Over 1 million tech questions and answers.

Reverse-Proxy Spam Trojan - Migmaf

Q: Reverse-Proxy Spam Trojan - Migmaf

I didn't see this posted so I thought I'd give everyone a heads up to this trojan
http://www.lurhq.com/migmaf.html

RELEVANCY SCORE 200
Preferred Solution: Reverse-Proxy Spam Trojan - Migmaf

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Reverse-Proxy Spam Trojan - Migmaf

The link isn't working for me.

Read other 3 answers
RELEVANCY SCORE 62.8

Hi folks,

I am using XP-pro. I am trying to get an application, which does not let you specify any network settings and ports, to use instead of the internet which is filtered and blocked by a firewall, a connection which i established via ssh on the localhost.

I am looking for an application which will route all connections to the internet (no matter which port or only specific ports) to 127.0.0.1:whatever-port.

I am not talking about the IE proxy settings here.

Thanks
 

Read other answers
RELEVANCY SCORE 62.8

I would like to use OWA in my network, and I am using MS ISA for my proxy. I need a good resource to install a reverse proxy to come back to the network. Any ideas would be greatly appreciated.
 

Read other answers
RELEVANCY SCORE 62.4

E-mail software contains ways to block e-mail from a particular address. I'm looking for the opposite--a filter that blocks all e-mail except for those addresses I specifically designate. Is this possible?
 

A:Reverse Spam Filtering?

boaster,

MailWasher

http://www.mailwasher.net/#
 

Read other 1 answers
RELEVANCY SCORE 62

I am trying to setup a Win8 box as a "reverse proxy" web server using IIS.

The goal is as simple as it gets. I do not need subdomains to go to different servers, but rather to redirect all port-80 and port-443 (HTTP and HTTPS) traffic to http://localhost:2080.

I have been trying to get IIS to do that for a week now, without any success. I feel depressed and worthless
Is there any good soul out there who would be willing to explain me, in a few steps, how the above can be accomplished? Many many thanks in advance!

Read other answers
RELEVANCY SCORE 61.2

Thinking of using IIS and URL rewrite for a pure reverse proxy server on a Windows 10 machine which will be routing traffic to 3 Struts2 Web applications using Apache Tomcat servers on Windows 10 machines.

Please let me know whether this would be a healthy configuration.

thanks
 

Read other answers
RELEVANCY SCORE 60.8

Am thinking of using a windows 10 machine with following hardware specifications for a pure reverse proxy server which will be routing traffic to 3 other web application servers on windows 10 machines.

Processor : Intel Quad Core i7-6700K
Processor Speed : 4 GHz
RAM : 32GB DDR4.
64bit machine
HardDisk : 500GB (partitioned with 200 GB in C: drive and 300 GB in the other drive.)
Operating System : 64 bit Windows 10

IIS and URL rewrite will be used for reverse proxy and application servers will be using tomcat apache and Java Struts2.

2 of the application servers will have maximum 5 simultaneous users and third one 10 simultaneous users.

Please let me know whether above specifications are good enough.

Thanks
 

Read other answers
RELEVANCY SCORE 60.8

We are going to upgrade from Skype for Business server 2015 to 2019.  Our reverse proxy is very old.  Any recommendations for what to use for a reverse proxy in the Skype for Business 2019 environment.

Read other answers
RELEVANCY SCORE 53.6

I'm having a problem with a virus that seems to be sending out spam emails from my computer. A message comes up every second telling me that my email message was unable to be sent because my mail server rejected it. In the time it has taken me to write this message over 100 messages have popped up. They stop popping up if i disconnect from he internet. I have run malwarebytes and spybot and AVG both have found problems and attempted to fix them. Is there anything you all know of that could cause this. I have run hijack this and here is the log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:14:53 PM, on 8/1/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Fi... Read more

Read other answers
RELEVANCY SCORE 53.6

Things I've run:
temp file remover, Spybot S&D, Spyware Terminator, Super Anti-Spyware, Ad-Aware, McAfee Enterprise, TrendMicro's Housecall, Panda ActiveScan.

