Over 1 million tech questions and answers.

PC infected with samuk, WebToolbar.Win32.WhenU.u & Backdoor.Win32.Hupigon.jfsf

Q: PC infected with samuk, WebToolbar.Win32.WhenU.u & Backdoor.Win32.Hupigon.jfsf

Dear sirs,

Please help me get rid of these malwares & worms. My AVG did not detect them, only Karpersky seen them. My problem is how to get rid of them safely. Please help me. I use my laptop for games and school purposes.

Thanks in advance.

Below is my DDS scan result:
DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 14:59:41.34 on Tue 02/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft? Windows Vista? Business 6.0.6002.2.1252.65.1033.18.3061.1820 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atashost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=71&bd=PRESARIO&pf=laptop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: brassring.com\sjobs
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-2 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-7-2 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-2 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-2 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-2 108552]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-1-7 20376]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-2 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-7-2 1370488]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-17 193840]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-17 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-13 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2009-3-23 97408]

=============== Created Last 30 ================

2010-02-27 11:08:50 524288 --sha-w- c:\users\user\NTUSER.DAT{b25c05ec-238d-11df-b339-001a6b21ceed}.TMContainer00000000000000000002.regtrans-ms
2010-02-27 11:08:49 65536 --sha-w- c:\users\user\NTUSER.DAT{b25c05ec-238d-11df-b339-001a6b21ceed}.TM.blf
2010-02-27 11:08:49 524288 --sha-w- c:\users\user\NTUSER.DAT{b25c05ec-238d-11df-b339-001a6b21ceed}.TMContainer00000000000000000001.regtrans-ms
2010-02-24 22:08:58 65536 --sha-w- c:\users\user\NTUSER.DAT{fdaa274d-218d-11df-8751-001a6b21ceed}.TM.blf
2010-02-24 22:08:58 524288 --sha-w- c:\users\user\NTUSER.DAT{fdaa274d-218d-11df-8751-001a6b21ceed}.TMContainer00000000000000000002.regtrans-ms
2010-02-24 22:08:58 524288 --sha-w- c:\users\user\NTUSER.DAT{fdaa274d-218d-11df-8751-001a6b21ceed}.TMContainer00000000000000000001.regtrans-ms
2010-02-13 10:24:55 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-13 10:08:28 98816 ----a-w- c:\windows\sed.exe
2010-02-13 10:08:28 77312 ----a-w- c:\windows\MBR.exe
2010-02-13 10:08:28 261632 ----a-w- c:\windows\PEV.exe
2010-02-13 10:08:28 161792 ----a-w- c:\windows\SWREG.exe
2010-02-10 01:34:38 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 01:34:38 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 00:57:46 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 00:57:46 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 00:54:08 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 00:54:07 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 00:54:06 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 00:54:05 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 00:54:05 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 00:54:05 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 00:54:05 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 00:54:05 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 00:54:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 00:54:04 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 00:54:04 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 00:53:18 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 00:53:18 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-08 16:16:56 0 d-----w- c:\program files\Quick Startup
2010-02-06 01:39:38 0 d-----w- C:\KonicaMinolta
2010-02-05 23:05:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-05 22:59:48 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-05 14:41:06 0 d-----w- c:\users\user\appdata\roaming\GlarySoft
2010-02-05 14:29:21 0 d-----w- c:\program files\Ask.com
2010-02-05 14:29:12 0 d-----w- c:\program files\Glary Utilities
2010-02-05 14:13:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-05 01:51:33 0 d-----w- c:\programdata\Temp
2010-02-04 11:26:06 318976 ----a-w- c:\windows\system32\cmd.execf
2010-02-04 11:02:53 0 d-----w- c:\program files\Bing Bar Installer
2010-02-03 04:08:14 0 d-----w- c:\users\user\appdata\roaming\Uniblue

==================== Find3M ====================

2010-03-02 06:10:48 3076 ----a-w- c:\windows\bthservsdp.dat
2010-03-02 06:10:19 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 02:46:32 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-06 02:46:32 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-06 02:46:32 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-12 12:40:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-16 19:18:41 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-10 04:48:49 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-03 06:17:40 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 15:01:56.63 ===============

RELEVANCY SCORE 200
Preferred Solution: PC infected with samuk, WebToolbar.Win32.WhenU.u & Backdoor.Win32.Hupigon.jfsf

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: PC infected with samuk, WebToolbar.Win32.WhenU.u & Backdoor.Win32.Hupigon.jfsf

BUMP please

Read other 19 answers
RELEVANCY SCORE 122

Hello People,

My anti virus says that I am infected with virtumonde, the exact message is "a variant of Win32/Adware.virtumonde application found". It found infected dll files in System32 but cannot remove them. So I tried trend micro, onecare.live but nothing seems to work. Kaspersky online scan tells me that I have Backdoor.Win32.Hupigon, which I believe is just another name for Virtumonde.

The fake/deceptive warning message of 'my pc being infected and i should try Antivirus 2009' pops up only when I browse with Internet Explorer, since I use Chrome, the pop-up doesn't bug me so much. Please I need some guidance as how to remove it. I have done the scan with DSS and also with Kaspersky online and the reports are pasted below. Hopefully anyone out there can help me. I apologise to bug you guys during holidays and thanks in advance for any help.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 24, 2008 13:01:28
Records in database: 1509397
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statist... Read more

A:Infected with VirtuMonde/Backdoor.Win32.Hupigon

Hello zish,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you. To get a HijackThis log :Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 14 answers
RELEVANCY SCORE 119.6

Hi!

