Over 1 million tech questions and answers.

Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Q: Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

RELEVANCY SCORE 200
Preferred Solution: Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 170

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 162.4

3 days ago AVG antivirus notified me that threats were detected by Trojan horse dropper.generic_c.MMI. All files were moved to vault and deleted however alerts continue to pop up. I downloaded MBAM which also found threats and removed them but they just reappear after reboot. Now MBAM only finds Trojan horse dropper BCMiner, however AVG continually alerts about c.MMI. Computer is significantly slower with all processes and I am often redirected now w frequent pop ups when using Firefox.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Home at 21:09:56 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2435 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k ... Read more

A:Infected with Trojan horse dropper.generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 162.4

When I started my computer I received a message saying "The NTVDM CPU has encountered an illegal instruction. CS 0000 IP: e7e7 OP: 33 3c 37 75 32" Click cancel to terminate. I then looked this up and ran an avg scan which found the above file along with Trojan horse Small.AU, Trojan horse Agent_r.IE and Trojan horse SHeur2.SCQ. I deleted them then restarted my computer only to find the same thing happen and the same files on the virus scan. I ran HijackThis and then DSS as recommended by this site. Here is the DSS log:DDS (Ver_09-02-01.01) - NTFSx86 Run by Bulman at 19:45:16.96 on 25/02/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.91 [GMT 0:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:&... Read more

A:Infected with Trojan Horse Dropper.Generic_c.APK

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 2 answers
RELEVANCY SCORE 162.4

Hello everyone,I was directed here from the "Am I infected? What do I do?" forum, because my issue required advance tools to resolve. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic461505.html ~ OB My issue involves a virus that infected my computer through a fake Adobe Flash Player update, which was detected by my anti-virus program, AVG Anti-Virus Free 2012. I posted the following description:Hello everyone,I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently:File name: c:\Windows\System32\services.exeThreat name: Trojan horse Dropper.Generic_c.MMIProcess name: C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (changed, see below)Process-ID: 3068 (changed, see below)It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 19 answers
RELEVANCY SCORE 162.4

Hi, boopme redirected me here after having me run the following scans: MiniToolBox, TDSSKiller, SUPERAntiSpyware Free, and ESET Online Scan. Boopme determined that the rootkit is protected. Below is my original post to the "Am I Infected?" forum. I am attaching the DDS text log. I did not run GMER since I am on a 64 bit system.

"I am running Windows 7 Home Premium SP1 on a Dell XPS L511Z. I keep getting pop-ups from AVG Resident Shield Alert that say
"Threat Detected!
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI (More info)
Detected on open."
The only option given is "Ignore the threat," and then occasionally it will go to another screen that says "Multiple threat detection." It will then list multiple Trojan horse infections with the option "Remove all unhealed." However, clicking on this does not remove the problem at all. I have run AVG Free, SUPERAntiSpyware Free, Malwarebytes Anti-Malware, and ESET Online Scanner. Even though they have detected the Trojans (with the exception of SUPERAntiSpyware) and said that they removed them, the pop-ups from AVG still persist."
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Barbossa at 18:51:58 on 2012-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3297 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 15 answers
RELEVANCY SCORE 162.4

I am running Windows 7 Home Premium SP1 on a Dell XPS L511Z. I keep getting pop-ups from AVG Resident Shield Alert that say
"Threat Detected!
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI (More info)
Detected on open."
The only option given is "Ignore the threat," and then occasionally it will go to another screen that says "Multiple threat detection." It will then list multiple Trojan horse infections with the option "Remove all unhealed." However, clicking on this does not remove the problem at all. I have run AVG Free, SUPERAntiSpyware Free, Malwarebytes Anti-Malware, and ESET Online Scanner. Even though they have detected the Trojans (with the exception of SUPERAntiSpyware) and said that they removed them, the pop-ups from AVG still persist. I don't know what other steps to take. Thanks.

A:Infected with Trojan horse Dropper.Generic_c.MMI ?