Things I've used:
Process Explorer, AutoRuns, HijackThis, Rootkit revealer, Rootkit Buster, Blacklight Rootkit Eliminator

While the scans did pick up some things, including Smitfraud and some proxies, the computer is still spewing spam. All of the what's-running tools are showing what looks like a pristine computer. The HijackThis log is clean, all looks right with the world in Process Explorer, there's nothing even remotely out of the ordinary in AutoRuns. In short, This computer looks very clean, and it's still infected. Does anyone have any advice or additional tools that might get this computer fixed. Several of us with a few years experience have been busting our chops on this computer and we're just completely out of ideas.

A:I Need Help Finding And Killing A Spam Proxy

Change the name of the Hijack This .exe by right clicking on it to "myscan.exe" and post a new log using the directions in the link below. Do Not Post The Log in This Forum But In the Hijack This Forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 2 answers
RELEVANCY SCORE 53.6

Logfile of HijackThis v1.99.1Scan saved at 12:43:02 PM, on 6/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\WINDOWS\stsystra.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Fil... Read more

A:Hijackthis Log For Stealthy Spam Proxy

Hello Deramin and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

Can you give me a little more detail on what the issue is? What program or information is pointing to a "Stealthy Spam Proxy"? What exactly is the system doing (or not doing)?

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 53.2

Hello all, first time poster here with a bit of a problem. About 2 weeks ago I was infected with this rogue antivirus called Security Suite. I was able to remove it after some googling, but ever since then I have been getting numerous Symantec email proxy popups that say the email couldn't be sent because of spam or some other reason. I believe I have a bot on here somehow sending out spam but have no idea how to get rid of it! I've ran Malwarebytes, Spyware Doctor, Spybot, and Norton to no avail. Google hasn't helped me, and I am not well versed with computer problems. Runnning XP SP3 on a Dell Inspiron if that helps.

Any help would be appreciated

I'll post the DDS and GMER logs soon

Read other answers
RELEVANCY SCORE 52.4

A user on our network got a virus. Whenever connected to the internet, something is trying to send spam mail and we get the symantec email proxy error messages by the 10s. The messages are exactly like those shown here: http://www.symantec.com/connect/forums/bom...ups-screenshotsI should also add that when I remove the user from the network, all is fine. The second I put the network cable in and the user gets an IP I get many pop-ups (50 or more). After many minutes I get pop-ups again. I had done some tests. First I scanned with MBAM and it didn't find anything. Symantec Endpoint Protection v.11 doesn't find anything. I tried SUPERAntiSpyware and it showed me that the PC is infected with Rootkit.Agent/Gen-TDSS on C:\\WINDOWS\SYSTEM32\DRIVERS\OYJQUW.SYS . I tried removing it and rebooted the PC but the rootkit wasn't removed (I saw from other posts that I am not the only one with that problem). I got new pop ups again.I then checked with GMER and OTL. I had read something about Combofix.exe about this Rootkit but I will wait till you tell me to run it.I post now the logs from MBAM, GMER and OTL NOTE : I had problems running GMER. I had to run GMER in Safe Mode and uncheck the Devices checkbox in order to get it finished. I was getting automatic restarts and some black screens after the restarts. It wasn't even able to boot in Safe Mode so I had to manually get the hard drive on a second PC (as a second hard drive) and perform a check disk on it.NOTE2 : I had posted another to... Read more

A:SPAM virus causes pop-ups with Symantec email proxy alerts

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 10 answers
RELEVANCY SCORE 52

A user on our network got a virus. Whenever connected to the internet, something is trying to send spam mail and we get the symantec email proxy error messages by the 10s. The messages are exactly like those shown here: http://www.symantec.com/connect/forums/bom...ups-screenshotsI should also add that when I remove the user from the network, all is fine. The second I put the network cable in and it pulls an IP, all hell breaks loose. I tried to look at process explorer to see what is spawned off then, but it just showed verclsid.exe and that didn't really lead me anywhere. The bold ones pop out to me. I tried to remove them, but i'm still having problems, so i restored them so you could see.Here is the Hijackthis:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 6:11:22 PM, on 8/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe... Read more

A:SPAM virus popping up Symantec email proxy alerts

Hi frist44,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps n... Read more

Read other 2 answers
RELEVANCY SCORE 51.2

Hello,

I have recently been scammed with a transaction via PayPal but at the same time I was sent a file which I think was an attempt to take full control of my PayPal account.

It's a little kid that's doing this and he's using a VPN to access the Internet and a VPS to route the traffic of the RAT.

