Over 1 million tech questions and answers.

Trojan horses - Trojan-download-tukpat and trojan-pisher-snifula

Q: Trojan horses - Trojan-download-tukpat and trojan-pisher-snifula

Well, the name pretty much says itself - I am under attack of a couple of Trojan Horses.

The odd thing is that I haven't opened any attached files I didn't know who were from, or anything at the like. I don't think I have been hacked, however I am having troubles with getting rid of this malware.

How do I clean my system of these Trojan Horses? I've done a spysweep once, only to find Trojan-Pisher-Snifula reinstalled in my system when I did another system, running an IE-fix.

RELEVANCY SCORE 200
Preferred Solution: Trojan horses - Trojan-download-tukpat and trojan-pisher-snifula

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Trojan horses - Trojan-download-tukpat and trojan-pisher-snifula

I have been doing some research and it looks like I could have a possible Rootkit-infection.... should I post a Hijack This log for you to find out? Anbd if it is a rootkit-infection am I then completely screwed? I can't change my processor due to a RAM-change I've made....

Read other 1 answers
RELEVANCY SCORE 112.8

My Macafee and symantec anti virus will not run. On startup/boot I get the following messages.On boot up macafee gives 2 popup boxes that say"Macafee Virus Scan - some components of Active Shield are missing or not installed properly" "Macafee Security Center components might not have been installed or launched properly. Restart to fix this problem... if that doesnt work reinstall the program" I first received the messages on Saturday (5/8/10) morning. A process named kkcekwmtssd.exe was running and had also installed itself into my Startup in msconfig, I unchecked it there. I found no information about it on the internet, so I stopped it and deleted it and the folder it was in. I ran Symantec which found nothing. Macafee is out of date but I keep it because it tells me when a program trys to access the internet. As of today I have another gibberish program running wingrj32.exe and it also has installed itself in Startup in System Configuration Utility. There are 2 entrys for it and I have unchecked bothI ran Malwarebytes on Saturday which found 2 registry keys infected which it repairedI just ran Malwarebytes today and it found: Trojan.downloader (wingrj32.exe); Trojan.agent (svchost.exe); malware.trace (avdrn.dat). The last two were quaranteed and deleted. Trojan.downloader will be deleted on reboot which I am doing as soon as I post thisI have been unable to install AVGWhen I click on the Symantec (Corporate Edition) icon I get the error box ... Read more

A:infostealer.snifula.c, trojan.fakeAV, trojan.downloader, malware.trace, etc

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 5 answers
RELEVANCY SCORE 111.2

Hi,

I found two trojans whilst scanning with the following softwares:

- trojan-phisher-snifula using Spy Sweeper
- trojan-PWSteal.BS using Spyware Doctor

The threat level for these two trojans is high but I can't get rid of them using these 2 softwares. When I delete them from the quarantines and carry out a new scan they keep on coming up !

I couldn't find any advice on the Internet regarding these two threats so any help in removing them would be much appreciated.

Thanks
 

A:Solved: Trojan-phisher-snifula and Trojan.PWSteal.BS

Read other 16 answers
RELEVANCY SCORE 110.8

I have a Core2 Quad 2.4ghz; run Vista Home Premium. Bought WD My Passport eternal H.D. with auto backup and sync software. Also have lots of RealArcade games. When I bought H.D., McAfee Security through Comcast quarantined sync software and ID'd it as having trojan horse. Naturally I contacted Western Digital; they said not true, that McAfee ID's software as trojan so just disable McAfee when I use H.D. Then I called McAfee; they said sometimes codes are written in software that are ID'd as trojans that may not be but offered no solution. Since then, I have intermittently had some of my RealArcade games which I have purchased quarantined as having trojan horses, rendering them inoperable. Yesterday my scan quarantined 7 games that I cannot now play. I contacted RealArcade; they said just redownload them and use them, which I have not tried to do. I have about 50-60 RealArcade games I have purchased; so it's a big investment to just ditch them. Here are the names of the files McAfee scan ID'd yesterday as trojan horses, all of which were in my RealArcade games: They all begin with "Artemis!" plus the following numbers: 4F53031AA2F9, F7F23B439CD1, AEBE20B39E8D, 2E1652AC399E, FD31201B747C, CCD64F0FDBD3, 952F577B7691, (and the previous week scan) CD61220FA34F.

About a week ago I downloaded the latest version of Skype after being prompted to do so by my "Dell [computer] Support Center" (before this scan and after the last one), and a Skype message no... Read more

A:McAfee Quarantees Trojan Horses That Aren't Trojan Horses

Hello and welcome to TSF

Regarding the Artemis detections, i suggest you read this thread for more information.
http://community.mcafee.com/showthread.php?t=233663

If your issues are Virus/Trojan/Spyware related, please follow instructions below.

===========

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 107.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 104

Norton 360 did idle scan and found Backdoor.Tidserv (Which I believe it found when I first got Norton, about 10 days ago. Now, I have Tidserv, two cases of Biteverify, and 6 unnamed trojans. Another manual scan revealed nothing but 8 cookies but I know these things come back unless you try hard at deleting them. My computer is experiencing no symptoms. I have no logs to show you. If this doesn't belong here, I'm sorry, but this computer is rather new and I don't want it going down.

A:Norton found Backdoor.Tidserv, Trojan.Biteverify, and unnamed Trojan horses.

Could someone help me with this please? I know Tidserv is a nasty rootkit that you guys seem to know how to kill. It might be gone, but I want to make sure because I thought it was gone a week ago and it was still there. Still no symptoms.