Welcome GastlyKazooDropper.Generic_c.MMI has the ability to download many other malwares, backdoor Trojans or worms so you should change all passwords when done.Lets run a few tools and look at the logs please.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk wit... Read more

Read other 6 answers
RELEVANCY SCORE 162.4

Hello,

I have been infected with Trojan horse Dropper.Generic_c.MMI, file name: c:\Windows\System32\services.exe

My computer has SEVERELY slowed down. Could you please assist me.

I have downloaded MalWare Bytes but it seems it is unable to resolve the issue.

Thank you.

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 23 answers
RELEVANCY SCORE 160.4

Hi,

I recently got a recurring message from my AVG9 that C:/Windows/System32/services.exe has been infected with a Trojan. The only option I am given is to "Ignore", presumably because it's a system file and cannot be removed. I am competent enough with a computer but this is my first virus so hopefully someone can help me.

There are no initial "symptoms". Windows is working fine, computer isn't shutting down, Hard drive isn't deleting itself but the problem is there and I'd like to get rid of it ASAP. Here are the log files requested:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:05, on 02/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe
C:\Users\Conor\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nero\Nero 11\Nero Ba... Read more

A:Services.exe infected with Trojan Horse Dropper.Generic_c.MMI

Read other 16 answers
RELEVANCY SCORE 160.4

AVG keeps telling me that I am infected and I have tried everything to clean it (Malwarebytes,ESET, AVG Scan, etc...). The message is as follows: "Object name";"C:\Windows\System32\services.exe", "Detection name";"Trojan horse Dropper.Generic_c.MMI", "Object type";"file", "SDK Type";"Core", "Result";"Object is white-listed (critical/system file that should not be removed)". The symptoms I have are as follows:

1. AVG Warning every hour or so
2. redirect problems when clicking search results in Google using FireFox
3. Can't open Gmail using Google Chrome
4. tabs are occasionally opened in FireFox with make money pages
5. can't enable Windows Firewall

Other than that my computer is working normally.

Results of DDS aree as follows:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by stnewton at 16:03:59 on 2012-07-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5039 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)... Read more

A:Infected with services.exe Trojan horse Dropper.Generic_c.MMI

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually ... Read more

Read other 18 answers
RELEVANCY SCORE 160.4

Hi wonder if someone could help me, recently got infected with nasty malware bundle and I have removed most of it using the likes of Spybot, Malware byte etc. But I have an infected services.exe file that I cannot seem to get cleaned up. Hijack this log file listed below. AVG is reporting the infection is caused by
"";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:39:23, on 22/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft\RATTV3\RATT.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray... Read more

Read other answers
RELEVANCY SCORE 158.8

I'm getting pop-ups while using Firefox, no other noticeable impact at this point. AVG is sending me warning messages about the viruses.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Sam at 19:40:16 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3561.1696 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Prog... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI and Luhe. Sirefef.A

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 14 answers
RELEVANCY SCORE 158.8

AVG detected a threat Trojan horse Dropper.Generic_c.MMI

ran a full computer scan with avg and it said the object is white listed and can not be removed C:\Windows\System32\services.exe . Plus, Google chrome wont let me access https websites and https websites that it does let me go through, says it has a weak algorithm. All my internet browsers also keep redirecting me to random ad pages.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Syed at 18:55:17 on 2012-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1246 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Win... Read more

A:Infected with "Trojan horse Dropper.Generic_c.MMI" on systems.exe file

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 20 answers
RELEVANCY SCORE 157.2

AVG found Trojan horse Dropper.Generic_C.MMI on my computer today. Also, I've been having problems for a couple of weeks with my Google search being hijacked occasionally (it redirects me to a different page than whatever link I click on). I read through the preparation instructions and did everything but turn on the firewall, because I couldn't (I read somewhere that this problem turns off security settings). Please help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by James at 20:05:01 on 2012-07-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2617 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k Loc... Read more