One of my laptops was infected by a trojan yesterday. Passwords and account numbers was compromised so that sucks.. I have now installed and scanned with Spybot, Malwarebytes, Kaspersky, Secunia. Among other not so serios things Kaspersky found the trojan in the thread title. Is there any reason to believe that my comp is still insecure and do you have any other advice in that case? otherwise I'll start changing passwords et.c.

thanks in advance/ Matt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:07 PM, on 08/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Apoint2K\Apoint.exe
C:\Program\TOSHIBA\E-KEY\CeEKey.exe
C:\Program\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program\TOSHIBA\Toshibas zoomningsfunktion\SmoothView.exe
C:\Program\TOSHIBA\TOSHIBAs kontroller\TFncKy.exe
C:\Program\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program\TOSHIBA\Tvs\TvsTray.exe
C:\Program\Apoint2K\Apntex.exe
C:\Program\Net iD\iid.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\RocketDock\RocketDock.exe
C:\WINDOWS... Read more

A:system infected by Backdoor.Win32.hupigon.hshr... gone? please advice

One more thing: After kaspersky had removed the trojans and my systems seem clean, I have gotten error messages, saying that "the generic host process for win 32 has stopped working".
Like the blaster virus used to do. No forced restarts though. Don't know if it means anything but hey.

/Matt
 

Read other 1 answers
RELEVANCY SCORE 118.8

I am not sure but i think the monderc came from a PS CS 4 download. That my friend executed in my laptop...So heres the logs--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Sunday, July 6, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, July 06, 2008 17:57:34 Records in database: 918909--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - My Computer: C:\ D:\ E:\ H:\Scan statistics: Files scanned: 59919 Threat name: 2 Infected objects: 18 Suspicious objects: 0 Duration of the scan: 01:10:36File name / Threat name / Threats countC:\WINDOWS\system32\vtUmJCvs.dll/C:\WINDOWS\system32\vtUmJCvs.dll Infected: Trojan.Win32.Monderc.gen 3C:\Arquivos de programas\Common Files\Microsoft Shared\Speech\svchost.exe//Armadillo/C:\Arquivos de programas\Common Files\Microsoft Shared\Speech\svchost.exe//Armadillo Infected: Backdoor.Win32.Hupigon.cdpb 1C:\WINDOWS\system32\moqnxwyo.dll/C:\WINDOWS\system32\moqnxwyo.dll Infected: Trojan.Win32.Monderc.gen 6C:\Arquivos de programas\Common Files\Microsoft Shared\Speech\svchost.exe... Read more

A:Trojan.win32.monderc.gen / Backdoor.win32.hupigon.cdpb

Nevermid, format :c rulez

I wanted to format my pc long time ago, took me 1 hour only to install windows and all the programs i need.

Ty anyway.

Read other 1 answers
RELEVANCY SCORE 116.4

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 108

A few days ago Spyware doctor started picking up malware on my machine which I removed (for example: Trojan.Hiloti.Gen). Subsequently my browser started redirecting me frequently so I downloaded the free version of Avast and ran a boot scan. That scan found Win32:Malware-gen in 6 files (3 on my C drive and the backup of those files on my USB H: drive were also infected), and Win32:Hupigon-ONX in the file C:\hiberfil.sys.McAfee and Avast do not pick up these infections during normal scans, nor does MalWareBytes or Spyware Doctor. Avast was unable to remove the infections during the boot scan; the infected files are Visual C *.cab files and the program claimed to be unable to delete or sequester the files in the Virus Chest.I need help figuring out how to remove these infections. I followed your instructions and have generated logs with DDS. However I have been unable to generate a log with GMER and need help.I have been trying for 3+ days to generate the GMER file; however the computer bluescreened after 4 hours the first time (PFN_LIST_CORRUPT). The second time I ran it in Safe mode with networking disabled and the computer bluescreened at some point after at least 14 hours (I was asleep; no specific message only a stop location). The third attempt was also made in safe mode, and the computer apparently rebooted itself while I was away at work, losing the scan again.I am posting my DDS file below and attaching the second file as instructed. I would appreciate any help... Read more

A:Infected with Win32:Malware-gen and Win32:Hupigon-ONX

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 17 answers
RELEVANCY SCORE 108

Hi I have this detected on my computer.

Backdoor/Win32.Hupigon.gen and this Trojan/Dropper.Agent.ejd
I have runned Spyware doctor and antivirus and removed a bunch of spyware files, but I don't think it's gone.
I am very afraid to do anything on my computer since I run my own business on it and have heared that the Backdoor/Win32.Hupigon.gen infection is a remote control en keylogger.

I hope someone can help me to remove all the infections, many thanks in advance.
Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:49, on 2-3-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL... Read more

A:Backdoor/Win32.Hupigon.gen

Bump, I hope someone can help me.
Thanks in advance.

Read other 10 answers
RELEVANCY SCORE 108

Hi there

Everytime we open a webpage now this Windows Antivirus error box appears saying a worm is on our computer and we have been infected with backdoor.win32.hupigon.fixn I tried taking a print screen of the error and paste it in paint to save it and when I tried to open paint it asked me what program I wanted to use to open it, and I chose paint, and it said not found, same for notepad, control panel etc etc etc.

When this error comes up saying about the worm it asks me if I want to evaluate now and if I say yes it takes me to a Windows page where I can buy a program to get rid of it and if I click evaluate later it keeps coming up on every single web page making new tabs over and over again.

What should I do ? I tried downloading Spybot S&D and it won't let me. I can't do anything on here and the wierd thing is only a few days ago I redid my computer with the recovery CD's to clean it all up.

I also just tried doing the recovery CD again as I need this sorted and it won't let me do that. When I insert the system recovery CD, it reboots as it should be when it starts again it is supposed to load the CD and it doesn't ... it just comes up saying cannot find rundll32 or something like that.

A:backdoor.win32.hupigon

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

Read other 28 answers
RELEVANCY SCORE 106.8

On December 6 I was websurfing when a fake version of a Windows antivirus warning popped up. I did not load it, and ran my Avast antivirus and Spyware Terminator, which both showed nothing. I ran them again in Safe Mode, still nothing.

In the past week, I have had trouble loading one website, officedepot.com. Every time I go there, the page only partially loads, and it freezes my IE7 browser. I usually can get out, with difficulty, through Task Manager. -- But not today. It totally froze the browser; I had to do a power down.

