf.AG worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:30:44 PM HTTP filter file http://112.207.9.179:11992/x Win32/AutoRun.Delf.AI worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:26:48 PM HTTP filter file http://112.207.9.179:11248/x Win32/Virut.NBP virus connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:19:23 PM Real-time file system protection file C:\... Read more

A:Virut.NBP Virus, AutoRun.Delf.AI worm, AutoRun.Delf.AG worm, AutoRun.Agent.DO worm, Injector.LTG trojan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431705 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 5 answers
RELEVANCY SCORE 46.8

Now that I have the "SWEN" worm... what do I do? YES, I know... all common sense was lost for a brief second as I opened that damn e-mail! I did the HouseCall scan... do I click delete while the detected worm file is highlighted? Thanks!
 

A:[Resolved] SWEN worm detected... Now what

Read other 13 answers
RELEVANCY SCORE 46.8

I just received a popup from Windows saying that I had a MSIL/Necast.D worm and I downloaded Windows Security, however it didn't detect it. I ran screen317's check and this is what came up in the log.  Results of screen317's Security Check version 0.99.67   Windows Vista Service Pack 1 x64 (UAC is enabled)   Out of date service pack!! Internet Explorer 7 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled!  Microsoft Security Essentials    Antivirus up to date!  `````````Anti-malware/Other Utilities Check:````````` Java™ 6 Update 12   Java version out of Date! Adobe Flash Player     11.7.700.224   Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (21.0)````````Process Check: objlist.exe by Laurent````````   Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Windows Defender MSASCui.exe Windows Defender MSASCui.exe   `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 %````````````````````End of Log`````````````````````` 

 

A:MSIL/Necast.D worm detected?

This is the Fabar Service Scanner report log....
 
Farbar Service Scanner Version: 16-06-2013
Ran by CHEF (administrator) on 20-06-2013 at 15:09:41
Running from "C:\Users\CHEF\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\... Read more

Read other 19 answers
RELEVANCY SCORE 46.8

I just found by looking at my autorun programs, I have one with a file name %1. I read on another forum "bleepingcomputer" that it's added by the W32/protorid-AD worm. I am wondering if anyone knows how to rid myself of this. I assume I must have the worm too!

I am running the latest versions of Avast and run SpyBot, and Malwarbytes every 3-4 days. (no "adult sites" viewed) lol

I have noticed one thing...Show processes fro all users in "task manager" sometimes takes 2-3 tries to show. That's the only thing I've noticed out of the ordinary.

Do I need to worry? How can I fix this?

Read other answers
RELEVANCY SCORE 46.8

My McAfee is driving me crazy, it keeps popping up saying "Potential Worm Activity Detected" and it says that emails are being sent out. It also keeps blocking a trojan but not getting rid of it. I've done a full system scan it could not recognize it, i also did spybot s&d, lavasoft ad-aware, the trend online scan and the multi_av scan. I don't know what's going on. I'll give you my hijackthis log. I would really appreciate if someone could help me.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:24, on 04/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Autodesk Shared\Ser... Read more

A:Potential Worm Activity Detected

Read other 6 answers
RELEVANCY SCORE 46.8

Last evening, with my machine performing nicely without any problem, whilst out prowling the Net I did a 'drive-by' scan using ewido anti-spyware 4.0 micro scan, which I have never used before. Much to my surprise (I keep all security tools & XP religiously updated and used) the ewido scan found the topic title worm and reported the path as:C:\Program Files\Fast Defrag Freeware\close.comI recognized this rather useless little RAM examiner and defrager program straight away. I had installed it long ago from one of the PC magazine offerings, but had rarely used it. I might add I do not just willy-nilly, cross my fingers, install, and hope for the best outcome. I ran two a/v scanners over the program before I installed and I would have done the same with the CD which delivered the worm before I would have opened the CD. And of course the PC magazine, per normal, assured they too had scanned the content of the CD and deemed it free of bugs. Yeah right! So it looks like this little bazza - close.com - was sitting there awaiting something to slip through my firewall and kick it into action.Rather than have ewido take care of the problem straight away, being brave, I opted to examine a bit further, which has been known to get me into trouble. I determined Worm.Warezov.fh was, as you know, a mass mailing worm. I decided to uninstall Fast Defrag Freeware and did. I re-ran the aforementioned ewido scanner and it revealed a related C:\System Volume I... Read more