Read other 12 answers
RELEVANCY SCORE 102.4

Deckard's System Scanner v20071014.68Run by Umair on 2008-07-03 11:46:28Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-07-03 05:46:35 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 80% (more than 75%).Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis (run as Umair.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:48:54, on 03/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\Explorer.EXEC:\MDaemon\WebAdmin\... Read more

A:Some Dangerous Trojan Horses Detected In Your System Please Download

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new DSS log

Read other 2 answers
RELEVANCY SCORE 101.6

I followed the instructions on the hijack this prep and below is the file. I am very concerned that I can't seem to get rid of some unusual files in my msconfig startup and running processes. Unidentified items in msconfig. startup are Zeno is under C:\WINDOWS\system 32\pwinqsap.exe CORN001, Z_Start C:\WINDOWS\system32\dwdsregt.exe CORN001, Then under SOFTWARE\Microsoft\Windows\CurrentVersion\Run are : 9339047 C:\PROGRA~\9339047\9339047.exe; sd "C:\PROGRA~1\AUTOST~1\sd.exe" --checkOnly; mhnn "C:\Program Files\Obla\mhnn.exe" -vt ndrv The mhnn is also in the task manager as a running process. I cannot find any of these listed in windows explorer or my registry. Logfile of HijackThis v1.99.1Scan saved at 6:35:30 PM, on 1/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared... Read more

A:Backdoor.dsnx, Hacktool, Trojan.cmapp, Download Trojan, Trojan.downloader.gen,

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 3 answers
RELEVANCY SCORE 94.8

Hello,

My website has been hacked, and most (if not all) of my HTML pages have a line of script redirecting viewers to a site that automatically installs malware. I found this out the hard way, since despite SpySweeper reporting a suspicious program trying to install itself (which I deleted) when I tried viewing my homepage, when I reinstalled my computer in order to complete the deletion of that file, my computer is now infected with a piece of malware which Spy Sweeper calls "trojan-phisher-snifula".

Now, in addition to repeatedly re-uploading files to my website to replace altered files, I have to get rid of a piece of phony spyware. This software starts whenever Windows XP SP3 does and my desktop icons are gone. I was really worried when I tried to install HijackThis and couldn't even open the installer, but I got around this by just downloading the executable file from Trend Micro. I've created a log and attached it below.

Any help with this problem would be greatly appreciated.

Thank you.
 

A:Trojan-Phisher-Snifula infection

My goodness...

I can barely believe it, but I think I actually managed to get rid of this Trojan single-handedly.

When I was first trying to forcibly shut down the fake anti-spyware program by opening the Windows Task Manager and killing it from there, the program had the filename 08170521.exe. When I ran HijackThis, I noticed that program appear in the HijackThis log, along with its location.

Because I couldn't think of anything else to do, I deleted that file, and finally restarted my computer after a few hours, certain that the Trojan would be back when I did. To my amazement, however, not only was my desktop restored to its original state, but the fake anti-spyware program didn't reappear in my taskbar and a sweep with Spy Sweeper revealed that Trojan-Phisher-Snifula was no more.

I guess I just got lucky this time...now all I have to worry about is disinfecting my website.
 

Read other 1 answers
RELEVANCY SCORE 94.8

Thought I would pass along my experience with Trojan Phisher Snifula. Also detected was one called Trojan Generic 6.0 SO. The infected computer was a Sony laptop running XP. The infection was first detected by SpySweeper, but it could not disinfect the machine.

I then cleaned the system with AVG 7.5. It reported 300 plus tainted files, most of them downloaders masquerading as "Nero" files. (I don't have Nero on my computer, incidentally). As soon as I rebooted, the system re-infected itself.

I then ran Rootkit Revealer from the Microsoft site. It created a long list of highly suspect files, most of them (it remarked) invisible to the Windows API. I noticed that a lot of the files were 600 plus K, about the same size as many of the files detected in the antivirus scan.

I downloaded a program called "unhackme," and ran it a few times. It helped reduce substantially the list of suspect files discovered by Rootkit Revealer, but it did not completely disinfect the computer. I ran some searches on rootkit recovery software and decided to try one from Panda, a free download.

Good luck. It cleared up the rootkit infection. It reported this success itself, and I was able to confirm it with rootkit revealer.

I then followed up with AVG 7.5 again, and jettisoned the Restore files, etc.

It seems things are back to normal now, but of course the machine will bear watching.
 

Read other answers
RELEVANCY SCORE 89.2

Thanks in advance for any assistance you may be able to provide.I am running XP MCE SP3 and I've recently upgraded to Zone Alarm Extreme Security. Updates to both have been well maintained for years. When I upgraded ZAExtreme I allowed it to operate in "learn" mode. I then, after forgetting this fact, fired up my machine at a local StarBucks and did some work. Shortly thereafter I started to get the following error message:"The True Vector Internet Monitor has shut down. Do you wish to restart it?"Restarting the True Vector service simply results in the same message popping up a few moments later. The ZA UI reports that firewall and AV are disabled.I followed the instructions on the following ZA forum thread:http://forums.zonealarm.com/showthread.php?t=70616- Safemode ZA deep scan found nothing.- MBAM found nothing.- SuperAnitspyware found some tracking cookies and ten "Malware.Installer-Pkg/Gen" entries in a WildTangent subdirectory with names like {6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE (I think I deleted all of these). - I did not run A2 Free- Dr. Web LiveCD scan detected the PWSBANKER.origin (PSW? I may have transcribed incorrectly), and the downloader. It reported these as "incurable" so I told it to delete them - which it did. I have since rebooted and re-run the Dr. Web scan and it now finds nothing.I ran chkdsk this morning (although I didn't reboot into safe mode to run it). It generated six messages as follows:" Deleting index entry from $0 of file 180... Read more