Yesterday I ran Kaspersky Online Scanner; it identified a Backdoor.Win32.Hupigon.tsy trojan. The file was iexplore.exe\fdcatch.dll/iexplore.exe\fdcatch.dll. Online research shows this file is linked to Fresh Devices' Fresh Download program, so today in Safe Mode, I removed the program and ran my 3 registry cleaners: CCleaner, Glary Utilities, and RegCleaner 4.3. Then I re-ran Kaspersky, which showed my machine was clean.

When I returned to IE7 in Normal Mode, the officedepot website froze my browser. Could you please help me get rid of this trojan? THANK YOU.

I have Windows XPSP2, IE7. Other security programs include PrevX2 and Comodo Firewall.

After I ran HijackThis, I re-ran CCleaner, ATF Cleaner, and PrevX2.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:54 PM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode with network support
Running processes:
C:... Read more

A:Backdoor.Win32.Hupigon.tsy Trojan

BUMP

I would really appreciate someone taking a look at my problem. I am not sure if I got rid of all the viruses, or if my problem is also an IE7 problem.
 

Read other 1 answers
RELEVANCY SCORE 106.8

Hello everyone,

After updating "a squared", I did a quick scan. Well This: Backdoor.Win32.Hupigon.burx got picked up on the scan! I had, "a squared" quarantine it! What kind of program is it? Is it a virus,spyware, or something else?

I tried looking it up on the internet, to see if there was anything on it there. But nothing came up. So it has to be relatively new! Or else there probably would be information on it already on the internet!

I know I should delete it! But, Is there a way to trace how it got into or onto my computer? Then trace it back to who put it there? I know it is possible. But very very highy unlikely! Just curious!

If you need more information just ask me.

A:Backdoor.win32.hupigon.burx

I have just updated MY a2 and got my 'normal' warningsif memory serves you have both superantispyware and malawarebytes on there?suggest fully update BOTH , reboot; run super on a full computer scan in safe mode and malawarebyts also on a FULL scan in NORMAL mode; see what they find?

Read other 6 answers
RELEVANCY SCORE 106.8

Hi, PC is running XPHome, AVG 8 Av & Firewall. I run Lavasoft's Ad-Aware manually on the weekend to supplement the (almost) daily running of AVG.

On the weekend - & much to my surprise Ad-Aware notified me of a hupigon infection of Superantispyware.exe! Now I recall SAS requesting that I authorise an update last week. It does this from time to time and I thought nothing of this and so clicked 'yes'; I believe it was a new version including language updates. If SAS.exe really was infected at source, then does this mean that the download site has been hacked & infected. Or is it a false positive?

Anyhow, I did some quick research on the web and decided that as no other symptoms were present I should let Ad-Aware 'clean' SAS.exe and then I uninstalled SAS via the control panel. As I use it very rarely.

I then ran Kasperski Online Scanner this evening. It found Backdoor.Win32.Small.gmi in a trial download of Guitar Pro V5 demo software. This is not detected by MBAM or AVG. Could this be another false positive?

Your guidance much appreciated.

Regards, David

A:Backdoor.Win32.Small.gmi & Hupigon

Hello there David.Please try a couple of these free online scanners to see if anything has slipped by your protection:(Be advised that some of these scanners will pickup things in "quarantine" from other anti-virus programs - so review the results carefully)http://www.pandasecurity.com/homeusers/solutions/activescan/http://us.mcafee.com/root/mfs/default.asphttp://housecall.trendmicro.comhttp://www.bitdefender.com/scan8/ie.htmlhttp://support.f-secure.com/enu/home/ols.shtmlhttp://onlinescan.avast.com/http://ca.com/us/securityadvisor/virusinfo/scan.aspxhttp://www.eset.com/onlinescan/http://www.kaspersky.com/virusscanner Scan Only - no removalIf you find that you're infected (or the scan doesn't complete or closes unexpectedly), post in the Am I Infected forum located here: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/regards, The weatherman

Read other 3 answers
RELEVANCY SCORE 103.2

Greetings. Here are all the symptoms:

- soon after boot, popup box says "khelper.sys not found"
- when on the network, popup box every 1 min or so says "iexplore" (sic)
- task manager, registry editor, Symantec Antivirus, Symantec Firewall are disabled (no errors, but the normal way to start them does nothing at all)
- firefox is no longer working; it gets in a loop trying to install something, fails with an error in a popup window, click ok, and cycles back to try again
- Microsoft Malware Removal Tool says it found backdoor win32/hupigon.gen!e and "partially fixed" it (the "iexplore" popup doesn't come up now, but everything else is still there).
- event log shows an attempt to replace beep.sys (stopped by Symantec?), net udp port sharing service failing soon after reboot, same for hid input service, and a few others
- it also mentions hacktool rootkit in khelper10.sys, and something similar for killer10.sys
- there are some messages that tcp/ip connections reached the maximum allowed, but network connectivity seems to be ok (with some exceptions, I suspect some ports are blocked?)

I hope you can help. From what I've read on the forum about what you do and in your spare time---you guys are incredible!

Thank you.

SM

DDS (Version 1.0) - NTFSx86
Run by stefanos at 20:51:12.58 on Tue 11/11/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.195 [GMT -5:00]

============== Psuedo HJT Re... Read more

A:backdoor win32/hupigon.gen!e suspected but Symantec Antivirus disabled

It took some work, but with your tools and info on these threads I think I took care of this... No symptoms now, at least not visible.

I have saved all the infected files I found, for any use by anti-virus developers.

I believe I also have the IP address of the hacker, for any use by firewall/anti-virus developers or law enforcement.

This is an invaluable forum... Thanks.