A:Worm.warezov.fh Detected & Removed

Welcome Globe Roamer Jeff First i need you to do the following please: Go here:http://virusscan.jotti.org/ Using the 'Browse' button,browse to:C:\WINDOWS\system32\taskmgr.exeThen press the 'Submit' button.Wait while the file is scanned.Post the results into your next reply please.If Jotti's too busy,try here:Go here: http://www.virustotal.com/en/virustotalf.htmlUsing the 'Browse' button,browse to:C:\WINDOWS\system32\taskmgr.exeThen click on 'Send'.Post the results into your next reply please.

Read other 12 answers
RELEVANCY SCORE 46.8

I am getting this popup from myy McAfee virus scan multiple times a day. But when I run virus scan, nothing is found.

Potential Worm Activity Detected
The last few sent emails contain similar subject or body content
Email Subject - Susan 5982 - Clipboard
sent to [email protected]

I haven't sent any emails with that subject and I don't know anyone with that email address.

What should I do?

Thanks,
Susan

A:Help - Potential Worm Actvity Detected

It would appear you have a keylogger or similar which is emailing your keystrokes or a record of visited sites etc to this email address.
You need to immeadiately run the following scans and fix what they find and then post a hijackthis log on the hijackthis log board.Moderators please move this to hijackthis log board


Please download
Mcafee stinger multivirus removal tool
Install and run

Spybot search and destroy
Ad aware personal form Lavasoft
Install, update,run, check for problems , fix problems.
A Squared trojan remover
Download, install, update, scan and fix.

Read other 15 answers
RELEVANCY SCORE 46.8

Hi,

I've seen other forums on this topic but none of them have really helped me.

My McAfee Virusscan keeps popping up with

Potential Worm Activity Detected!
The last few sent e-mails contained similar subject or body content
E-mail Subject: Can you imagine that you are healthy

I ran my McAfee, Ad-Aware and also Spy Sweeper but none of them has helped. On another forum i saw a program called VundoFix so i downloaded and ran that but it hasn't helped. Ive posted my hijackthis logfile below, I'm Fairly computer Illiterate so please try to dumb it down , thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:13 PM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\... Read more

A:Potential Worm Activity Detected!... Please Help.

Closing duplicate thread, please continue here: http://forums.techguy.org/security/578825-my-mcafee-keeps-popping-up.html#post4766708
 

Read other 1 answers
RELEVANCY SCORE 46.8

Hi, strange emails are being sent from my computer to random email addresses with subjects advertising prescription drugs and I keep receiving alerts from McAfee saying Potential Worm Activity Detected. I ran Hijack This and have posted my log below. Any help on what to do to stop these emails would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:32:56, on 21/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spmsg2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmew... Read more

A:Potential Worm Activity Detected

If anyone could check my hijack that log I would really appreciate it.
Thanks
 

Read other 1 answers
RELEVANCY SCORE 46.8

Please help me. I'm running Windows XP, and McAfee VirusScan. My system won't stop sending emails

"Potential Worm Activity Detected! The last few sent emails contained similar subject or body content."

I'm given three options

1. Stop this e-mail
2. Find out more information
3. Continue what I was doing

No matter which option I choose, a similar message will subsequently appear. I can't seem to get out of this endless loop.

I ran AVG antivirus, and cleaned detected infections. but it has not solved the problem.
I then have Norton antivirus installed on the system. But similar messages of email being sent keep popping up. Please help as I am in a desparate situation.

The following is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:19 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
... Read more

Read other answers
RELEVANCY SCORE 46.8

Here is what happens:I turn on the computer (my brothers) everything is fine- shows Welcome screen. Before anything (icons or desktop) shows a pop-up appears that says the following:Spyware Alert - Security Warning - Worm.Win32.Netsky detected on your machine. This virus is distributed via the internet through email and active-x objects. The worm has its own SMTP engine which means it gathers emails from local computer and redistributes itself. In worst cases the worm can allow attaches to access your computer, stealing passwords, and personal data. Viruses can damage your confidential data and work on your computer. Continue working in unprotected mod is very dangerous.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VISTA, 7security risk: 5recommendations: It is necessary to perform full system scan.Only after i click "ok" or close the popup will the desktop, icons, and programs load.As the programs are loading during startup - Window Security Center Opens, also some AntivirusLive performing some sort of "scan"I was going to try to start this method:http://www.bleepingcomputer.com/forums/ind...3&hl=netskyI downloaded the programs on my computer (this one) saved the programs on a flash drive, then moved them to the infected computers desktop but when i tried to open the ATF Cleaner a pop-up says:Application cannot be executed. The file atf_cleaner.exe is infected. Do you want to activate the antivirus software now?Started it on safe mode to try t... Read more