A:Infected Trojan PWSBANKER.origin, Trojan download.38959

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 4 answers
RELEVANCY SCORE 88.4

Hi,AVG Free 8.5 latest updated and current Dr Web tell me that my files agp440.sys is infected.Malwarebytes says I am free and does Spyware blaster.AVG syas the file in sys32\drivers\ should NOT be removed but says the one in \dllcache\ is infected. Trojan Generic14.BLZlDr Web says I have a Trojan.Download.47257 in my \drivers\agp440.sys. Dr web has asked if I want to cure it?What should I do?I normally would just cure/delete it but when AVG says not to dlete as it is a system file, I'm not sure.Please tell me what I should do.I have XP Pro SP2.ThanksozMy HT Log..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:15:46 PM, on 30/09/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32&... Read more

A:Trojan Generic14.BLZl and Trojan.Download.47257

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 2 answers
RELEVANCY SCORE 87.6

Lately my computer has been exceptionally slow. Blue screens a time or two. Ive recognized a few other suspicious things such as 'Service Distribution Software 3.0' trying to install at 3 am for the past 2 weeks. I also looked at my ReportingEvents.log and noticed that even though Microsoft updates were downloading successfully they were not installing since 6-10-2010 (i went ahead and attached a copy of that as well). Also, Firefox was acting really funny. Taking a huge amount of time to load. I also found that even if I shut Firefox down, it was always running. Even if I went to Task Manager to kill firefox.exe, it was very difficult to get it to finally stop running.I even saw a post here saying: ------------------------------------------------------------------------QUOTELets check your HOSTS file.It's located at c:\windows\system32\drivers\etc\hosts.You can open it up in Notepad.If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it.Lets check your HOSTS file.It's located at c:\windows\system32\drivers\etc\hosts.You can open it up in Notepad.If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 local... Read more

A:Trojan horse Vundo.JW - Trojan.Mebroot. Mebroot/Sinowal Infection, Trojan.Tracur, Trojan.TDSS or what?

Hi deetheis,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - MBAMOpen Malwarebyte's Anti-Malware.Under the Updates tab, click Check for Updates. Let the updates install (if any).After that, under the Scanner tab, click Perform Quick Scan and then Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBA... Read more

Read other 2 answers
RELEVANCY SCORE 86.8

My norton AntiVirus detected two viruses:Trojan.startPage c:\windows\system\ntstub.dllDownload.Trojan c:\windows\system32\IRJIT.DLLTried to delete them by Norton but failed. Would anyone help me get rid of them? My HJT log is as follows:Logfile of HijackThis v1.99.1Scan saved at 11:09:42 AM, on 5/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\brsvc01a.exeC:\WINDOWS\System32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Canon\BJCard\Bjmcmng.exeC:\WINDOWS\system32\Brmfrmps.exeC:\tools\VPN\cvpnd.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\... Read more

A:Help! Infected With Trojan.startpage And Download.trojan

Hello pinkpony,Welcome to Bleeping Computer Optional - FLASHGET I note in your log that you have FlashGet the download manager - be aware that the trial copy bundles Cydoor adware, but when you register the Ads disappear.To remove the program: Go to Start > Settings > Control Panel > Add/Remove Programs and remove it. Your call.Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:O4 - HKLM\..\Run: [Ntech.patchs] C:\WINDOWS\system32\8FFA.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\tools\QQ\QQ.EXEO9 - Extra 'Tools' menuitem: ???QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\tools\QQ\QQ.EXEIf you uninstalled FLASHGET, then please check the following also : O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\tools\FlashGet\jccatch.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\tools\FlashGet\fgiebar.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\tools\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\tools\FlashGet\fla... Read more

Read other 8 answers
RELEVANCY SCORE 86.8

hi there,

could someone in this forum help me with these two trojan virus:

AV Software I'm using:Symantec Antivirus 2005

Virus Message:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Keylogger.Trojan
File: C:\WINDOWS\dltime.dll
Location: C:\WINDOWS
Computer: SIM-FAMILY
User: Vincent Sim
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Sunday, January 16, 2005 7:53:47 AM

Virus Message:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Download.Trojan
File: C:\WINDOWS\dltime.dll
Location: C:\WINDOWS
Computer: SIM-FAMILY
User: Vincent Sim
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Sunday, January 16, 2005 8:05:32 AM

Error message: svchost.exe cannot be started due to missing dltime.dll

I have tried many methods to remove this (including instructions from Symantec website) and it still appears.

Could some expert gurus here help me to clear these two trojans, deeply appreciated.
 

A:Having problem with Keylogger.trojan & Download.trojan... Please help!

Read other 10 answers
RELEVANCY SCORE 86.8

Hi. Just to clear it up, this is NOT the same log posted in the thread called "Unwanted tool lines, pop-ups - HijackThis log"
Ok, so Norton AntiVirus pops up again and again telling me it has discovered a virus. I apologise in advance if my translations of the warnings and messages are confusing, but I don't know what all of the English terms are.

Object name: C:\WINDOWS\system32\yiidfwocg3sk.tlb
Virus name: Download.Trojan
Action taken: Did not obtain access to the file / Cannot repair this file

I've tried following Symantec's removal instructions, but I meet two problems.
First, I'm not able to open Norton Internet Security in safe mode, second, I'm not able to delete the file manually in safe mode either. I get the message that (paraphrasing) the file cannot be deleted. Please check to see if the file is...overwriting protected (when you go to a file's properties, you see two boxes, one called "hidden", another "skrivebeskyttet" in Norwegian; overwriting protected is the best English translation I can come up with).