Is it possible to reverse engineer a Trojan at all to find some information I can send to his VPS provider to help track this guy down?

Read other answers
RELEVANCY SCORE 51.2

Hello,

I have recently been scammed with a transaction via PayPal but at the same time I was sent a file which I think was an attempt to take full control of my PayPal account.

It's a little kid that's doing this and he's using a VPN to access the Internet and a VPS to route the traffic of the RAT.

Is it possible to reverse engineer a Trojan at all to find some information I can send to his VPS provider to help track this guy down?

Read other answers
RELEVANCY SCORE 47.6

Did scan and picked up these virus,says most are inbedded.Here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:12:01 PM, on 8/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeoplePC\ISP6000\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6000\Browser\PPShared.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HiJack This\HijackThis v 1.99.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\... Read more

A:Help: Have Trojan Java/class Loader and Trojan Horse Proxy.16z

Read other 8 answers
RELEVANCY SCORE 44

Hi, i have no idea how but somehow i have acquired a virus known as trojan-proxy.win32.cimuz.bw and it has infected this directory> File: C:\windows\system32\rsvp32_2.dllI am currently using kaspersky antivirus 6.0 and spyware doctor.I also downloaded trojan remover but that hasnt treated the trojan proxy.I also have the ameana spyware, and i have used the look 2 me , but it doesnt detect it....oddly.If someone can help id be very thankful.I am pretty newb at using hijack this, and dont wanna mess with the proccesses in fear of damaging mi computers integrity.thnxxDModerator Edit: Moved topic to more appropriate forum. ~ Animal

A:Trojan-proxy Help

Download Yahoo toolbar with Antispy and the Windows Defender (both are FREE). Run a Full scan with both programs (one after the other) and you should be good.

Read other 10 answers
RELEVANCY SCORE 44

HELP trojan/proxy
hi guys just got a nasty E-Mail from my ISP

"You are receiving this email as we have received complaints from the internet community that your computer has been sending unauthorized broadcast messages (SPAM) to other systems. It is most likely that your system has been compromised, unbeknownst to you, with a virus, trojan/proxy, etc that is allowing a remote entity to relay spam through your system. "

I eead a post about HiJack this so I did it if someone could plz check this out that would be great

here it is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:53 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.... Read more

Read other answers
RELEVANCY SCORE 44

Could someone please help me! I receive warnings that I have the Proxy.5.AT Trojan on my computer and it is found in file C:\Window\System32\uslremj.exe

After running the AD-aware program it says it has removed 6 objects and when I run AVG anti virus is says it has removed the Trojans. However when I log back on-line I am told that I have this same Trojan and to run my anti-virus software.

Can someone please tell me the exact steps to remove this. I am what you would call a novice. My operating system is XP.

Thank you,
 

A:Proxy.5.AT trojan

Read other 12 answers
RELEVANCY SCORE 44

Hello
I have a Trojan Virus that causes my PC to act as a relay for e-mail messages. when I boot up my PC I am bombarded with popups from Symantec E-mail Proxy indicating that my e-mail was unable to be sent. These popups happen continuously. I ran bitdefender on my PC and it seemed to disinfect or delete everyone except this one. Can anybody help me get rid of this thing. Any help you can give me is sincerely appreciated. I am going crazy! If anyone can help me I'd be so appreciative. Thanks.

Scott

A:Trojan Proxy.....omg Please Help!

As soon as I start up my PC I am bombarded with pop ups from Symantec's E-Mail Proxy indicating that an e-mail I was trying to send can't be sent. Some type of Virus is trying to send Spam e-mails from my PC. The popups are so numerous it renders the PC almost useless. Any help that anyone can give me is geatly appreciated. Thanks.ScottMy Logfile:Logfile of HijackThis v1.99.1Scan saved at 12:40:58 PM, on 1/7/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\System32\svchost.exeC:\windows\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\windows\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exeC:\Program Files\Pa... Read more

Read other 15 answers
RELEVANCY SCORE 44

hi guys just got a nasty E-Mail from my ISP

"You are receiving this email as we have received complaints from the internet community that your computer has been sending unauthorized broadcast messages (SPAM) to other systems. It is most likely that your system has been compromised, unbeknownst to you, with a virus, trojan/proxy, etc that is allowing a remote entity to relay spam through your system. "

I eead a post about HiJack this so I did it if someone could plz check this out that would be great

here it is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:53 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Lo... Read more

Read other answers
RELEVANCY SCORE 44

Hello,
Thanks for taking the time to read this.