A:Infected with Trojan horse Dropper.Generic_C.MMI and google search seems to be hijacked

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 18 answers
RELEVANCY SCORE 150.4

Hi there. I found a thread in this forum similar to an issue I'm experiencing, but I want to register and open a new topic just in case this may be a slightly different case. I believe this file is a result of a virus I was sent via an IM messenger (Skype) disguised as an image file. I have already scanned my PC with AVG and HitMan two times, and removed all suspicious files, but AVG continues to alert me that this file still exists. I run a Windows 7, 64 Bit as my operating system.The threat name is described as Trojan Horse BackDoor.Generic15.BPGV, and upon restarting my computer I'll be alerted of the file in multiple locations. Afterwards I do not continue to be alerted until I reboot my computer once again. If you wish for me to reboot my PC to gather details, I can provide that. It's worth noting in contrast to the topic linked above, I (believe I) have not received an alert regarding a services.exe file, and did not appear in my HitMan scans to my knowledge.Any help would be very much appreciated. System restore is not an option due to the fact the my restore points before receiving the suspicious file were inexplicably deleted. Unfortunately, I did not save my logs of the previous scans, and am unsure if it's possible for them to be retrieved.

A:Trojan Horse BackDoor.Generic15.BPGV

Hi, MuddyMaestro! I'm going to try to help you out. This could potentially be a pretty nasty infection, but I'm going to run some things to check and clean some things before jumping to any conclusions.TDSSKillerI need you to run a scan using TDSSKiller.Download TDSSKiller from here, and save it to your desktop.Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.MalwarebytesI need you to run a scan with Malwarebytes Anti-Malware.Download MBAM from here, and save it to your desktop.Double-click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them, unless you want them.Once the program is done installing and updating, select the Perform full scan option on the main interface. The click the Scan button, hit Scan, and let the scan run.Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If ... Read more

Read other 13 answers
RELEVANCY SCORE 150.4

Hello , i'm Thee and i need help from you guys
 
I will start by telling when did that trojan came up and how my system is now.
 
I have this new Windows 8 laptop , 64bit , Dell Inspiron 14 . Its new and only 2 weeks old . Before the trojan was detected , i have AVG Free Antivirus 2013 installed . 2 days ago , when i start to turn on my laptop ,  it detected this Trojan Horse BackDoor.Generic15.BPGV in User files and its process name is under Windows/System , i moved it to virus vault and deleted the trojan there , but this trojan pops out again as Threat Detected from AVG everytime i start up my laptop for the next 4 / 5 times i restarted , until it didn't appear again when i restart so i thought it's gone for good , and then a new problem occurred . I couldn't open regedit and msconfig , it opens but closes very quickly , so i downloaded some antivirus stuffs like , Malwarebytes Anti Malware , Avast setup , ADW , HouseCall , and i cant run any one of them too , therefore i downloaded VIPRERESCUE and this could run so it scanned my laptop and detected 6 infections but none of it was the Trojan Horse BackDoor.Generic15.BPGV .
 
Next, a friend of mine suggested me Windows Defender Offline booting using a USB drive , so i went to another clean laptop and installed it in a USB , i plugged in the USB drive and restarted the computer a few times before i managed to boot it from USB drive cause i missed the BIOS button , and so the Full Scan of Windows Def... Read more

A:Trojan Horse BackDoor.Generic15.BPGV

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 11 answers
RELEVANCY SCORE 148.4

My son's Windows 7 computer has two trojan horse infections that were detected by AVG, but AVG was unable to quarantine or remove them
 Trojan 1.PNG   72.1KB
  8 downloads
 Trojan 2.PNG   55.63KB
  8 downloads. He has known about the infection for some time, but has continued to use the computer. I first became aware of the situation when he asked for help when, on boot up, he got a message "missing operating system." We were able to boot from the recovery disk, but now the infection remains and the system runs extremely slowly. We were able to download and run DDS; however, it does not create the dds.txt file, but only the attach.txt file. We ran it several times, and sometimes it creates the attach.txt file (version attached called attach2.txt
 Attach2.txt   811bytes
  4 downloads) and a couple of times it created a version which includes restore points (version attached called attach3.txt
 Attach3.txt   1.02KB
  3 downloads).
 