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 17:58:51, on 30.04.2005
Platform: Windows XP SP2 (WinNT 5.0... Read more

A:Norton Trojan alerts - Download.Trojan

Howdy, and welcome to TSF!


Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


O4 - Global Startup: P?minnelser for Microsoft Works Kalender.lnk = ?

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/gam...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/gam...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/gam...nts/y/gt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/gam...nts/y/ht0_x.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binari...dtc32_EN_XP.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://www.skandiabanken.no/CertCo...x86/xenroll.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

O20 - AppInit_DLLs: yiidfwocg3sk.tlb


Now, with all windows closed except HiJackThis, click "Fix checked"... Read more

Read other 16 answers
RELEVANCY SCORE 86.8

When I start up my laptop, I get these messages:

Internet Sharing Configuration
C:\WINDOWS\Explorer.EXE is attempting to chnage or view this computer's Internet Connection Protection settings. To give C:\WINDOWS\Explorer.EXE permission to edit these settings for as long as the program is open, click YES.
I can click Yes, No and More info. The latter does not work. I just click no because I think it's the right thing to do.

svchost.exe - Unable To Locate Component
This application has failed to start because dltime.dll was not found. Re-installing the application may fix this problem. OK

Norton Antivirus
Where: C:\WINDOWS\dltime.dll
Name: Keylogger.Trojan
Action: Removed

Norton Antivirus
Where: C:\Documents and Settin...\d[1].exe
Name: Download.Trojan
Action: Cannot be fixed

Norton Antivirus
Where: C:\Documents and Settin...\d[1].exe
Name: Download.Trojan
Action: Acces to file denied

So, after a bit of research I found out the meanings of these messages exept for the first one. What does this mean and by what is it caused? Is it possibly caused by the Download.Trojan? I think it has to be..
--------------------------------------------------------------------------

Here is the Hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 12:20:35, on 15-1-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services... Read more

A:Infected with Download.Trojan and Trojan.Keylogger

Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

Download and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.intermute.com/spysubtract/cwshredder_download.html

Then:

1 >> Restart in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

2 >> In Safe Mode run the CoolWebShredder and have it "fix" detected problems. Then run HijackThis and check and "fix" the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=6569574

O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe

O4 - Startup: winupdate53065978[1].exe

^^ you will need to manually delete this from the All Programs > Startup folder


3 >> Go to Start > Run and enter cmd and a command shell will open. At the prompt carefully type and enter each line:

del C:\WINDOWS\svchost.exe

Warning: do not confuse this with the svchost.exe which is in c:\windows\system32. Do not try to delete that.

Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History ... Read more

Read other 3 answers
RELEVANCY SCORE 86.8

I am enclosing my logfile with this message. I have ran all of the programs as told to me, however, Norton cannot fix these two viruses as they are a high-risk to my computer. My homepage is defaulting to about:blank, a message keeps popping up with the highjacking of sspMydoom.cih from port 245 and my AIM messenger will not work. Also...I would like to know, if possible, where did these two viruses originate from? Thank you for your time and patience.
-Khandi

Logfile of HijackThis v1.99.0
Scan saved at 2:55:58 PM, on 2/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ipbs32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Swcpe\Jfkhwt.exe
C:\WINDOWS\syst... Read more

A:Issues With Download.Trojan AND Trojan.Admincash

Hi and Welcome to TSF

Please consider installing the SP1/SP2 service packs for both IE6 and XP as this is a big part of your problem.

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..

Download DelDomains.inf
Right-click and select..... Save Target As

To use: Right-click and select....... Install (no need to restart)
**Note** This will remove all entries in the "Trusted Zone"

Download and install CleanUp http://cleanup.stevengould.org/

Download AboutBuster and unzip it to a folder on your the Desktop. Do not run it yet!

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following if listed.

Security iGuard
WeatherBug
Swcpe
elitebar

Security iGuard= Considered rouge and suspect product. It's recommend you remove it.

Go into HijackThis->Config->M... Read more

Read other 5 answers
RELEVANCY SCORE 86.8

Hello everyone, i have been having a lot of problems with download.trojan and backdoor.trojan. i did all of the necessary scans that were in the steps. The scans said everything was removed, but i still have an [email protected] connection and my browser is still gives me partypoker and perscription pill popups. Here is my HijackThis! logfile. Any help would be greatly appreaciated.

gfile of HijackThis v1.99.1
Scan saved at 8:35:58 PM, on 1/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\SoftPerfect Personal Firewall\fw.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\D-Link\AIRPLUS.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\N... Read more

A:Download.Trojan Backdoor.Trojan problem

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.


* * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *


Click Start -> Run - type SERVICES.MSC & then click on the OK button Locate the service - Distributed Link Tracking Client Protocol Helper
Double-click on it to open the Properties dialog.
- Stop the service by using the Stop button.
- Change the Startup type to Disabled & then click on the OK button
Then sta... Read more

Read other 3 answers
RELEVANCY SCORE 86.4

I am bieng peppered by viruses just for using mininova. I have stopped using it and have made these logs.....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:37:42 PM, on 10/4/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\bmwebcfg.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exeC:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Avira\AntiVir PersonalEdition Cla... Read more

A:Trojan horses

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.If you do not make a reply in 5 days, we will need to close your topic.I am still in training so my responses to you must be checked by an instructor first.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not... Read more

Read other 5 answers
RELEVANCY SCORE 86.4

My computer was running extremely slow and I started to get those ads that float across the screen. I ran Norton 360, and it found 2 trojan horses, associated with some software I downloaded. I remembered once I ran CombFix and it got rid of a bunch of things, and it worked well, so I ran it and have the log.

THen, to make certain I was free of bad things, I thought I should show you those logs here. I also ran HiJackThis, and here is the log. No room to post Combofix log.