SM

Read other 1 answers
RELEVANCY SCORE 99.2

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 99.2

Hi,What started it all, I heard my Dial-up modem trying to connect to the Internet and saw a window after visiting a Normal website. I have followed the advice for getting rid of spy-ware etc etc as well as running the online scanners from Kaspersky, Pandasoftware, Nanoscan (a part of Pandasoftware), Windows Live Onecare and Bitdefender. I have updated and run Ad-aware, Spybot, AVG Anti-Spy and Anti-virus in Safe-mode and normal mode.Even in Safe-Mode, Firefox opened up and said that it couldn't connect to www.12345678901234567891.com as I wasn't connected to the internet (I was in Safe mode). But most of the time it is trying to connect via dial-up modem which I dis-activated. I have also run CCLEANER. I have tried Cleanmgr but it didn't give me any options, aprt from which drive to choose.AVG found: Dialer Agent.K , Trojan.Dialer.qn and Cookie .com and .NetflameWindows Live OneCare Found: Backdoor:Win32/VB c:\system volume information\_restore(37e664f8-8ea4-42bd-ae96-4e548a8d5763)\rp255\a0122579.exe Likely InfectedC:\windows\system32\wnscujsa.exe Likely InfectedAdware:Win32/WhenU.SaveNowC:\programmi\daemon tools\setupdtsb.exeBitdefender Found:Suspected of: Generic.Malware.SFYd.C5A77B86C:\System Volume Information\_restore{37E664F8-8EA4-42BD-AE96-4E548A8D5763}\RP252\A0120104.exeInfected with: Trojan.Vundo.DMAC:\System Volume Information\_restore{37E664F8-8EA4-42BD-AE96-4E548A8D5763}\RP255&#... Read more

A:Infected With Adware:win32 Whenu.savenow, Smitfraud-c.toolbar888

Hello English Teacher,Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 28 answers
RELEVANCY SCORE 98.8

Hi,I have been told to come here by cryptodan in the following thread.www.bleepingcomputer.com/forums/topic386369.htmlAs you can see I had a problem with AVAST detecting Win32:Hupigon-ONX[Trj] in 3 MP3s. These were sent to Avira where only one was detected and but they said this about it: "The file has been determined to be 'DAMAGED FILE (MALWARE)'. In particular this means that this file is damaged and not working properly. Nevertheless we were able to determine that it contains malicious code fragments."As for the third file that also came back clean.I have run the following scans: MBAM = CLEAN, SuperantiSpyware = 2 cookies from a trusted website, AVAST = CLEAN and also Windows Defender = CLEAN. The scans were run as FULL scans with everything being scanned.I have run CCLEANER (I'm sorry to say, it deleted all my web browsing and yes I had unchecked the History tab. No chance of getting that back again I suppose.)I have dis-activated my virtual drive and disconnected my external drive. As for the Firewall, it has blocked these strange IPs 239.255.255.250 and 255.255.255.255 caused by "svchost.exe"Is there anything else I can do to check the security?Below is the DDS.txt (it was too big to attach.) and attached is the "Attach" log. NB The "ARK" log was too big to attach. Shall I post it?Thanks a lot.Windows XP Pro SP3, Pent 4, 3 Ghz, 512MB RAM (Yes I know not a lot!!)Firewall: Comodo 5.3.181415.1237Anti-Virus: AVAST... Read more

A:Maybe infected with Win32:Hupigon-ONX [Trj]

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 14 answers
RELEVANCY SCORE 98.8

Hi,

I recently put on to my computer some MP3s so that I could transfer them to my mobile. However, while I was listening to some on the computer my Anti-virus AVAST detected a virus in three of the songs. The virus detected was Win32:Hupigon-ONX [Trj]. Of course I immediately sent them to the virus chest. and then sent them to Avira to be checked. I have received replies for two of the three so far. In one they didn't find anything but the second they said this "The file has been determined to be 'DAMAGED FILE (MALWARE)'. In particular this means that this file is damaged and not working properly. Nevertheless we were able to determine that it contains malicious code fragments." As for the third file, I'm still waiting to hear from them.

I have scanned with AVAST, MBAM and SUPERAntiSpyware. Nothing else has been detected.

Is there anything else I could use to check or any other advice? Thanks in advance.

Windows XP Pro SP3, Pent 4, 3 Ghz, 512MB RAM (Yes I know not a lot!!)
Firewall: Comodo 5.3.181415.1237
Anti-Virus: AVAST 6.0.1000
Other Security: MBAM 1.50.1.1100 , SUPERAntiSpyware 4.49.1000 , SpywareBlaster 4.4

A:Maybe infected with Win32:Hupigon-ONX [Trj]

Can you post the scan logs for MBAM, SAS, and Spyware Blaster?

Read other 9 answers
RELEVANCY SCORE 98.8

My Avast antivirus recently started detecting a whole host of viruses. I ran a thorough scan of all files and deleted every infected file until the scanner turned up a hit in the operating memory. It then suggested I run a boot sector scan - I did so. Upon rebooting Avast started detecting more viruses. This time I rebooted into Safe Mode and ran the scanner there, deleting everything I found. Apparently one of the files I deleted was important, because after that my computer Blue-Screened during boot-up and I had to do a system restore to a save point from a few days ago (before the virus was contracted). Since then the virus has continued to crop up, and I haven't the foggiest notion of how to get rid of it.

The title is a list of the virus descriptions that my Avast scanner gave me. I ran all the programs the walkthrough on this site instructed me to, but the RootRepeal program crashed and generated an error message and crash report, both attached (error message in .png image format - I took a screenshot of it).

Thanks for your help!

__________________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bryan at 18:56:06.09 on Wed 12/02/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1546 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32&... Read more

A:Infected with js: downloader-FT Win32:Banload-GLR Win32:Malware-gen Win32:Refpron-AW Win32:Rootkit-gen Win32:VB-NWC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 98.8

m ades, windows xp sp3
to whomever can help- i tried to remove some viruses
using info from bleeping, but am not having any luck.

i downloaded a file that i thought could help me on another
matter, but it had a virus that zone alarm's active scan did not
catch.

it was a rootkit virus. i tried tdsskiller several times as well as
malwarebytes, and thought i finally got rid of it. then another
virus popped up despite my not having connected to the internet.

another was this patch virus that kept redirecting my opera
browser. malwarebytes did not see this, but zone alarm did.
i tried to get rid of it and used tdsskiller, and thought i did.
i had to keep switching between safe mode and
normal mode to do it. i had no problems for two weeks, then
both seemed to pop up again. my guess is that i never
actually got rid of them. i tried zone alarm, malwarebytes,
and tdsskiller over and over again, with no luck. then my
ability to connect to the net went away. i gave up and restored
my hdd using the file i made just after i thought i had gotten
rid of the problems, so that though i would still have the viruses,
i would get back the net. using tdsskiller and malwarebytes
still did not work, and a new virus showed up. .

i'm including the logs from zone alarm, malwarebytes, and tdsskiller.

i would really appreciate help.

first to show up. used tdsskiller, seemed to be removed, kept showing back up.