A:Worm.Win32.Netsky detected

well im still here if anyone is interested in helping...

Read other 1 answers
RELEVANCY SCORE 46.8

my desktop changed and it had a warning saying I have been infected. Also, I couldn't start Task Manager. One or several popups started telling me to download removal tools. I did not trust these and didn't download anything. I updated my windows defender and ran scans. It did detect and removed different stuff with name variations of the one above. Still my desktop had the warning and I couldn't change the desktop image. I installed Microsoft Security Essentials and ran. Again it detected and remove same virus mentioned above but desktop remained the same.

I searched online what to do if I can't change desktop and start Task Manager. Online I found instructions how to go into Regedit and delete in Policy so I can now change desktop picture and start Task Manager.

But I still get popups windows with add. I get these in Chrome and in Explorer. Problem originally started when I was browsing in Chrome.

My ISP provide a free Anti-Virus program so I downloaded that and ran it. My ISP is cbeyond and the anti-virus program is called F-secure. After running all scans several time problem still persist. Popups keep coming. Just a minute a go I was prompted to fill an online survey for BleepingComputer. It looked legit so I filled it out in an effort to give something back to this site that I hope will help me solve this. After I filled it out it offered me some products and I realized it was the virus again.

It seems the Anti-Virus program is not able to remove ... Read more

A:Worm:Win32/Emold.U detected

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. You will also be instructed to create a Root Repeal LogWhen you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.The HJT team is very busy and it will take awhile to get to your postPlease be patient and good luck

Read other 2 answers
RELEVANCY SCORE 46.8

I've seen several other members experience the same problem, where McAfee keeps telling me that "Potential Worm Activity Detected!". It goes on to say "The last few sent e-mails contained similar subject or body content." and the subjects are random, as well as the emails they are sent to. Here is a copy of my HJT log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:21 AM, on 1/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\vso\mc... Read more

A:potential worm activity detected

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click &q... Read more

Read other 1 answers
RELEVANCY SCORE 46.8

http://antivirus.about.com/library/weekly/mcurrent.htm?pid=2827&cob=home angelize56
 

A:Maxima Screensaver worm-Detected 6-27-02

Cheers for that Marlene ! hope u r well ?
 

Read other 1 answers
RELEVANCY SCORE 46.8

How do I get rid of this message - can't send email at all
 

A:Possible worm activity detected with McAfee

Hi huff0623

Welcome to Tech Support Guy Forums!

Does McAfee point to an email message containing the worm?

If so, have you tried deleting the message?

Run an online antivirus check from at least one and preferably 2 of the following sites
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://security.symantec.com/default.asp?
http://www.ravantivirus.com/scan/
Allow them to clean/delete any spyware/malware or viruses/trojans they may find.

If you do not already have these programs,
Download:
Ad-Aware SE 1.05
Spybot-S&D (ver. 1.3)

Install Ad-Aware SE and Spybot-S&D and check each of them in turn for updates.

For Ad-Aware SE click on Full System Scan and deselect Search for negligible risk entries.
Let Ad-Aware SE remove what it finds.
Run Spybot-S&D and have it fix what it finds marked in Red.

After running your online virus scans and running Ad-Aware SE and Spybot S&D,
close all programs and reboot to complete the removal process.

If you are still receiving this message and are unable to send emails, try turning off email scanning in your Anti-virus program and check your firewall to make sure it is allowing your messaging program access to the internet.

Let us know what happens.
 

Read other 2 answers
RELEVANCY SCORE 46.8

When I am trying to e-mail individual pictures - the e-mail in Outlook Express in the "sent" folder keeps staying in there and my computer keeps trying to send it. Then a pop-up from McAfee comes on saying:

"Potential Worm Activity Detected! The last few sent e-mails contained similar subject or body content. Then it gives the E-mail Subject and then it says I want to......
Stop this e-mail
Find out more information
or Continue what I was doing."