Please let me know what you find. Thank you very much. Here is the HIJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:33 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Progra... Read more

A:Trojan Horses HJ Log Here

Any help will be GREATLY appreciated! Thank you very, very much.
 

Read other 1 answers
RELEVANCY SCORE 86.4

Hi there, thanks for reading -

I have barely managed to get onto this site as most websites do not work. Some links just work all the time (although slow) and some never work. It seems to be indiscriminate. My Computer also takes an age to load, but it always does. AVG antivirus scan found 15 trojan horses and 'hosts' always comes up but with minimal security risk. The Trojan horses keep coming back - especially IRC Backdoor bot or something and sometimes the vundo's. AVG antimalware found about 50 tracking cookies.

AVG can't live update - everytime it does it gets disabled. However if I restart the computer, it works again.

I really need help as I can't check my emails because i can't log onto gmail. Your thoughts are much appreciated. (I hope this posts!)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:36, on 13/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\IVT ... Read more

A:HJT Log, 15 Trojan horses, PLEASE HELP!

Read other 8 answers
RELEVANCY SCORE 86.4

Hello dear helper!
My pc-core 2 duo, with XP profesional, was infected with trojan horses:
generic 5QB, SHeur ZQ and others.
AVG, Adaware, Spyboat and Panda did not do the killing.
It keeps jumping up in AVG window and moved to the quarantine every restart of the PC
and even more often.
On top of it, pop ups keep bothering all the time.
Any cure ?
Tanks a million in advance,
Sincerely,
Srulik
 

A:trojan horses

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 86.4

I have this in my AVG anti-virus vault, it looks like the vault is full! The whole list says c:windows\system\trojan horse BHO.FMY\242114\242114.dll. I have tried to delete these and they won't! I would like to know where these came from, how I can prevent this from happening again, and how to get these (safely) out of the AVG vault? HELP.......

Read other answers
RELEVANCY SCORE 86.4

Hi everyone, I have just installed AVG free edition and it's told me i have 15 trojan horses!! 2 are in system 32 and are called Adload_r.FQ, the others are in windows\temp\ and are called downloader.Generic_r.BJ. I have tried a couple of different removal tools and neither have worked. These trojan horses aren't mentioned amongst the AVG recognised virus' and i just don't know what to do!! Please if anyone can help.. i'm so worried my pc will crash or infect someone else and i can't afford a new one.
Thank you in advance. This is my first post, so i hope i have done it right.
Best wishes,
Angel
 

Read other answers
RELEVANCY SCORE 86.4

Can someone please help me with the removal of two trojan horses: Revop.C and Lookme.A? I ran AVG and it detected but was unable to remove or quarantine Lookme.A. I also ran Adware and Spybot. Adware detected 62 objects that I tried to remove but it was unable to remove them all. The program advised me to reboot and run another scan. When I rebooted Adware was scanning and none of the screen icons appeared. It detected 152 objects. I checked each one for removal but it did not show the ususal option of quarantining them. Once Adware was done scanning, the icons appeared. However, I was unable to get the internet explorer to connect. I re-booted several times and I checked my internet properties. The homepage is correct but the IE will not connect. Before running Adware the second time, I ran Hijackthis and I am posting the log here. Ezula and Webhancer were the two I remember seeing the most of in Adware. Can someone tell me how to get rid of the Trojans and how to get IE back?Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 5:31:47 PM, on 5/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\S3... Read more

A:Trojan Horses

Read other 13 answers
RELEVANCY SCORE 86.4

Hey

I've got a similar problem to the one WilyOdysseus was talking about in the thread he started.

I browse with Firefox, but I've been getting a lot of pop ups in IE windows lately. They're pretty sporadic-- sometimes I'll open up Firefox and I'll get a couple, sometimes not; or I'll be in the middle of browsing and I'll get a couple, close them, and then go for an hour or two without getting any more. I have Ad-Aware, and I've run that, but it hasn't seem to have done anything.

Also, I have AVG 7.5 and I've been getting pop ups lately telling me that I have an infection (Trojan Horse?). I click the "heal" button and it tells me that the infection has been healed, but I'm getting those pretty regularly, too.

I don't know much about this at all, so if anyone could help me out with getting rid of these pop ups and viruses and tell me if I need to download any better anti-virus or anti-adware programs, that would be a HUGE help!

Thanks
 

A:IE pop ups and Trojan Horses?

Read other 6 answers
RELEVANCY SCORE 86.4

Trojan Horses(by me)

If you ever read the Greek Mythology books such as Edith Himiltons Mythology, you may notice a mythology story called the Illiad. Now I'm not going to post a who story here, but just the mythology facts.
The Illiad was originaly written by Homer. This was a story which three women decided to see who was sexier... Anyway they went to people and asked who was hotter... They went to this kid who was Paris(thats right Paris[rome])... As I was saying Paris told one of the women that she was a babe.. So the others started a fight... After a couple of years this became into a total desisater was was later know as the 'Trojan War' Now there was this guy called Achilies who was the greatest soldiler who was fighting against the war... So this Achilies was loosing and they said lets surrender. So they 'did'. They left on a beach a 'Trojan Horse' which was made by the losing soldilers as a gift of the other sides power. The trojans took the horse in their walls and went to sleep... At night the soldilers who were in the horse got out and sloutered everyone...
This is the most bifest explanation I can think of... In conclusion... Once trojan horses get in usually your ****ed. Thats why Trojan Horses are called 'Trojan Horses' (virus)
 

A:About 'Trojan Horses'

glad to have the benefit of your treatise.
 