(Forged): C:\WINDOWS\system32... Read more

A:infected with Rootkit.Win32.ZAccess.e, HiddenFile.Multi.Generic, Trojan.Win32.Patched.mf,, Backdoor.Agent.Gen) -> Value: Sh...

ps i have mbam, zone alarm,tdss,
and hijack logs, but was not sure
how to post them since the number
of text characters on this page
was limited.

Read other 70 answers
RELEVANCY SCORE 96.8

I've been downloading a lot of media content with uTorrent. I'm very careful and generally able to detect false content, and I'm running the free version of Avast! but I still managed to get a virus. I started getting "You are infected" type messages that were not coming from my antivirus software prompting me to "run a scan" and, I'm sure, eventually asking for a credit card number to download some "antivirus" program that I don't want or need. I'm already running the free version of Avast! I was unable to open media players, task manager, add/remove programs, etc. Each time I got a "cannot open - the file is infected" sort of message.I programmed a really thorough Avast scan and it found:Win32:Hupigon-ONX [Trj]Win32:Malware-genI'm sorry to say that MWB found nothing and neither did Spybot. I had Avast delete the infected files, but I'm still seeing some buggy behaviour.Your help would be very much appreciated!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~DDS (Ver_10-03-17.01) - NTFSx86 Run by Rob - Admin at 19:58:37.98 on Wed 07/28/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1451 [GMT -7:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvc... Read more

A:Win32:Hupigon-ONX [Trj] and "you've been infected" false messages

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 27 answers
RELEVANCY SCORE 96

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 94.8

family member used facebook, not sure if they used ie or firefox, since 2 shortcuts are on my desktop to both of them, it's a family laptop. SIGH :angrykaspersky picked up WebToolbar.Win32.MyWebSearch.bh htp://ak.exe.imgfarm.com/images/nocache/funwebproducts/2.3.64.2/MyWebFaceSetup2.3.64.2.SA.HP.GRfox000.exe//mwsSetup.CommonCodebase.exe Low And also virus HEUR:Trojan.Script.Iframer htp://yt1.spec.quantcast.com.ad0pt.com/?aid=q818731330045236&label=aki881=&size=728_90&label=17635&wu=8uuq9&id=30045236&qoc8=1946d391&ffaq3=18jcb1&pcl=cnzbji3 High I scanned with kaspersky and everything is clean, this shows up in details and reports, why wasnt it quarantined? family doesnt know security and dunno what they clicked when the warning popped up IMAGINE IF they allowed it I use vista 32 home premium and gmer does NOT work, it runs it scans - then it just freezes the whole osMbam full scan detects nothingi have combo fix logs ready when requested, 2 of them, 1 i scanned in safemode and the other in normal mode.

A:not-a-virus:WebToolbar.Win32.MyWebSearch.bh

Hello and welcome to Bleeping ComputerPlease post the combofix logs in your next post.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32ahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sCREATERESTOREPOINTClick the Quick Scan button.The scan should ta... Read more

Read other 5 answers
RELEVANCY SCORE 94

Hello,Please help if you can .I ran free Avast! version 5.0.677 on my Windows XP desktop computer (Pentium 4, 1.5 Ghz CPU, 1 gb ram), and came up with the following virus warnings. Unfortunately the Avast! software internal tools to remove it are grayed out and not functioning. I tried a couple of things to remove viruses from help online and then realized I was in way over my head. I found this forum and am now requesting help.Avast! says I am affected with:JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and Win32:VirutAttached a screen shot of Avast! with viruses and partial path to them. Computer's Symptoms (not sure if these are all due to old slow processor or malware):Computer is freezing often;When it is in sleep mode it is turning itself on;Seems to be downloading stuff often and slowing down;Monitor is going black forcing reboots often;Couple weeks back I began getting floating ads that pop up when browsing online;I get an error message daily that says AdAware has shut down unexpectedly, do I want to send a report? I have been ignoring this, not knowing if it was important, been several weeks.Ok, I think that is all I can think of to share. Please help if you can. I appreciate it.Thanks,Dancer~~~~~~~~~~DDS (Ver_10-03-17.01) - NTFSx86 Run by ljk at 15:52:28.93 on Mon 09/20/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.102... Read more

A:Please Help ~ Infected with JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and...

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain from running tools other than those I su... Read more

Read other 42 answers
RELEVANCY SCORE 92

Hello, I scanned computer with Kaspersky Antivirus and it finds this trojans:Trojan.Win32.Agent.brboBackdoor.Win32.Hijack.alBackdoor.Win32.Hijack.anBackdoor.Win32.Small.hgiTrojan.Win32.Agent2.ehn It can remove them, but they come back immediatelly after I connect to internet... How I found that something is wrong: within one or two minutes after turning on computer websites start to load extremely slowly. Downloading of large files, which is started before, continues with maximum speed. Only thing that fixes loading of websites is unplugging of network cable for ten seconds and then plugging it back. Then it works fine - for one or two minutes:(---------------------------------------------HijackThis log: (i was unable to complete D.D.S., it only shows command line window for half hour and nothing happens)---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:07:24, on 1.3.2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Kaspersk... Read more

A:Unable to remove trojans Backdoor.Win32.Small.hgi, Backdoor.Win32.Hijack.an etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 86.4

Hi first of all thanks for what you do I love this site its been a lifesaver to me many times.
I use Microsoft Security Essentials and these viruses where detected.

"pws:win32/fareit" "backdoor.Win32.cycbot.B" "backdoor.Win32.cycbot.G"

after using the "remove selected" option from Microsoft Security Essentials several minutes later the viruses where detected once again. I used the "remove selected" option again.