I ran spyware doctor on my PC ( Windows Home XP ) and it stated it found trojan.proxy.BK in my registry at various files on HKLM\SOFTWARE\Microsoft\Tracing\FWCFG
I do not have the full version of Spyware Doctor which claims it can remove the trojan.

None of the other anti malware things on my PC can even find the trojan ie, Ad Aware, A Squared, and my Madesafe ( Solarsoft ? ) AVS / Norman firewall.

Is this a ruse by Spyware Doctor to sell me it's program or is there another way to remove trojan.proxy.BK from the registry ?

The reason I ran Spyware Doctor, in the first place, is because I received a tip from the Norman Firewall that a trojan using " Black Stealth " techniques was trying to make connections. This tip strangely only appears when I click on help on the Norman Firewall taskbar icon. The Madesafe AVS supplied as a package with the Firewall cannot find any problems when it scans the hard disc. An E - Mail reply from Madesafe was more re assuring than practical, claiming that the AVS would destroy the trojan if ever it tried to do anything. mmmmm maybe

Any advice on what may be 2 seperate issues welcomed.

A:Trojan.proxy.bk

I suggest you post a HijackThis log for examination.If there's anything on your system that doesn't belong, the HJT Team will find it, and help you remove it.Read How to post a HijackThis Log. Please read, and follow, all directions carefully.Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

Read other 1 answers
RELEVANCY SCORE 44

Hi people,

For the second time in the last couple of day's my AVG resident shield has flashed this alert on screen. I have now moved it to the virus vault and i will delete it soon.
This has happened only when running Ad-Aware,

Question I want to ask is :

1) Is it a false positive, or is it because Ad-Aware had a particular folder open
( it seems to be embedded in the system volume information.)

2) Is there a particular 'clean' program i need to run, to clean my pc?

It dosn't seem to be causing any adverse effect at the moment, but needless to say, I want it off my pc.
 

A:Trojan Proxy.cyb

Read other 16 answers
RELEVANCY SCORE 43.6

New trojan being distributed via WMF spamPosted by Mikko @ 12:44 GMTWednesday, January 4, 2006There's a new trojan spam run underway, exploiting again the WMF vulnerability.The exploit code is taken directly from the last Metasploit distribution. So the Metasploit exploit is assisting botnet herders and spyware distributors to take over the computers of users who still have no Microsoft patch to close the hole.In this particular case the spammed message was a fake warning...When curious readers follow the link to a web server under comcast.net, they are hit with a WMF file that immediatly downloads a botnet client via tftp and runs it. In case the WMF exploit wouldn't work, the front page of the site also contains an exploit against older versions of Firefox, using the "InstallVersion.compareTo()" flaw. The downloaded client will connect to a botnet hosted via several IRC servers.http://www.f-secure.com/weblog/archives/ar...6.html#00000768

Read other answers
RELEVANCY SCORE 43.6

Following previous recommendations from you, I thought I had freed myself of this. SURPRISE, it won't leave me! Run the anti-spywae EACH time I connect pc and hey-presto the Trojan is always there!

Oficially it shows it is in Files and Memory under C:\\Windows\System32\BFKABFK.DLL

What now? Lost for words!

Thanks as always,

dd
Logfile of HijackThis v1.99.1
Scan saved at 6:10:49 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Softwa... Read more

A:Trojan Spam-MuliSite/Gen plus new hjk log

Read other 13 answers
RELEVANCY SCORE 43.6

I tried to remove it by SuperAntiSpyware but when i scan for viruses it still comes out..
heelp me, thnx
here is my scanlog:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2007 at 12:52 PM

Application Version : 3.9.1008

Core Rules Database Version : 3274
Trace Rules Database Version: 1285

Scan type : Complete Scan
Total Scan Time : 00:31:27

Memory items scanned : 468
Memory threats detected : 1
Registry items scanned : 5314
Registry threats detected : 0
File items scanned : 46293
File threats detected : 3

Trojan.Spam-MultiSite/Gen
C:\WINDOWS\SYSTEM32\PDEAPDE.DLL
C:\WINDOWS\SYSTEM32\PDEAPDE.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Manessah\Cookies\[email protected][1].txt
C:\Documents and Settings\Manessah\Cookies\[email protected][2].txt
 

A:Help With Trojan.Spam-MultiSite/Gen

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 43.6

I am receiving spam emails purportedly from a friend of mine.