Read other 1 answers
RELEVANCY SCORE 86.4

Hi All,
My AVG keeps coming up with these two threats detected.I keep clicking on heal and it says they are healed then a few minutes later they come up again.They are Trojan Horse Downloader.Agent.JUO underneath this it says C:\WINDOWS\system32\(317A3E74-2D58-4BBD-80F0-62BDEB039FCB).exe backup copy
infected

The second one is Trojan Horse Generic3.LXF which is in C:\WINDOWS\system32\(327F2719-C613-4A39-B460-2FD091D76C71).EXE
backup copy
infected.

I am running windows xp and would be very glad of any help to get rid of these things.
Thanks in advance for reading this.

A:Trojan Horses

Hello meg1What OS (Win XP/2000, etc) are you using? Have you tried doing your scans in "SAFE MODE"? Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan.Then perform this online Virus scan: BitDefender Online Scanner. Add a check by "Autoclean".[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]Post back if your still having problems afterwards.

Read other 11 answers
RELEVANCY SCORE 86.4

Can someone help me. VCOM system suite 5 keeps giving me a virus alert. TROJ_AGENT.BF in C:\Program files\WindUpdates\WinUpdt.exe & TROJ_DELF.RA in C:\WINDOWS\2_0_1BROWSERHELPER2.DLL, C:\WINDOWS\UnstSA2.exe & C:\System Volume Information\_restore0721ACC0-F20D-4993-9949-80043228A7B9\RP292. I've already disabled system restore. I've ran Norton Anti-virus Pro & a few other Trojan killers but these keep coming back even after the system suite 5 says that the files containing these have been deleted. After reading a few of the post's in the forums I downloaded hijack this and the following is what it read.

Logfile of HijackThis v1.98.1
Scan saved at 4:10:35 PM, on 08/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Progr... Read more

A:Trojan Horses

bump
 

Read other 1 answers
RELEVANCY SCORE 86.4

Logfile of HijackThis v1.98.2Scan saved at 9:54:36 PM, on 10/24/04Platform: Windows 98 Gold (Win9x 4.10.1998)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXEC:\WINDOWS\SYSTEM\MNMSRVC.EXEC:\WINDOWS\SYSTEM\MSGLOOP.EXEC:\WINDOWS\SYSTEM\MSG32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\ATICWD32.EXEC:\WINDOWS\SYSTEM\ATITASK.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXEC:\WINDOWS\SYSTEM\HPSYSDRV.EXEC:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXEC:\WINDOWS\RunDLL.exeC:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXEC:\PROGRA~1\NETROPA\ONSCRE~1... Read more

A:HJT Log - Trojan Horses

merritt, welcome. Please print this out and follow ALL these directions carefully.Make sure 'show all files' is enabled:http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=Boot into Safe Mode by tapping F8 key repeatedly at bootup.More detailed instructions here:http://service1.symantec.com/SUPPORT/tsgen...001052409420406Go to Add/Remove Programs and uninstall Viewpoint ManagerDelete if still present:C:\Program Files\BoxTopsShoppingReminderC:\Program Files\Viewpoint <== foldersStart HijackThis and tick the boxes next to all these, then close all browser and explorer windows, and tell HijackThis to "Fix checked" if still present.R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://www.w50.com/sw/searchbar/R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.w50.com/sw/searchbar/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com/search/hp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hp.yahoo.com/search/hp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.w50.com/sw/searchbar/ O1 - Hosts: 217.116.231.7 aimtoday.aol.comO1 - Hosts: 217.116.231.7 aimtoday.aol.comO1 - Hosts: 217.116.231.7 aimtoday.aol.comO1 - Hosts: 217.116.231.7 aimtoday.aol.comO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Vie... Read more

Read other 1 answers
RELEVANCY SCORE 86.4

Hello,

I have trojan horses on my computer,,, for about a month now the AVG has detected a virus optimize.exe so i click on heal it and it says it was sucessfully healed, 3 days ago i got this pop up message that said security alert and had Elitum and everything that goes with it so i clicked on yes and it wants 29.95 i said yeah right this must be a virus or something so i closed it and this popped up Windows Media Exploit i clicked no and this came up Tracking Files so i clicked no and then it stops and the next day it will do that again. 2 days ago i started getting a bunch of pop ups and it was driving me crazy so i downloaded a pop up stopper and it stops only about 4 out of 5 times,,, it stops the pop ups but still plays the music that is playing on the ad it is trying to pop up which is also very annoying so i turned off my speakers. i looked online and found this website with the hijackthis info,,, i already had spybot which found things and i got rid of them or so i thought,, i downloaded the adaware and it found like 186 things so i did that and restarted the computer like it said it ran again and it said congratsulations! that all was fine now but i am strill getting these stupid pop ups so i ran my AVG antivirus and it found 4 things Rycharde.zip,,, trojan horse Dropper.Small.24.C,,, trojan horse horse Downloader.Generic.HGT,,, and trojan horse Downloader.Dyfica.3.AP so i deleted those put them in quarantine,, well they are still popping up,, so i downloaded t... Read more

A:Have trojan horses, need help

Try going to trend micro and running their online scan and see what comes back. Also did you post your hijack this under hijack log section.

http://housecall.trendmicro.com/

Read other 2 answers
RELEVANCY SCORE 86.4

Recently my computer and internet have been running slower. And now pop ups are appearing on many pages. If you need anymore information please let me know.DDS (Ver_09-07-30.01) - NTFSx86 Run by Avril Beakhouse at 19:02:27.98 on Tue 08/04/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.226 [GMT -6:00]AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}FW: Norton Internet Security *enabled* {E641AC2D-955F-4A05-ABE7-F9C534ABDB46}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Norto... Read more