Now Microsoft Security Essentials hasn't alerted me of anything within a substantial amount of time but I'm still weary of the virus hanging around somewhere on my computer. It should be noted that at the same time my MSE(MicrosoftSE) caught the virus I was doing a Malware bytes antimalware scan and did a "removal" of what it found. Maybe the two scanners clashed and didn't effectively remove something

I had to change my settings in Firefox so I could access the internet, a proxy was changed
Every time i restart it seems a new virus is found...specifically "win32. (something) "

Can you please take a look at my log and let me know whats going on
Thanks again for your help, you guys are great!!! Heres the HJ log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:39:20 AM, on 11/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\Alienware\... Read more

A:pws:win32/fareit "backdoor.Win32.cycbot.B" "backdoor.Win32.cycbot.G" removed?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===The HijackThis tool is not ready for the 64 bit operating system. In your case I need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.===After the scan please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:[list]Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress&qu... Read more

Read other 2 answers
RELEVANCY SCORE 85.6

I have no idea how to remove this malware from my registry, i already delete the file vnc-3.3.7-x86_win32.exe, but i dont know hot to remove the others malware from my restore file, please help me. this is the karpesky online report
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, September 13, 2007 1:57:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 13/09/2007
Kaspersky Anti-Virus database records: 412837
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 121193
Number of viruses found: 5
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 02:30:38

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\PokerStars\Notes.txt Object is locked skipped
C:\Archivos de programa\PokerStars\PokerStars.log.0 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab\AVP7\Report\0042_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab\AVP7\Report\0044_Web_Monitoring_eventlog.rpt Object i... Read more

Read other answers
RELEVANCY SCORE 84.8

Every 10 minutes or so, I get a pop up from Windows Defender telling me I have win32.backdoor-DNM (sorry i switched the letters around in the topic) on my computer and to enable protection. The link leads to a site that wants you to download their scan. It won't let me go to any other pages. Most of the time now, my browser won't even open or will crash pretty quickly. One of my scans with spyware terminator caught it but said it couldn't get rid of it, restart the computer, and scan again. The 2nd scan didn't pick up anything but I still have the problems. Any help would be greatly appreciated

-Nicole
DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 21:52:55.59 on Fri 03/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.435 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real ... Read more

A:Infected with win32.backdoor-DMN

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you ... Read more

Read other 5 answers
RELEVANCY SCORE 84.8

Hi, I need help in removing these viruses; please see dds.txt and attach.txt attached. I recently deleted a file: c:\program files\gateway\hpa\uninstal.exe - is this crucial to my computer? It said it was infected so I had Comodo remove it but I don't think that was ideal.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Authorized User at 22:38:17.13 on Mon 07/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.298 [GMT -4:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\App... Read more


Hi, not trying to bump - can anyone help? ;x

Read other 3 answers
RELEVANCY SCORE 84.8

"Deckard's System Scanner v20071014.68
Run by user on 2007-12-20 18:25:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-12-20 10:25:39 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:15 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\devices.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\... Read more

A:Constant pop ups - Win32/Oneraw!generic and trojan.Caiijing and Backdoor:Win32/Sivuxa

Bump pls

Read other 19 answers
RELEVANCY SCORE 84.8

My son has managed to get his laptop infected with multiple trojans and malware i have discovered. Although he has not been complaining of any specific issues with it to be honest.Any help you could give me to remove all of these completely would be much appreciated.DDS LogDDS (Ver_09-02-01.01) - NTFSx86 Run by Jonah at 12:02:30.93 on 19/02/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2038.1006 [GMT 0:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k Lo... Read more

A:Multiple infections including Trojan.Win32.Agent.azob and Backdoor.Win32.IRCBot.efv

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 23 answers
RELEVANCY SCORE 84.4

Firefox and Mostly IE is experiencing redirects when I search through any search engine. Avast is continuously stopping malware in the Windows\Temp folder.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ricardo at 15:09:36.31 on Sun 12/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2184 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\... Read more

A:Infected with Win32:Malware-gen, Win32:Rootkit-gen, and Win32:Spyware-gen

Please close this post. I'm reformatting and reinstalling an Acronis Image prior to the infection. Thanks anyway.

Read other 2 answers
RELEVANCY SCORE 84.4

Hello all,Because of my careless actions while using my computer and IM i got infected and now i cant get rid of it. Im getting now ad pop-up's only, and i think i got rid of some infections that came but still there are left a few. I got this infection about a week ago. Computer hasnt been used much after that 'cos i had to go away for a week and didnt have time to try to fix it then. Now i tried to fight with this for a couple of days, but no glorious victory for me here.Kaspersky's online scan report is last in my postIf you have time and knowledge to help me, i would appreciate it.Thanks in advancemain.txt:Deckard's System Scanner v20071014.68Run by Jaybird on 2008-06-07 14:21:17Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Jaybird.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:21:28, on 7.6.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\W... Read more

A:Infected With Win32.virtumonde/win32.monde/win32.ircbot

Hello Jay-EM and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 2 answers
RELEVANCY SCORE 84.4

So I originally started trying to deal with this problem in the Am I infected? What do I do? forum. I did not post any logs in that forum and thankfully quietman7 was very helpful in assisting me. Almost all of my issues are described in the first post here.After that first post, quietman7 suggested that either manually clean out my Java Cache or run BrowserCleaner to essentially do the same, so I did both. He also suggested that I try doing an online scan with Eset and so I did. The result of this scan found and quarantined another trojan under the description:================C:\Program Files\BitLord\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan deleted - quarantined================I then viewed the "Preparation Guide" and began following the steps listed there:I disabled my CD Emulation software with DeFoggerI ran a DDS and RSIT log scanI ran a GMER LogHowever, I had to run the GMER log 3 different times in order for it to generate a full log. The very first time I ran it, my computer got really far into the scan, and maybe 4 and a half hours into it, my computer BlueScreened. Even though it only gave me the BSOD once, it was still a little unsettling to see. It's also important to note that I have a Windows 7 SP1 32-bit OS, so GMER should be compatible with my syste... Read more

A:Infected withWORM/Yahos.rb, TR/Packed.AL Trojan, Win32/Hupigon.CJKIBCX Tro, JAVA/C-2009-3867.EH Java virus, BHO: WormRadar.com...