Internet connection on the computer has been intermittent. It was connected earlier this morning, long enough to download and run DDS and email the attach.txt files to me (I'm doing this post from my uninfected computer). Right now the infected computer is "not connected - no connection available." It should connect to the same wireless network in our home that my uninfected computer is connected to.  ****UPDATE**** The internet connecti... Read more

A:Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

Here are some more files that might help you. They are AVG Resident Shield results.
 AVG Resident Shield results 1.png   812.84KB
  3 downloads There are three more screen shots to this report, but it won't let me upload any more.

Read other 47 answers
RELEVANCY SCORE 147.2

I dont know much about computers, but I know enough to remove viruses before and this one is difficult and doing some damage. can you please help??!! the name from AVG is "Trojan horse Dropper.Generic_c.MMI"Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

A:Trojan horse Dropper.Generic_c.MMI

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 6 answers
RELEVANCY SCORE 147.2

Hi
Having turned on the pc this morning i am confronted with AVG trial message telling me that i have a virus and its vaulted and i am unable to get to it, everytime i try to go online the huge threat box comes up. I have re ran AVG 7 times now and the same happens having no knowledge of the inner workings of a pc's mind i am at my wits end, i have saved all i can to external hard drive and changed all my passwords from an uninfected pc to sites i use. the message reads c:\windows\system32\services.exe trojan horse dropper.generic_c.mmi This is all greek to me but i am assuming in the great scheme of things this isnt good. Could you please help me get rid of this and save my pc please, as a disabled user it is my only connection to the outside world. Thank you in advance steph x

A:trojan horse dropper. generic_c.mmi

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 3 answers
RELEVANCY SCORE 147.2

Referred from here: http://www.bleepingcomputer.com/forums/topic461802.html ~ OBI was told I needed advanced tools to get rid of my virus problem and to get help here... Thank you "Hello everyone, I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently: File name: c:\Windows\System32\services.exe Threat name: Trojan horse Dropper.Generic_c.MMI It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent Shield started appearing even more frequently and is reappearing at least three times per minute as I am writing this post, with the process name and -ID changed to the ones displayed above. I do not remember what the initial name and ID were, nor do I know where to find this. The frequent warning stirred me to search around the internet for possible solutions, concluding that many oth... Read more

A:Trojan Horse dropper.generic_c.mmi

"Thank you for your help!!!

TDSSkiller:

17:41:43.0775 9560 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
17:41:44.0064 9560 ============================================================
17:41:44.0064 9560 Current date / time: 2012/07/21 17:41:44.0064
17:41:44.0064 9560 SystemInfo:
17:41:44.0064 9560
17:41:44.0065 9560 OS Version: 6.1.7601 ServicePack: 1.0
17:41:44.0065 9560 Product type: Workstation
17:41:44.0065 9560 ComputerName: DIANE-HP
17:41:44.0065 9560 UserName: Diane
17:41:44.0065 9560 Windows directory: C:\Windows
17:41:44.0065 9560 System windows directory: C:\Windows
17:41:44.0065 9560 Running under WOW64
17:41:44.0065 9560 Processor architecture: Intel x64
17:41:44.0065 9560 Number of processors: 4
17:41:44.0066 9560 Page size: 0x1000
17:41:44.0066 9560 Boot type: Normal boot
17:41:44.0066 9560 ============================================================
17:41:45.0300 9560 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:41:45.0327 9560 ============================================================
17:41:45.0327 9560 \Device\Harddisk0\DR0:
17:41:45.0330 9560 MBR partitions:
17:41:45.0330 9560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:41:45.0330 9560 \Device\Harddisk... Read more

Read other 27 answers
RELEVANCY SCORE 147.2

Hi! Newbie here.