Even though I am just sending it to one person, not multiple addressess - that box comes up.

What is causing this and how do I correct this problem? I've never had this problem in the past. When I send pictures as "attachments" this does not happen. The only time this happens is when I try to send an e-mail with the pictures being shown in the message.
 

A:Potential Worm Activity Detected ?

Download hijackthis and do a scan then copy and post the log here for someone to analize. as well do a scan here. .
 

Read other 3 answers
RELEVANCY SCORE 46.4

Hi can someone help me with this thing its been slowing down my computer all the time and doesn't allow me to go to anti-virus sites the spambots are kept on being added in my temp folder coming back with different names starting with win
and sometimes with different names its been deleted by malwarebytes but keeps coming back with different names.Please somebody help! This is my malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/4/2010 12:38:01 AM
mbam-log-2010-03-04 (00-38-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 213486
Time elapsed: 3 hour(s), 50 minute(s), 54 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\mmybgv.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winrtclhp.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winhublqr.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winsmyjkh.exe (Worm.Spambot) -&... Read more

A:annoying worm.spambot detected by malwarebytes

Hello Your Malwarebytes' is OUTDATED.Your scan shows database version 3510. This morning, the latest database version was 3824.By the time you read this and update, there may be an even newer version.Sometimes there are Malwarebytes' updates TWICE in one day.Update your Malwarebytes' and scan again.You can also run ATF Cleaner:http://www.atribune.org/index.php?option=c...5&Itemid=25Instructions included at website.Then post your new scan results for an official staff member to help you with.Copy/paste the entire contents of the scan results log into your next reply,and advise what, if any, symptoms you are still experiencing.

Read other 22 answers
RELEVANCY SCORE 46.4

Hello, I m new on this forum and as you can see instantly I have a problem sad.gif Yesterday I started getting pop-ups which said this:Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internt through e-mail and Active-X objects. The worm has its own SMTP engin which means it gathers e-mails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your computer, stealing passwords and personal data.This process should be removed from your system.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VistaSecurity Risk (0-5): 5Recomendations: Click Yes to remove it from your PC immediatelyand thisWindows has detected an Internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacts, hijacking attempts and spyware! Click to download spyware remover for total protectionAlso my task manager was blocked and I had to do the followingClick on Start, Run and type the following command exactly and press EnterREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fWindows XP is my OS and I m using Zone Alarm Pro.This is my HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:00:40, on 22.2.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning proc... Read more

A:Worm.win32.netsky Detected On Your Machine

Problem solved with Rogue Remover and HijackThis!

Read other 2 answers
RELEVANCY SCORE 46.4

Hello new to this forum

Recently purchased a new HP labtop and have recently encountered a pretty big problem

it started when computer seemed to be running fairly slow especially for a brand new computer. then internet google searches started taking me to random websites only allowing me to go to websites by directly putting the link in the address bar. i have an norton free trial for a couple months but received a McAfee antivirus as a gift so uninstalled Norton and installed McaFee. Well i had a problem once McAfee was installed i thought it was weird that it did not ask me for the Product Key that came with the CD and could find nowhere that allowed me to enter it. So tried to uninstall and reinstall and during this process during a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. so clicked ok on the warning and the computer just showed a blank black screen with windows popping up telling me a couple programs have stopped working. this is where my story ends i am stuck here and if i can get some help to resolve this problem it would be greatly appreciated thank you

Thank You

Read other answers
RELEVANCY SCORE 46.4

i woke uo this morning and found this was happening, i was getting pop ups saying i have this virus on my pc and now im upset, lol,

i looked at a few dif places, but all i could get was to d/l some HiJack This thing, so i did that and here is the log that i got


Deckard's System Scanner v20071014.68
Run by Administrator on 2007-11-22 11:37:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
54: 2007-11-22 01:07:57 UTC - RP68 - Deckard's System Scanner Restore Point
53: 2007-11-22 00:32:52 UTC - RP67 - Installed Symantec Technical Support Web Controls
52: 2007-11-21 03:11:54 UTC - RP66 - Printer Driver Sonic PDF Installed
51: 2007-11-20 05:55:43 UTC - RP65 - System Checkpoint
50: 2007-11-19 05:54:33 UTC - RP64 - System Checkpoint
-- First Restore Point --
1: 2007-10-18 11:03:47 UTC - RP15 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 1.43 GiB (less than 15%) free.
-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:10 AM, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSI... Read more