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 12 answers
RELEVANCY SCORE 84.4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:54 PM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHom... Read more

A:Win32.Trojandownloader.Zlob and Win32.Backdoor.Sinowal and possible other infections

Hello and welcome to TSF

==========
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

============
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

Read other 7 answers
RELEVANCY SCORE 84.4

Mod EDIT: oved to proper forum~Virus, Trojan, Spyware, and Malware Removal LogsHi.I got infected by a backdoor malware, and don't realy know how to remove it. I saw some proccess you did with others helping them to remove so I installed the Hijackthis and got the following details.Hope you can assist. Thank you.here are the details:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 19:58:28, on 02/12/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18975)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exeC:\Users\MONA\AppData\Local\Temp\liwyfg.exeC:\PVSW\Bin\w3dbsmgr.exeC:\Windows\system32\svchost.exeC:\Windows\... Read more

A:HELP!! How to remove backdoor trojan win32/rbot.gen and win32/harnig

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 84.4

system spec

intel 6320
2gig ram
ATI HD240
unkown MB


recently i noticed my pc getting a lot slower than normal IE scrolling down on an email would cause the window to stutter where normaly it would be smooth. i ran a virus scan useing AVG (paid version) and it didnt come up with anything i also ran adaware and i tried to install spybot but it unable to connect to the server to install. i tried the same spybot exe on a seperate machine and it installed fine

the computer was still slow so i ran a kaspersky online scan which found a few trojans and backdoors (see attached txt) that AVG fails to detect.


DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by L.HALL at 20:30:22.25 on 24/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1443 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceSer... Read more

A:Trojan.Win32.Agent.dkai, Backdoor.Win32.Delf.nut plus others

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 84.4

Hi all.I installed COMODO Firewall a few days ago and have been noticing strange programs trying to access the Internet: apcupsl.exe, acledits.exe, and ansii.exeAll three were picked up by the Kaspersky Online Scanner as viruses. (See
 kaspersky.html   23.45KB
  40 downloads)Many thanks in advance for any suggestions/advice!******************************************** Here's the main DSS/HJT log ********************************************Deckard's System Scanner v20071014.68Run by Owner on 2008-06-02 18:12:28Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --8: 2008-06-02 22:12:35 UTC - RP8 - Deckard's System Scanner Restore Point7: 2008-06-02 21:09:47 UTC - RP7 - ComboFix created restore point6: 2008-05-28 16:28:26 UTC - RP6 - Installed Windows XP KB947864.5: 2008-05-28 16:28:02 UTC - RP5 - Installed Windows XP KB942763.4: 2008-05-28 16:27:23 UTC - RP4 - Installed Windows XP KB941569.-- First Restore Point -- 1: 2008-05-28 14:22:18 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:12:56 PM, on 02/06/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet E... Read more

A:Backdoor.win32.ircbot.dhk/dfk And Trojan-ddos.win32.agent.ca

Hi,Any idea how you got this infection? It was installed a couple of minutes later than software from ACD Systems. Did you use a crack there or something?Anyway... * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 10 answers
RELEVANCY SCORE 84

Hi,I recently got a popup from Windows Live OneCare stating that the following has been found.Trojan - Asx/Wimad.TTrojan - Asx/Wimad.FWin32/Zonebac BackdoorWhat can I do to remove it? Help would be much appreciated!! Not sure if this relates but I keep getting a notification from one of my security programs asking me to verify a Internet Explorer Add-On tats trying to install. I dont even use IE. i use Firefox. Also here are the results from hijackthis. Thanks !!---------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:43:40 PM, on 11/2/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Windows OneCare Live\winssnotify.exeC:\Program Files\Apoint\Apoint.exeC:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\AOL\1224723021\ee\aolsoftware.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Progra... Read more

A:Infected with win32/zonebac BACKDOOR!

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, p... Read more

Read other 2 answers
RELEVANCY SCORE 84

Hi there

I have the Backdoor.Win32.Sinowal.knf trojan.

I run ESET Antivirus and Malwarebytes (the free version) - neither of these detected it. Kaspersky's TDSKiller detects it but doesn't clean it.

I'm getting a bit desperate and I'm on the verge of running ComboFix, however, with all the warnings it has I thought it best to err on the side of caution and post here first.

Thanks in advance

A:My PC is infected with Backdoor.Win32.Sinowal.knf

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 11 answers
RELEVANCY SCORE 84

hi everyone. I just found out I had this when windows defender notified me this morning. can't seem to delete the files and would really aprreciate any help.

A:infected with Backdoor:Win32/Cybot.b

Hello edgel21, please run these and post the scan logs.Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page. Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet. alternate download link Note: The file will be randomly named (i.e. 5mkuvc4z.exe). Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs. The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders). If prompted to dowload the Full version Free Trial, ignore and click the X to close the window. If an infected object is found, you will be prompted to move anything th... Read more

Read other 8 answers
RELEVANCY SCORE 84

As the discription suggests, I am looking for a specific removal tool for this virus. As the scanners I have used claim to remove it and it just shows up again later. Any help would be appreciated.

A:Infected: Backdoor.win32.mosucker.30.b

Hello this should take care of itDownload and scan with Dr.Web CureItDownload Dr.Web CureIt! from our web-site. Run the utility and press the "Start" button in the opened window. Confirm the launch by pressing the "OK" button and wait for the scanning results of the main memory and startup files. If you want to scan hard drives of your computer, select the objects for scanning in the central part of the scanner window and press "Start scanning" in the right bottom corner.To scan your computer with the most up-to-date Dr.Web virus databases next time you should download new Dr.Web CureIt! package. For this, press the "Update" link on the first utility screen, which leads to our ftp-server where the latest version of CureIt! is located. Download the utility and run it again. Scan using safe mode ... How to start Windows in Safe ModeDownload, Install and update ..Reboot back into safe mode and scan with the Free Home user version of SUPERAntiSpywareDelete anything found and reboot back to normal mode.