I have read through the on-going thread between Evaryn and Conspire on this trojan. I am having the same issues on my computer with AVG constantly flagging it down.

Here is the HijackThis and DDS logs.

I have also performed the first steps recommended by Conspire to Evaryn using aswMBR and TDSSKiller. I will post the logs for those separately following this.

Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:14 PM, on 8/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW... Read more

A:Trojan Horse Dropper.Generic_c.MMI

aswMBR log and TDSS Killer log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 15:09:54
-----------------------------
15:09:54.840 OS Version: Windows x64 6.1.7601 Service Pack 1
15:09:54.840 Number of processors: 4 586 0x2505
15:09:54.842 ComputerName: SCD-01 UserName: Daniel
15:10:00.096 Initialize success
15:11:22.086 AVAST engine defs: 12080300
15:11:30.764 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:11:30.766 Disk 0 Vendor: ST95005620AS SD23 Size: 476940MB BusType: 11
15:11:30.771 Disk 0 MBR read successfully
15:11:30.774 Disk 0 MBR scan
15:11:30.779 Disk 0 Windows 7 default MBR code
15:11:30.787 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:11:30.793 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
15:11:30.837 Disk 0 scanning C:\Windows\system32\drivers
15:11:43.788 Service scanning
15:12:01.539 Modules scanning
15:12:01.553 Disk 0 trace - called modules:
15:12:01.565 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:12:01.575 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008395060]
15:12:01.580 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80081dcb10]
15:12:01.586 5 hpdskflt.sys[fffff88001990189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80080b6060]
15:12:03.758 AVAST engine scan C:\Windows
15:12:06.339 AVAST engine scan C:\Windows\system32
15:13:53.555 File: C:\Wi... Read more

Read other 1 answers
RELEVANCY SCORE 147.2

Hi,

Already a while ago I did a full computer scan with AVG Anti-Virus Free. The list of detections shows a Trojan horse: Dropper.Generic_c.MMI in location C:\Windows\System32\services.exe and AVG says it is unable to clear.

My first question: is the following very easy looking step a reliable solution?:

http://123seminarsonly.com/Blog/trojan-patchepsys-or-trojan-horse-dropper-generic_c-mmi-detecting-services-exe-as-infection

Second question: if not reliable, could you assist me? (I saw here that gringo_pr assisted some people with the same infection?).
Thanks!

A:Trojan horse: Dropper.Generic_c.MMI

Hello Rivaldo,I would say it is always better to have a fix done on your own machine . As each machine has some differences in software installed.. eg the operatng system...So I think we should get a deeper look. Please follow this Preparation Guide and post it in this topic.

Read other 27 answers
RELEVANCY SCORE 147.2

Please help me.. Need this bug removed..
I tried running DDS.scr with no luck
I've run FRST64 from safe mode.. frst.txt and search.txt files attached.

Any help appreciated.

Braden

A:Trojan Horse Dropper Generic_C.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 19 answers
RELEVANCY SCORE 147.2

Hi, I just registered to this forum in hopes of manually getting rid of this virus my computer recently contracted.

I am dealing with a trojan horse dropper generic_c.MMl

Hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:22:33 PM, on 8/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\SysWOW64\RunDll32.exe
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\M... Read more

A:Trojan horse Dropper.Generic_c.MMI

Read other 16 answers
RELEVANCY SCORE 147.2

The virus "Trojan horse Dropper.Generic_c.MMI" keeps popping up of my AVG freeware every minute or so.

Unfortunately AVG isn't asking me to send it to the Virus Vault. My only option is to "ignore the threat."

I have also run Malwarebytes. It too found this same threat. Malwarebytes told me to "restart my computer" after told it to delete the threat. However, AVG keeps sending up an alert.

Please help me.

Lynette

A:Trojan horse Dropper.Generic_c.MMI

Hello. the problem is that it i attacking a Service hance the difficulty in removing it. We should get a deeper look at where it actually is and then physically get it out.Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run (it may not on a 64 bit system) skip it and move on.Let me know if that went well.