A:worm.win32.skynet virus detected

Hi and welcome to TSG,

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter". A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

Read other 3 answers
RELEVANCY SCORE 46.4

Been having constant pop ups of various "infected" statements. I run Sophos Anti Virus which is really good but seems these have slipped through. I run adaware every now and then as well. Being a little tech savy i tried the normal things i have done in the past. I have followed the thread about what to do in these circumstances and done the 5 steps.

Below is the log after dss.exe

Not sure what else i can do as i know these things are present. The online Pandasoftware search found several issues but was only able to fix one.


Deckard's System Scanner v20071014.68
Run by Brett on 2007-12-20 17:24:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2007-12-20 07:24:57 UTC - RP675 - Deckard's System Scanner Restore Point
71: 2007-12-20 02:16:36 UTC - RP674 - System Checkpoint
70: 2007-12-17 05:05:29 UTC - RP673 - Installed Sophos Anti-Virus
69: 2007-12-17 05:03:13 UTC - RP672 - Removed Sophos Anti-Virus
68: 2007-12-13 14:08:06 UTC - RP671 - System Checkpoint


-- First Restore Point --
1: 2007-10-02 09:34:52 UTC - RP604 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone --------------------------... Read more

A:Constant pop ups - Windows has Detected... worm.w32.netsky....

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is no... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

Often on my computer McAfee pops up an alert saying that "5 e-mails have been sent within the last 30 seconds. This condition might indicate a worm is attempting to send e-mail." I ran a virus scan and spyware scans but they didnt turn anything up.

These emails are being sent to addresses i have never seen before and the email subject is always something "sexually-explicit"

I'm pretty sure the problem is similar to this one

Here is the HJT log i just ran...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:28:53 PM, on 6/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DO... Read more

A:McAfee: Potential Worm Activity Detected

Bump, any help is appreciated!!
 

Read other 3 answers
RELEVANCY SCORE 46.4

I have Mcafee Internet Security 2006.

I repeatedly get the potential worm activity detected message from McAfee VirusScan. It says 2 emails have been sent within the last 25 seconds. This condition might indicate a worm/virus is attempting to send email. The email subject varies from "about your health", "Your health, your care", to viagra messages. I use outlook and it is not open. I have run McAfee virus scan, CA-etrust online virus, and downloaded AVG virus software to identify this virus. But have not been able to identify it or fix it.

Windows xp professional sp2. I would appreciate any help you can offer.
I've pasted my HI Jack log below.

Logfile of HijackThis v1.99.1
Scan saved at 7:10:35 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Gri... Read more

A:Solved: Potential Worm Activity Detected

Read other 6 answers
RELEVANCY SCORE 46.4

Hello new to this forum

I recently just upgraded my Dell Inspiron E 1705 from XP to Windows 7.
When I'm searching for something on google it would send me to a random website or say that the website may contain a virus or unprotected etc.

after i restarted the computer and turned it back on, I come to this problem of only seeing my cursor on my desktop with a black black screen and could not do anything except Ctrl+Alt Delete to see my task manager and shut down. I tried restarting over and over hoping it would just go away. I am now using my work company to write this message and find a solution. I tried reinstalling my Kaspersky onto my computer after i upgraded to Windows 7 and it says I have a risk on my computer but I never could get my Kaspersky to fix the problem.

During a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. So I x'd out the warning and the computer just showed a blank black screen with just my mouse cursor.
This is where I looked online on my work computer to see if i could find a solution and found this tech support forum on google and saw someone had the same PROBLEM as me.

Only way i was able to get online from my computer is if i signed on in Safe Mode. I would appreciate the help you could give me. I am a wreck without my personal laptop at home and will go crazy. ANY help will be very appreciative. Hope you had a HAPPY NEW YEAR and HOLIDAY!!... Read more

A:Worm.Win32.NetSky detected on your machine

I suggest that you proceed to to our Security Center, Virus/Trojan/Spyware Help Forum, to have your system reviewed by a Security Analyst. Please be sure to follow THESE STEPS carefully before posting your logs in the Security Forum.