A:3 Different Trojan Horses

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 8 answers
RELEVANCY SCORE 86.4

Hey everyone. I just started having problems with my computer on Saturday with things like pop-ups and slower performance. Most of these pop-ups led me to black pages or pages that didn't work, but still. My Spyboy was going crazy asking whether or not I should allow or deny keys of unrecognizable origins to be added; I denied all of these. Every few hours I'd run scans with it for it to uncover various numbers of issues which I got rid of, but most of which came back by the time I scanned again.I've run two different AVG scans thus far; One yesterday and one today. Yesterday there were three Trojans and almost 300 tracking cookies found. Today, there were again three Trojans, but these were of different origins, and the tracking cookies went down to twelve. I'm not sure whether it's important or not, but today's scan took a little more than a half hour less than yesterday's.At the moment, my computer, save the internet, is running very slow. I noticed it in small amounts with little things like AIM or the loading of some pictures, but it was unavoidable once I saw that my Photoshop(an outdated version at that) was lagging at a crawling pace and not picking up my tablet strokes until several seconds after.I went to a good computer friend of mine. The only specific problem that he's identified thus far has been that I had PrismXL hiding on here. I've stopped that process, but things don't appear to be much better. Otherwise, I've been told to run a ClamWin scan of everything w... Read more

A:Trojan Horses, pop-ups, and others.

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stallNEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post these logs in your next reply..1. ComboFix2. A fresh HijackThis log3. Attach GMER reportRegardsfenzodahl512

Read other 2 answers
RELEVANCY SCORE 86.4

Hello,

It all started with my computer freezing.. i restarted my computer, and found that my CPU usage was stuck @ 100%. I checked task manager and the culprit was mainly 'winlogon', which took up 50%, as well as some other processes.. After a few restarts, the cpu usage went back to normal, although i was unable to access my hard drives. When id go to click on them, id get a trojan warning from AVG free 8, and itd say i dont have access / permission to my hard drive. After many hours of downloading as many anti-virus programs as i could and deleting / quarantining as much as i could, i was able to get back into my hard drives.

After a restart again, im now not able to access them again. When i click on them, the 'Open With' thingy pops up.. like as if my hard drive was an unknown file.

These are the programs i have been using:
AVG free 8, Avira AntiVir Personal, BitDefender Free, Ad-Aware, Malwarebyte's Anti Malware, Search and Destroy.. and i used some symantec program that says it removed 'vundo trojan'. My firewall is Zone Alarm. Temp file deletion programs i have are CCleaner and CleanUp!

in my HJT log, i can see [kvasoft] kvosoft.exe... and that was previously popping up as a trojan, altho before deleting it, i thought id come on here first

Thanks in advance
Logfile of HijackThis v1.99.1
Scan saved at 1:09:33 PM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running ... Read more

A:Trojan horses

Read other 6 answers
RELEVANCY SCORE 86.4

Hello,, i am new to the site,,and totally confused,, i have MS (multiple sclerosis) as well so please bare with me,, i am looking for help with trojan horse and having pop ups driving me crazy i posted in another forum but not sure that was the right one so i will post here as well, here is my problem:


I have trojan horses on my computer,,, for about a month now the AVG has detected a virus optimize.exe so i click on heal it and it says it was sucessfully healed, 3 days ago i got this pop up message that said security alert and had Elitum and everything that goes with it so i clicked on yes and it wants 29.95 i said yeah right this must be a virus or something so i closed it and this popped up Windows Media Exploit i clicked no and this came up Tracking Files so i clicked no and then it stops and the next day it will do that again. 2 days ago i started getting a bunch of pop ups and it was driving me crazy so i downloaded a pop up stopper and it stops only about 4 out of 5 times,,, it stops the pop ups but still plays the music that is playing on the ad it is trying to pop up which is also very annoying so i turned off my speakers. i looked online and found this website with the hijackthis info,,, i already had spybot which found things and i got rid of them or so i thought,, i downloaded the adaware and it found like 186 things so i did that and restarted the computer like it said it ran again and it said congratsulations! that all was fine now but i am strill getting t... Read more

A:Need help with Trojan horses

We'll require a HijackThis log from you.

But before you post your log, please read through the sticky first.

Read other 19 answers
RELEVANCY SCORE 86.4

Hi, I recently did a scan with Norton and it told me that there were 3 trojans thatI couldn't remove. I also tried to get rid of winiblue with malwarebytes, it fixedmost of it but the setup2.exe process keeps popping up. My computer alsohas been a notch slower than it normally is.Thanks.Edit: I think I removed Winiblue.DDS (Ver_09-03-16.01) - NTFSx86 Run by Eury Hiraga at 18:57:50.55 on Tue 05/12/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.381 [GMT -7:00]AV: Norton Internet Security *On-access scanning enabled* (Updated)FW: Norton Internet Security *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\system32\svchos... Read more

A:DDS log: Trojan horses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 86.4

Hi there,
The computer i'm working on, shows different viruses. I've run some checks, and been able to remove some of them, but there are still several. I'm unable to update Windows XP, because several servcies keep being inactivated. The browser sometimes get hijacked, and there are several windows coming ip.
I've run HJT and below is the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:18 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1188633417\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KB... Read more

A:trojan horses

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click &q... Read more

Read other 1 answers
RELEVANCY SCORE 86.4

My AVG shows me having several different trojans on my laptop.
Trojans: Generic_c.FTY
Downloader.Zlob.RN
SHeur.ALXZ

Virus: JS/Psyme

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:31 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui... Read more