However, there are a couple of problems with this. First, she uses an imac. Second, she uses Yahoo email.

The emails are coming to two email addresses of mine that she knows, and when I look over the BCC list that also comes along, it sure does look like this is her address book.

What could be the vector here? Is yahoo under successful attack? Is there a trojan that affects imac that could be the culprit?

Usually spam comes from an infected system that has one or another of my email addresses in the address book and is sent with some other random user name in the "From" field, but this particular one is coming with two of my addresses, in a combination that only she has. So it pretty much has to be from her address book.

She's pretty clueless when it comes to computers, and I've googled for useful information but haven't found any. Does anyone here have an idea?
 

A:mac trojan to generate spam???

Get her to change her email password, to a complex one, using her Mac. And then see if the spam continues. If it continues, then there is a problem with her Mac.
 

Read other 3 answers
RELEVANCY SCORE 43.6

My son-in-law's computer had been infected with the "trojan.spam-multisite/gen, causing a slow computer, disabling several programs, and sending volumes of spam. The service provider notified him of the latter. I have the computer, but am afraid to connect it to my network, but I am using it offline, and using my computer to send this message

Most virus programs, including Norton fail to detect the trojan, but SUPERAntispyware does show the trojan. It says it is removing the offending file "AIIAAII.DLL", but on the required boot the trojan is still there. I cannot find the DLL mentioned anywhere on the Internet. Here is the scan log for SUPERAntispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/27/2007 at 10:02 PM

Application Version : 3.9.1008

Core Rules Database Version : 3275
Trace Rules Database Version: 1286

Scan type : Quick Scan
Total Scan Time : 00:25:17

Memory items scanned : 666
Memory threats detected : 1
Registry items scanned : 827
Registry threats detected : 0
File items scanned : 25564
File threats detected : 2

Trojan.Spam-MultiSite/Gen
C:\WINDOWS\SYSTEM32\AIIAAII.DLL
C:\WINDOWS\SYSTEM32\AIIAAII.DLL

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt

I ran the Hijackthis program and the log is listed below. Hope you can help me remove this stubborn trojan without reformatting the hard drive.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:3... Read more

A:trojan.spam-multisite/gen

Read other 7 answers
RELEVANCY SCORE 43.6

Guys,
Been battling this one on my Dell lalaptop for a while now. A flash drive or other detachable media will get a m.bat and m.exe attached automatically that was caught by AVG as a vundo on one computer and on another, Norton said it was a Trojan.SpamThru. The worm's symtoms are that it hates anti spy websites including bleepingcomputer's hijack forum and thus I have been reluctant to bounce back and forth between the laptop and the desktop in fear of infection. Tried a few things on my own Malwarebytes, AA, etc. to no avail so I'm suspecting that we have a problem that is just beyond my limited knowledge. Thanks for the help!

VanG
DDS (Ver_09-03-16.01) - FAT32x86
Run by Administrator at 10:04:25.83 on Wed 04/01/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.2.1252.1.1033.18.254.118 [GMT -5:00]
============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\... Read more

A:Trojan Infection - "Spam Thru??"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 47 answers
RELEVANCY SCORE 43.6

Hi Folks!!!:

My Mcafee caught two trojans called "SPAM-XARVESTER" & "PWS-LSP".

About SPAM-XARVESTER: It was removed and deleted by McAfee but everytime I reboot my PC it appears again and again. How can I delete it definitively?. I reboot my PC on Safe Mode but problems can not be resolved.

About PWS-LSP: Macfee couldn't quarentined or removed and my internet connection is out off since that moment (I'm writing from my wife's PC). I used many pc scans online and ad-aware programmss before loss my internet connection but the I know VIRUS is still on computer because I can't use my internet connection. Is there any way I can get it off my system. I have windows XP-SP2 and please note that I cannot access the Internet on my home computer so any assistance I can get will be greatly appreciated.
I can?t not actualize my Mcaffe because I lost my internet connection.
Excuse for my horrible english!!.
Thanks to all.
FJ

A:Trojan Pws-lsp & Spam-xarvester On My Pc

Hi Folks:

My antivirus McAfee detected these 2 trojans:

SPAM-XARVESTER: it was deleted but when I reboot my PC McAffe alerts me that this trojan was found and deleted it. This message appears everytime I connect my PC. How can I resiolve this problem??.