Please be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Regards. . .

jcgriff2

.

Read other 1 answers
RELEVANCY SCORE 46.4

Hi i realy need help my sony vaio laptop keeps coming up with messages saying its been effected by worm.win32.net booster. and ever time i log in to my computer three programs are on the desktop, ive never seen them before. could someone please help me

ps computer is an xp

A:Please Help My Laptops Detected Worm.win32.net Booster

Run a full system scan with Malwarebytes' Anti-Malware in Normal Mode (Instructions).

Read other 2 answers
RELEVANCY SCORE 46.4

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by RicardoBurton at 17:48:02.19 on Mon 01/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.556 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\RicardoBurton\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US ... Read more

A:Worm.Win32.NetSky detected on your machine

Hi,

Please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ..... Read more

Read other 6 answers
RELEVANCY SCORE 46

Here goes......i recently installed Norton Antivrus 05 and it worked totally flawless for a few days and it still is, technically. The problem is that i get about 10-15 security alerts windows stating "Internet worm detected a remote system. It is the same location every time : C:/windows/system32/svchost.exe. Microsoft generic host proccess for Win 32 services. The address is comes from and the remote port change but are frequently the same. I have the option to permit or block. I've done both but it keeps coming back. Please Help ----Geoff----
 

Read other answers
RELEVANCY SCORE 46

Hi,

I've seen other forums on this topic but none of them have really helped me.

My McAfee Virusscan keeps popping up with

Potential Worm Activity Detected!
The last few sent e-mails contained similar subject or body content
E-mail Subject: Can you imagine that you are healthy

I ran my McAfee, Ad-Aware and also Spy Sweeper but none of them has helped. On another forum i saw a program called VundoFix so i downloaded and ran that but it hasn't helped. Ive posted my hijackthis logfile below, I'm Fairly computer Illiterate so please try to dumb it down , thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:13 PM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\... Read more

A:My McAfee keeps popping up with Potential Worm Activity Detected! Please help

hi, welcome to TSG.


Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-... Read more

Read other 3 answers
RELEVANCY SCORE 46

A few days ago, my computer suddenly slower when browsing internet, so I check the tasks manager and found that my cpu performance always hit the peak although I used the same applications which I always use. So, I used Malwarebyte's Antimalware and detected a worm called Worm.Autorun which then I already eliminated it. However, it doesn't seem better, and I think that I may get virus, worm, or trojan from my friend's usb drive which my anti-virus Panda couldn't find. So, I created the accout here and really need some help from specialist. Another problem is I can't save the GMER log. When I run GMER, it took about 6 and 12 hours to run, and then when I tried to save the log, it got "Not respond" for a few hours (as I waited) and then blue screen appeared. Please help.DDS (Ver_09-12-01.01) - NTFSx86 Run by Dell at 22:55:30.26 on Sat 02/20/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.1014.177 [GMT 7:00]AV: Panda Endpoint Protection *On-access scanning enabled* (Updated) {3503ACDE-020C-4FD4-BD8E-D011C03E7677}FW: Panda Endpoint Protection Firewall *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Panda Security\WAC\pavFnSvr.exeC:\Program Files\Panda Security\WAC\pavsrv51.exeC:\Program Files&... Read more

A:Obviously immediate slow computer a few days ago and detected a worm from Malwarebyte's

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please add the log for the rootkit scanner GmerPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER ... Read more

Read other 31 answers
RELEVANCY SCORE 46

Hi, everytime I start my computer, this is the message I get from my AVG:\device\harddiskvolume1\autorun.infVirus found Worm/autorun detected on openprocess name C:\windows\Explorer.EXEProcess ID: 2444I proceed to click "Move to vault", but upon restart my computer, it comes back. here's the DDS logs. I tried to use gmer, but it kept crashing my computer (Win XP). Thanks in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Steve at 11:44:07.42 on Sun 08/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1199 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Bottom */
google_ad_slot = "5165859604";
google_ad_width = 980;
google_ad_height = 120;
//9============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsc:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\agrsmsvc.exeC:\P... Read more

A:Virus found Worm/autorun detected on open

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 18 answers