Read other 13 answers
RELEVANCY SCORE 84

Ive ran ad-ware 2008 and this has shown up. i Removed it, but every time i rescan it is back.

Heres the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:25 PM, on 12/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Xfire\xfire.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\PROGRA~2\mcafee\msc\mcshell.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
c:\PROGRA~2\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet ... Read more

A:Infected with win32.backdoor.agent

bump
seems like every time i restart my scanning programs find more things it wants to remove.
 

Read other 1 answers
RELEVANCY SCORE 84

For a while now, I have had problems installing Microsoft Updates. The two same updates would pop back up every time I turn my computer on. I've been running AdWare and Zone Alarm to see if there were any bugs preventing me from installing the updates. Yesterday, while running a virus scan, it caught the bug Backdoor.Win.Delf.uzu. After searching the web for this, I found out that it was actually only discovered yesterday (june 8, 2010). Everything on my computer has been slow, especially the last two days. When running your "Gmer" program, my computer pretty much froze up. I waited about 3 hours and nothing was happening.DDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Administrator at 7:38:52.79 on Wed 06/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1074 [GMT -7:00]AV: ZoneAlarm Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program... Read more

A:Infected with Backdoor.Win32.Delf.uzu

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 20 answers
RELEVANCY SCORE 84

Hi,
I am totally new to this forum so there may be some errors in posting on my part.And thanks to all those who are helping people on this forum selflessly !!!
PROBLEM: Few days back when i inserted my usb drive into my laptop,i found some new folders like Hot Movies and Funny Videos which were not there earlier.I tried to delete them but they kept coming back.Even after i formatted my pendrive ,these files are not going.After that my Antivirus :Microsoft Security Essentials detected virus "Backdoor:Win32/Poison.E" and i removed it but it kept coming back on every restart of my laptop.I tried Malwarebytes,Super antispyware,Kaspersky Free Online scan but still it was detected by Security Essentials on every restart.Then i restored my pc to an earlier date and the error stopped.But now on every restart a notification is coming that"Your Browser Settings were changed by another program" and its giving two options of either keeping the earlier settings or change to new settings.I want to get rid of this.Please help ! And also give a solution to clean my pendrive.

DDS Text log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by samsung at 11:55:15 on 2012-08-22
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1956.1007 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae... Read more

A:Infected with Backdoor: Win32:Poison.E

Is anyone going to help me on my problem?

Read other 19 answers
RELEVANCY SCORE 84

I am running Kaspersky AV 2010. Every time I boot up, Kaspersky finds and "disinfects" Backdoor.Win32.Sinowal.fka from DEVICEHARDDISK1DR1. I have attempted booting into the Recovery Console and using Fixmbr on that disk. I have also tried various tools to try to "clean" the virus. The latest tool I tried was Combofix, which I read about on another forum. However, that did not work. I can post the resulting Combofix log here if requested. Any assistance is appreciated.ThanksSorry, forgot to post the DDS, which follows. The Attach.txt and Ark.txt are attached as instructed:DDS (Ver_09-12-01.01) - NTFSx86 Run by dave at 15:58:57.78 on Wed 12/09/2009Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.810 [GMT -5:00]AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ===============C:WINDOWSsystem32svchost -k DcomLaunchsvchost.exeC:WINDOWSSystem32svchost.exe -k netsvcssvchost.exesvchost.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32LEXBCES.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32LEXPPS.EXEC:WINDOWSCTHELPER.EXEC:WINDOWSsystem32CTXFIHLP.EXEsvchost.exeC:Program FilesRay AdamsATI Tray Toolsatitray.exeC:WINDOWSSYSTEM32CTXFISPI.EXEC:Program FilesUPHCleanuphclean.exeC:WINDOWSSystem32svchost.exe -k HTTPFilterY:Program FilesMozilla Firefoxfirefox.exeC:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtblfs.exeC:Documents and ... Read more

A:Infected with Backdoor.Win32.Sinowal.fka

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 2 answers
RELEVANCY SCORE 84

While running Zone Alarm Extreme Security my computer somehow became infected with backdoor.win32.zaccess.ob. I cannot find much info on this specific virus online. Four antivirus programs find the virus but cannot delete it. They all say they will delete on reboot or to reboot to complete the removal but my computer won't reboot. It appears to be shutting down, the screen goes black but the computer is still running. I have to turn it off manually by holding the button. This also happens even when I click to turn off the computer ever since it became infected. I have to cut the power manually.

Zone Alarm finds the virus as: backdoor.win32.zaccess.ob

Malwarebytes finds it as: TrojanDropper:Win32/sirefef.B.exe

SuperAntispyware finds it as: Heuristic Agent-stream/Resident

Searchbot finds it as the exe program that appears in my task manager.

I tried running in safe mode with networking but the virus is also active in safe mode! The only difference is that in safe mode the program does not appear in my task manager.

I have tried everything I know. I cannot kill it in task manager , it won't let any of my antivirus programs reboot to complete the removal. I removed what registry entries I could find but that didn't help.

This virus is attempting to broadcast my information to numerous IP's. Zone Alarm firewall is blocking the attempts, or it is blocking 257 attempts about every 15 minutes. I hope that is all of them.

How can I get this out of my com... Read more

A:I'm infected with backdoor.win32.zaccess.ob

Please disregard and delete. I posted this in the wrong forum. I just posted it in the correct one, sorry.

Read other 2 answers
RELEVANCY SCORE 84

Apparently I am infected with Backdoor.Win32/IRCbot.DL. None of my virus scanners can find it and windows defender says it exists but it cannot remove the virus. It redirects me from websites onto random sites unrelated to the one I attempt to navigate to. I was hoping someone could help me remove it because I am concerned for the welfare of my computer.Sincerely,Klassy Edit: Attached wrong attach.txtDDS (Ver_09-12-01.01) - NTFSx86 Run by Nick at 21:19:02.02 on Sat 03/13/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1535.654 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Program Files\Avira\AntiVir Desktop&... Read more

A:Infected with Backdoor.Win32/IRCbot.DL

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please run Gmer, a rootkit scanner.Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to... Read more

Read other 2 answers