PWS-LSP: McAfee found this trojan and deleted it yesterday on "kgc.dll" file but when I rebooted my Pc this morning a new message appears warm me that McAfee found this trojan again in other file: "dcexlmfnd.dll"...and it's impossible clean, quarentine o delete it. How can resolve this problem too.

I Attach you my HiojackThis file:



Logfile of HijackThis v1.99.1
Scan saved at 14:18:43, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Propietario\Mis documentos\Nuevo Malet?n\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go... Read more

Read other 19 answers
RELEVANCY SCORE 43.6

Im sure youve seen this a million times but on june 8th my pc (winxp) was hit by a malware that pulled a spam bot /bot net on my pc.our internet provider said our email was used to spam alot of people after it happened.i ran several virus cleaners and get the message win\sys32\winctrl132.dll generic trojan and win32\sys32\winlogon.exe(224) generic7.rvv (could be ruu) trojan . is there a way to trace and remove this problem? thank you in advance for any info.here is my hijack this file (just run)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:14:08 AM, on 6/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\VTTimer.exeC:\Program Files\Common Files... Read more

A:Bot Net/spam Bot,win32 Trojan Help

Hi and Welcome to the Forums.Please download FixWareout from one of these mirrors:http://download.bleepingcomputer.com/lonny/Fixwareout.exehttp://downloads.subratam.org/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts.Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.After those are posted,Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Read other 1 answers
RELEVANCY SCORE 43.2

I by mistake installed some .exe file which seems to be malware. I tried the malware removal guide . Many issues were resolved but proxy settings and exceptions are still hijacked. Tools used in order:
1. Kapersky tds killer
2. Rkill
3. malware bytes anti malware
4. Hitman pro
5. Adw cleaner
Its very annoying. I even tried to delete the proxy server key in registry but no use.It automatically resets back. Please help me.
 

Read other answers
RELEVANCY SCORE 43.2

Dear forum pro's!

I've got a proxy.2.AF trojan horse on my PC, how can I get it off there!


I have run the Hijackthis programme. My log can be found below:

Logfile of HijackThis v1.97.7
Scan saved at 20:54:51, on 18-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\program files\quicktime\qttask.exe
C:\PROGRA~1\GRISOF~1\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\GRISOF~1\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\ggviewer81-30.exe
C:\Documents and Settings\Adri\Bureaublad\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.12move.nl/home/home_center.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ... Read more

A:proxy.2.AF: trojan horse?!?

Welcome to TSF.

Please run an online virus scan at either one of the below sites:

TrendMicro (set the option to Autoclean)RAV Antivirus

Uninstall the following program via the Add/Remove Program's window:

B3d Projector

After that, run HijackThis and fix the following:

O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\System32\realupd.exe
O4 - HKLM\..\Run: [b3dUpdate] C:\WINDOWS\BDE\Update\Zupdate.EXE -silent -p "C:\WINDOWS\BDE\Update" -s setup.cab

Do you know what these entries are? If you don't, remove them also:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.12move.nl/home/home_center.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O9 - Extra button: Onderzoekscentrum (HKLM)

Reboot into Safe Mode (hit F8 key until menu shows up). Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Do a search for the following (delete folders if no filename is specified) and delete them if they exist:

realupd.exe
C:\WINDOWS\BDE\

Reboot and go into HiJackThis->Config->Misc. Tools->Check for update online to get version HiJackThis v1.98 if you haven’t done so already. Do another online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option for TrendMicro. After that’s done, post a new HJT log file s... Read more

Read other 6 answers
RELEVANCY SCORE 43.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:32, on 10/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM... Read more

Read other answers
RELEVANCY SCORE 43.2

Hello,A recent scan with AVG found a series of trojan horse proxy's. Ive tried Healing them and deleting them from my system but when i re-start they return. So here is a hijackthis log...ThanksLogfile of HijackThis v1.99.1Scan saved at 16:57, on 07-04-25Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\RTHDCPL.EXEC:\Acer\Empowering Technology\admServ.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Acer\Empowering Technology\eRecovery\Monitor.exeC:\Acer\Empowering Technology\admtray.exeC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\Program Files\Acer\Acer Arcade\PCMService.exeC:\Acer\Empowering Technology\ePower�... Read more

A:Trojan Horse Proxy

Welcome to the BleepingComputer HijackThis Logs and Analysis forum caramel9 Download SDFix and save it to your desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.zipPlease then reboot your computer into Safe Mode by doing the following :* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode, right click the SDFix.zip folder and choose Extract All,* Open the extracted folder and double click RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.* Also post a new Hijackthis log please.