Read other answers
RELEVANCY SCORE 86.4

Hi everyone,
My son got on my computer knowing he isn't suppose to without my my say so....but he got into some sites & got me 4 or 5 Trojans horses....would someone take a look at Hijackthis please....
Many thanks bobbylee

Logfile of HijackThis v1.97.7
Scan saved at 11:13:53 AM, on 3/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\GT\mirc.exe
C:\Program Files\180Solutions\msbb.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ClearSearch\Loader.exe
C:\WINDOWS\uptodate.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Save\Save.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\CLOCKS~1\Sync.exe
C:\Program Files\SysAI\SysAI.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Fi... Read more

A:trojan horses

Read other 7 answers
RELEVANCY SCORE 86.4

I was over in the virus section and they told me to post a HijackThis log over here. So here it is! Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:53:14 AM, on 9/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Network Associates\VirusScan\avsynmgr.exeC:\WINDOWS\system32\djgcwejf.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\WINDOWS\System32\tcpsvcs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Network Associates\VirusScan\VsStat.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Network Associates\VirusScan\Vshwin32.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Network Associates\VirusScan\Avconsol.exeC:\Program Files\Network Associates\VirusScan\Webscanx.exeC:\WINDOWS\... Read more

A:Trojan Horses And Pop-ups

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 7 answers
RELEVANCY SCORE 86.4

I'm trying to get rid of trojan horse downloader Qdown.B. I scanned my PC with Panda, Rav and Housecall. I ran Spybot S &D, Adware and CWShredder. I then ran AVG. AVG says Qdown has been healed but deteted a trojan called Lookme.A. While I was waiting on a response to this post, Qdown.B reappeared so it has not been cleared as indicated by AVG.Can someone look at my Hijackthis Log and advise me as well as providing any info on getting rid of Qdown.B ? Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 12:04:53 PM, on 5/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\P... Read more

A:Trojan Horses

Read other 15 answers
RELEVANCY SCORE 86.4

hi, Since a few days my AVG keeps popping up with warnings about several trojan horses. Altough i ask him to heal or remove this stuf they keep showing up. I'v preformed al kinds of virus scanns like, ccleaner, ad-aware se, pestpatrol, noadware, but nothing seems to work...
i've written down all the trojans my avg kept showing so here they are:
lop.DN; Lop.CV; Generic4.ZQI; BHO.AKY; BHO.AZL and finaly, win32.trojan.agent.rjtqosal.exe
The Lop.dn is the one that keeps showing up most of the times...

please can you help me get rid of all this things without losing all my files because i don't feel like losing all my wor.

here is my hijackthislog.

Logfile of HijackThis v1.99.1
Scan saved at 14:48:10, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\pestpatrol (anti-trojan)\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\... Read more

Read other answers
RELEVANCY SCORE 86.4

I have a horrible little virus TROJAN HORSE in the windows\system32\ directory filename advpac.dllA friend of mine said dont worry, get a hijack this file output and post it to this site, and the people here will sort me right out, he has used you lot loads and says that if you cant help, try format C drive, the latter being a bit scary at this point.Thanks everyone.Chris .Here is the HI JACK THIS REPORT.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:15:27, on 03/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\... Read more

A:Trojan Horses

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 2 answers
RELEVANCY SCORE 86.4

Hello.
I have viruses on my computer and i could use some help in removing them.

I also haven't been able to connect to various sites,like Panda virus site.
therefor i haven't been able to do a system scan, so i'll send the logg for my antivirus(Norton) That will show a little of what has happend.

It all started when i clicked "Yes" on a system messege that told me that the computer had been attacked by a virus and will protect itself by forbidding the startup for any .exe files and after that my CPU has been really slow.

The CPU is always at 100% and according to "taskmanager" a process called "explorer.exe" takes up about 98% of my CPU.

And a bubble popped up from Norton that windows automatic update was disabled and now I can't get it to start again? When I go to turn on Automatic Updates I get the error message 1058: The service cannot be started either because it is not enabled or has no enable devices associated with it

My first scan in Norton Internet security show me that i have four diffrents virus
unfortunatly i have removed all the viruses after my first scan, i later saw that i was not supposed to do that in a manual 8(.

My lates virus scan took over 8 hours to scan c: 54 gb, it showed that there was no viruses in my computer(!).
When i unplugged my internet cable my CPU returned to"normal".

When i open my mozilla/Explorer all kinds of diffrent webpages turn up everything from japanese searchbar... Read more

A:Help , trojan horses.

bump please

Read other 14 answers
RELEVANCY SCORE 86.4

I have just recently gotten a new computer, which is running XP. Previously I had been running 982e (understood it a lot better).

I have used AVG Anti Virus on both computers. It worked just fine with 982e, but I just got the following message from AVG (free home edition) while online I get the following messages:

VIRUS DETECTED (with a picture of a pig-like animal) .. then goes on to say:

While closing file C:\Program inetpal\GLH00a.TMP, Trojan horse dropper.small.6.l was discovered.

The other one started the same While closing C;\Program common files\GMT\gtrawbm.fil, Trojan horst Back Door. Agent.2.H. .....

Then a screen popped up with choices ... But NONE of the choices would work It wouldn't even let me close the screen down, until I agreed to keep the virus . I really don't know what's going on.

With 982e, it always worked for me immediately.

By the way, what do you do with viruses that are stored in the vault? Just leave them there? Can't they be destroyed? Sorry, but I'm not too bright about these things, so really need all the help I can get.

I think they've stopped some of the help in the free edition ... do you know if that's true?

Anyhow, now I don't know what to do

Here is a copy of my HJT log ... PLEASE help me with any problems you see there.

Logfile of HijackThis v1.98.2
Scan saved at 1:30:05 AM, on 02/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

... Read more

Read other answers