Read other 3 answers
RELEVANCY SCORE 147.2

I recently got a trojan horse dropper.generic_c.mmi virus and it started when a Adobe Flashplayer kept on trying to install no matter how many times i closed it, I then had pop ups from my AVG saying i had this virus. I ran a scan on both AVG and malwarebytes and they both popped up the virus, i tried removing it and restarted my computer to find out that it is still in my computer. Can anyone tell me how to remove this virus. From reading about this virus i saw it is very tricky to remove because it hides deep in the system. Anyone and all help would be appreciated.
 

Read other answers
RELEVANCY SCORE 147.2

Hi. My anti-virus has reported finding these Trojan horse dropper.29.ax and generic_c.vcz and other malicious software. My computer has become very slow and the task manager had been disabled but i managed to get it back. Im running on Windows Vista. thanks in advance for help.
Here is the Hijackthis Scan Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:33 PM, on 10/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\hmrojuts\lcrczqjm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\lphc5sdj0eab2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\bkhajoji.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:... Read more

A:Trojan horse dropper.29.ax and generic_c.vcz

bump, please!

Read other 19 answers
RELEVANCY SCORE 147.2

I ran a AVG scan this morning because I have been getting many popups. It seems i have a Trojan horse Dropper.Generic_c.MMI in C://Windows/System32/services.exe can anyone please help.

A:Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 13 answers
RELEVANCY SCORE 147.2

Hello everyone,

I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently:

File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI

It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent Shield started appearing even more frequently and is reappearing at least three times per minute as I am writing this post, with the process name and -ID changed to the ones displayed above. I do not remember what the initial name and ID were, nor do I know where to find this.

The frequent warning stirred me to search around the internet for possible solutions, concluding that many others are experiencing this issue and that it is likely because of a virus installed by the (fake) Adobe Flash Player update. The issue does not seem easily resolvable and most pe... Read more

A:Trojan Horse dropper.generic_c.mmi

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 4 answers
RELEVANCY SCORE 147.2

For the past couple of weeks now my AVG has been informing me of a this nasty trojan that had lodged itself inside my system32 files. Doing some research on my own i found that it is whitelisted and can't be dealt with by my antivirus programs. I've been hearing ads in my audio that are listed as Name not available in my mixer, and so far i have just been muting them. i found this forum and saw how helpful you guys are.

Here are the logs that you requested:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:09 PM, on 7/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Steam\Steam.exe
C:... Read more

A:Trojan Horse Dropper.Generic_c.MMI

DDS file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by Zach at 13:37:02 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.3713 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k... Read more

Read other 2 answers
RELEVANCY SCORE 147.2

Good afternoon! I was hoping you could help me with a nasty virus I seem to have picked up somewhere.
The only effects that I've noticed are just redirecting my web browser.

Trojan horse Dropper.Generic_c.MMI
c:\Windows\System32\services.exe
- AVG could not fix - file white-listed

There was a second error, but I do believe AVG took care of it.

Thank you in advance!

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:31:39 PM, on 7/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Users\Wesley.Lobo\AppData\Local\Sevas-S\Updater\updater.exe
C:\Users\Wesley.Lobo\AppData\Local\Sevas-S\Defender\defender.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Wesley.Lobo\AppData\Local\Sevas-S\YouTube To MP3 C... Read more

A:Trojan horse Dropper.Generic_c.MMI

Read other 16 answers
RELEVANCY SCORE 147.2

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462954 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

A:Please help with trojan horse Dropper.generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 19 answers
RELEVANCY SCORE 147.2

Hello,

I have been searching for a fix for this since yesterday to no avail. I have run Malware-bytes, AVG scan, and SUPER Anti-Spyware as well. AVG is detecting it as well as multiple tracking cookies. Any help would be greatly appreciated.

I have a DDS log but didn't want to post until instructed.

Thanks.