Read other 19 answers
RELEVANCY SCORE 43.2

Hi, today I logged onto mIRC and i was faced with the "open proxy found on host" message and was banned from the server thundercity.org. I was givin a link to follow and request removal of my adress. I was unaware I had an open proxy on my cpu so Im guessing it's a trojan or spyware.

heres the link:
http://www.spamhaus.org/query/bl?ip=67.160.169.227

I've tried some of the symantec tools and also ran ad aware in safe mode finding nothing at all.
 

Read other answers
RELEVANCY SCORE 43.2

My pc is infected with the following trojan, trojan.proxy.bk. I want to remove it from my computer. I need your assistance. The following is the log from my Hijackthis scan:Logfile of HijackThis v1.99.1Scan saved at 1:07:36 AM, on 8/18/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v5.50 (5.50.4134.0600)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\MOTIVE\MOTMON.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:&#... Read more

A:Trojan.proxy.bk Infection

HiYou are running HijackThis from a temp folder. You will need to move hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups when you fix items. These backups could easily get deleted in a temporary folder.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Download KillBox here: KillBox. Unzip it to your desktop.Double-click on KillBox.exe to launch the program.Highlight the files in bold below and press the Ctrl key and the C key at the same time to copy them to the clipboard:C:\WINDOWS\system32\shdocvn.dllC:\WINDOWS\system32\svcnt32.exeIn Killbox click on the File menu and then the Paste from Clipboard itemIn the Full Path of File to Delete field drop down the arrow and make sure that all of the files are listedClick the option Replace on RebootNow click on the red button with a white 'X' in the middle to delete the filesClick Yes when it says all files will be deleted on the next rebootClick Yes when it asks if you want to reboot nowIf you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just reboot manually.Your system will reboot now.Run HijackThis!, press Scan, and put a checkmark next to all these:R0 - HKCU\Software�... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

I noticed an unusual amount of data uploads yesterday (even when the PC's idle) so I decided to run a scan with AVG Free 7.5. The scan result showed that I was infected with Trojan horse Proxy.KJB (file: C:/Windows/system32/helpersrvc.exe). I also found a couple of unknown files on my User folder (2.exe - sometimes 3 / 4.exe) - which I deleted immediately after killing it on Task Manager. AVG managed to heal the infected file - but when I restart my system, somehow the trojan's back.I'm a Windows XP user, and so far I've followed the instructions here - no luck so far. Orange Blossom suggested to post HJT log here so here goes:Logfile of HijackThis v1.99.1Scan saved at 9:33:42 PM, on 10/02/2007Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXE... Read more

A:Infected With Trojan Proxy.kjb

Welcome shugorei First of all download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.===================================Now turn off Logitech Desktop Messenger.This program is not required to start automatically as you can run it when you need to. It is advised that you disable it so that it does not take up necessary system resources.Go to Start>All Programs>Logitech,click on Desktop Messenger. There are two check boxes which are self descriptive. You can choose to disable either or both check boxes.===================================Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO18 - Protocol: bw+0 - {5D091196-BDED-489B-AE41-D2920C47D4D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {5D091196-BDED-489B-AE41-D2920C47D4D7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {5D091196-BDED-489B-AE41-D2920C47D4D7}... Read more

Read other 10 answers
RELEVANCY SCORE 43.2

Have got the Trojan Horse Proxy.BRR
Downloaded Hyjack This .
Result log is as follows any ideas

Logfile of HijackThis v1.99.1
Scan saved at 21:03:21, on 30/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\MediaGateway\MediaGateway.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\taskdir.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\OPLIMIT\ocrawr32.exe
C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
C:\Program ... Read more