A:Trojan horse Dropper.Generic_c.MMI

Hello, you may as well post it,it seems stubborn to remove.Create a new topic and post it in the new topic which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Let me know if that went well.

Read other 3 answers
RELEVANCY SCORE 147.2

Hi

I have this very annoying trojan on my pc since yesterday, have checked some of the posts on here but hoping for some help. I downloaded and ran SuperAntispyware and already had Malwarebytes on, have also ran that but still no luck!

Have attached HijackThis log - thanks in advance!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:46:08, on 21/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program... Read more

A:trojan horse dropper.generic_c.mmi - please help :)

Read other 16 answers
RELEVANCY SCORE 147.2

AVG detected a threat Trojan horse Dropper.Generic_c.MMIran a full computer scan with avg and it said the object is white listed and can not be removed C:\Windows\System32\services.exeran malwarebytes and it said it found PUP.BundleInstaller.VG and Trojan.Dropper.CMiner and they were quarantined and deletedupon restart AVG is still reporting the problem.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1Run by Divabug at 16:27:16 on 2012-07-29Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16366.11829 [GMT -7:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2012\avgrsa.exeC:\Program Files (x86)\AVG\AVG2012\avgcsrva.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:�... Read more

A:Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 14 answers
RELEVANCY SCORE 147.2

HELP!!! i got this virus had it for about 2 days. running AVG.
iv seen other guides and non have really helped.
anyone have a step by step guide on how to remove this?
thanks
 

A:trojan horse dropper.generic_c.mmi

Hi and Welcome!!

Please download DDS from one of the following links and save it to your desktop.
DDS.scr
DDS.pif

Disable any script blocking protection (How to Disable your Security Programs)
Double click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.
---------------------------------------------------
Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
----------

Please download aswMBR to your desktop.
Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Click the image to enlarge it
----------

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe.
 

Read other 1 answers
RELEVANCY SCORE 147.2

Hello everyone,

I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently:

File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI
Process name: C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (changed, see below)
Process-ID: 3068 (changed, see below)

It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent Shield started appearing even more frequently and is reappearing at least three times per minute as I am writing this post, with the process name and -ID changed to the ones displayed above. I do not remember what the initial name and ID were, nor do I know where to find this.

The frequent warning stirred me to search around the internet for possible solutions, concluding that many others are experiencing this issue a... Read more

A:Trojan horse Dropper.Generic_c.MMI

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 6 answers
RELEVANCY SCORE 147.2

For the past month I have been getting an AVG threat detection which lists the filename C:\windows\system32\services.exe It appears to have originated from the following:

"Infection";"Trojan horse Generic28.UDX";"C:\Windows\Installer\{f0deb59d-a792-f4b5-8fb3-39275049aabc}\n";"N/A";"6/25/2012, 1:33:46 PM"
"Infection";"Trojan horse Generic28.UDX";"C:\Users\User\AppData\Local\{f0deb59d-a792-f4b5-8fb3-39275049aabc}\n";"N/A";"6/25/2012, 1:31:45 PM"
"Infection";"Virus found Script/PDF.Exploit";"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5PBABKI7\5[2].pdf";"N/A";"6/25/2012, 1:30:13 PM"

This infection doesn't seem to be problematic except for the constanly recurring AVG resident shield threat detection popup screen.

I have however had some large downloads when the computers are unattended which have caused download allowance violations. I am on hughesnet because there is nothing else available.

A:Trojan horse Dropper.Generic_c.MMI

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually ... Read more

Read other 6 answers
RELEVANCY SCORE 147.2

Hi,

I recently lost and then reinstalled the free version of AVG. I also have Malwarebytes and yesterday when I ran a scan AVG detected 5 Trojan viruses (and Malwarebytes detected 2). The only one that could not be repaired was the Trojan Horse Dropper.generic_c.mmi. It is under File Name: c:\Windows\Systems32\services.exe I've noticed that others have written to you about this. Could I use the same removal directions that you gave to them for the virus? Or, do I need specific instructions?