A:Trojan Horse Proxy.BRR

Do not post duplicate threads - being helped here

http://forums.techguy.org/security/454366-trojan-horse-proxy-brr.html
 

Read other 2 answers
RELEVANCY SCORE 43.2

I noticed an unusual amount of data uploads yesterday (even when the PC's idle) so I decided to run a scan with AVG Free 7.5. The scan result showed that I was infected with Trojan horse Proxy.KJB (file: C:/Windows/system32/helpersrvc.exe). I also found a couple of unknown files on my User folder (2.exe - sometimes 3 / 4.exe) - which I deleted immediately after killing it on Task Manager. AVG managed to heal the infected file - but when I restart my system, somehow the trojan's back.I'm a Windows XP user, and so far I've followed the instructions here - no luck so far.Help would be greatly appreciated

A:Infected With Trojan Proxy.kjb

Welcome to BC shugorei I suggest you follow the directions in this guide. Then create an HJT log, you will find the directions in the guide.Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log.After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 43.2

I have recently aquired the subject virus and I am having difficulty removing it.
I coppied your advice to a previous member i.e. downloaded Hijack This. Did a scan checked the log file and found the same file you told the previous user to remove. Removed the file but Trojan is still present. I have run another scan and I have pasted the logfile below.
Any ideas

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\MediaGateway\MediaGateway.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\taskdir.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Fi... Read more

A:Trojan Horse Proxy.BRR

Read other 10 answers
RELEVANCY SCORE 43.2

While booting my machine I am getting an alert from AVG that says computer is infected by a Trojan Horse Proxy.BRR while attempting to open taskdir.dll

I hit the "heal" button and it says it has successfully healed the item. I cannot find this file in the location it indicates C:\WINDOWS\system32\

I get the same message every time I reboot. Anyone have any ideas?

I know this is a problem that you have had on here before and I have read the solutions about it but I am not very sure which items I have to remove.
I have downloaded Hijackthis and run and saved a system scan.

The next post on this threadd is the log I have cut and pasted from the notepad.
Thanks in advance
 

A:trojan horse proxy.BRR

Read other 13 answers
RELEVANCY SCORE 43.2

...has been picked up twice(last night and this morning and in 2 seperate files/folders) by my AVG A/V program, it has been healed both time's but I want to know what it is and how it got onto my system, I have searched both Grisoft & Symantec site's but found no info. atall on it.

thanks
 

A:Trojan Horse - Proxy.8.C .....

Read other 7 answers
RELEVANCY SCORE 43.2

Hi, really hope someone can help. My virus protection keeps deleting this virus on start-up. Trojan-Proxy.win32.facemo.v

Comes back every time though I have tried Malwarebytes, no joy.

Here is my DDS log. Any help will be really appreciated.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Nick at 15:31:56.13 on 18/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3060.1760 [GMT 1:00]

AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: PCguard Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:... Read more

A:Trojan Proxy Virus with HJT log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 13 answers
RELEVANCY SCORE 43.2

I'm running XP and use McAfee firewall & virus scanner. These indicate no problem, but Spyware Dr, which I just ran for the first time says I've got the subject trojan, which it will fix only if I register & buy. Nothing else finds this trojan. A friend suggested HJT and you guys.

First, this is what Spyware Dr says is infected:

HKLM\software\microsoft\tracing\FWCFG
HKLM\software\microsoft\tracing\FWCFG##
HKLM\software\microsoft\tracing\FWCFG##enable file tracing
HKLM\software\microsoft\tracing\FWCFG##enable console tracing
HKLM\software\microsoft\tracing\FWCFG##file tracing mask
HKLM\software\microsoft\tracing\FWCFG##console tracing mask
HKLM\software\microsoft\tracing\FWCFG##max file size
HKLM\software\microsoft\tracing\FWCFG##file directory


Now this is what the HJT log contains (all Greek to me):

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\a... Read more

A:trojan.proxy.bk--problem or not?

Hi pawsperson44 Hi and welcome to TSF.

I too can find little on this ?virus? which automatically makes me suspicious. There is some adware on your system though, so we?ll clean that out and see if anything else turns up.


Please also make sure you include the header information at the top of the HijackThis log when posting any logs.


You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.



Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



Java Update
Your Java is out of date - this can be, and has been, exploited by malware.

Updating Java and Clearing CacheGo to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
If it is not visible, click on 'Switch to Classic View' in the left pane of the Control Panel or 'Other Control Panel Options'
Please find the Update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can ... Read more

Read other 11 answers