Any help would be greatly appreciated!
Thanks,
Jen

Here is the log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:54:48 PM, on 7/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXS... Read more

Read other answers
RELEVANCY SCORE 147.2

I have seen other forums with the same issue I am currently having. Even thought about follow those instructions. However, since every resolution is specific to the user I deemed it neccesary to get my own resolution.

Specs are as folllows:

Laptop: Toshiba Satellite C655
Windows 7 Home Premium (Service Pack 1)
Processor: Intel Celeron CPU B800
System: 64 bit

Installed and Ran Norton Security Suite
Did clean up a few things but could not remove this Trojan horse dropper.generic_c.mmi

Uninstalled Norton

Installed MBAM

Results:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alicia :: ALICIA-LAPTOP [administrator]

Protection: Enabled

7/19/2012 5:41:51 PM
mbam-log-2012-07-19 (17-41-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192503
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}&... Read more

A:Trojan Horse Dropper.Generic_c.mmi

Hello Victim, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.Do you have a USB Flash Drive you can use?

Read other 15 answers
RELEVANCY SCORE 147.2

I keep getting a Threat Detected alert but can't get rid of the threat. I run Windows 7, AVG 2012 free version and Malware bytes. This thing keeps opening, closing an redirecting web pages on its own. Please HELP!

A:Trojan horse Dropper.Generic_c.MMI

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 5 answers
RELEVANCY SCORE 147.2

This is from my post in the incorrect forum (SORRY):
The virus "Trojan horse Dropper.Generic_c.MMI" keeps popping up of my AVG freeware every minute or so.

Unfortunately AVG isn't asking me to send it to the Virus Vault. My only option is to "ignore the threat."

I have also run Malwarebytes. It too found this same threat. Malwarebytes told me to "restart my computer" after told it to delete the threat. However, AVG keeps sending up an alert.

Please help me.

Lynette

Since that post I have followed steps 6-9 (minus 8) from the Preparation Guide For Use...

Here is my DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mommy at 12:45:44 on 2012-07-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2935.842 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\wi... Read more

A:Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 32 answers
RELEVANCY SCORE 147.2

Here is my problem: "";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"
Specs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3037 Mb
Graphics Card: Intel(R) G41 Express Chipset, 1294 Mb
Hard Drives: C: Total - 935767 MB, Free - 791169 MB;
Motherboard: eMachines, EL1852G
Antivirus: Norton Internet Security, Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:01 AM, on 9/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\I... Read more

A:Trojan horse Dropper.Generic_c.MMI

Read other 12 answers
RELEVANCY SCORE 147.2

I am new to the forum, but have seen where you have helped others withthis virus. It started this evening with AVG detecting Trojan horse Dropper.Generic_c.MMI in the file C:\windows\system32\service.exe, but AVG won't fix it. Trend Micro Housecall 64 bit did not detect and Malwarebytes did not detect.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by John at 21:50:41 on 2012-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7934.6060 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C... Read more

A:Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 14 answers
RELEVANCY SCORE 147.2

Another Trojan Horse Dropper, it was discovered by AVG and I may have let it enter by allowing an 'update' of Adobe Flash...It redirects me to different webpages when I do a search, and sometimes opens a new tab and page when I go to a new site...Looking forward to working with someone and getting this off of my computer! Thanks.

Here are my logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:29 PM, on 8/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\program files (x86)\internet explorer\iexplore.exe
C:\program files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Al\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/f... Read more

A:Trojan Horse Dropper.Generic_c.MMI

Read other 16 answers
RELEVANCY SCORE 147.2

Hi Tech Support Guy,

Ive got a Trojan horse Dropper.Generic_c.MMI and after searching for awhile on google and attempting to remove it with regedit. This bad boy keeps coming back for more and will not go away.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:22:23 PM, on 8/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Users\DDW\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DDW\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danieldavidweddings.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink... Read more

A:Trojan horse Dropper.Generic_c.MMI

Read other 16 answers