Over 1 million tech questions and answers.

Infected by "Trojan.win32.monder.gen" and "Trojan.win32.Dialer.hh and rw"

Q: Infected by "Trojan.win32.monder.gen" and "Trojan.win32.Dialer.hh and rw"

Argh.

The Pandascan took about 4 days... not because i have got a lot of stuff on my computer, but because it went trough like 1 file per second.

I didn't install the IE-Spyad, because i allways uses Mozilla.

The "Critical updates" installer doesn't work because something with some
languages??? but i have the "automatic installer" activated.

The Trojans i have found are:
Trojan.win32.monder.gen
Trojan.win32.Dialer.hh
Trojan.win32.Dialer.rw


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:12, on 16-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\Programmer\F?lles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\F?lles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\Programmer\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Programmer\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\F?lles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\F?lles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\F?LLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\F?lles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\F?lles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETV?RKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.paolonani.com/controls/I...mageUpload.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://msnau.oberon-media.com/online...ploader_v6.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\F?lles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\F?lles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\F?lles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8159 bytes


Hope you can help!

Greetings

Oliver

RELEVANCY SCORE 200
Preferred Solution: Infected by "Trojan.win32.monder.gen" and "Trojan.win32.Dialer.hh and rw"

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected by "Trojan.win32.monder.gen" and "Trojan.win32.Dialer.hh and rw"

BUMP, please

Read other 1 answers
RELEVANCY SCORE 192

Hi There,

I have been hit by at least one virus / malware attact, and despite runing various anti-virus programmes I am still having severe problems removing a virus that ZoneAlarm calls "Trojan.Win32.monder.gen" (ZoneAlarm Security Suite cannot remove this buck).

My XP machine is running bad and it seems to be getting worse all the time (I have struggled with the problem for 2 weeks now).

Can someone help me to remove it manually, because I am not capable of operating computers at this highly specialised level without assistance. Girls like me usually trust software programmes to solve the problems, but when this fails I am in serious trouble.

I sincerely hope that there's someone who can assist me,

Thanks in advance,
/Nicky

A:How to remove "trojan.Win32.monder.gen" virus

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

Read other 13 answers
RELEVANCY SCORE 190

I have tried ZoneAlarm but with no success...
I saw in one of the blogs detailed explanation so I downloaded part of the programs they instructed to use but I don't know what to do now.
Can anybody guide me how to remove it...
 

A:Solved: help get rid of "Trojan.Win32.Monder.gen"

Read other 11 answers
RELEVANCY SCORE 186.4

I am having difficulty removing the virus trojan.win32.monder.gen. The infected file is in my C:/Windows/system32/rqRJCRL.dll. I have Zonealarm checkpoint and have Norton 360 running on my MS XP. My zonealarm keep on popping up trying to delete the file but not able to so my computer is running sluggish. I try to delete the file using the safe mode but still not work because it is being used by a program. Now I am stuck and don't know what is the next move to do. Please help and i greatly appreciate it.

A:Please Help! how to get rid of "trojan.win32.monder.gen"

Im Sorry but here are my log files that Hijackthis created.... I run it while im on Safe Mode because my computer is so slow.... Please Help!!! Anyone, anybody?

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-14 07:48:26
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
10: 2008-05-13 16:14:23 UTC - RP224 - Software Distribution Service 3.0
9: 2008-05-13 16:14:22 UTC - RP223 - Removed J2SE Runtime Environment 5.0 Update 11
8: 2008-05-13 16:14:22 UTC - RP222 - Removed Java(TM) 6 Update 5
7: 2008-05-13 16:14:22 UTC - RP221 - Removed DFX 8 for Windows Media Player
6: 2008-05-13 16:14:22 UTC - RP220 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-13 16:14:21 UTC - RP215 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:47 AM, on 5/14/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WIND... Read more

Read other 2 answers
RELEVANCY SCORE 184

Hi there,

I'm using Windows XP SP3. I'm having a good deal of trouble with both "Win32/Cryptor", "Packed.Monder" amongst others. AVG is also reporting "Trojan Horse Backdoor.Genericll.AJFO" and "Trojan Horse Rootkit-Pakes.M".

The main problem I am having is that when running in normal mode, my computer is suddenly restarting without warning!

Before this happens, typically AVG will become aware of about 3 - 6 sudden instances of infection - C:\Windows\System32\drivers\braviax.exe (cryptor) or C:\Windows\system32\drivers\ntfs.sys (rootkit-pakes) among others. And then the computer will surely restart.

Here is what I did before running DDS and GMER.

Firstly I ran a full scan in AVG (while in safe mode). I have the log of this if you need it.

After this, I ran AVG again, it removed 10 infections - I rebooted my computer and then installed the Malwarebites Anti-Malware scanner, updated it, renamed the .exe file and ran a quick scan which removed
a host of other infections.

After this, my computer wasn't restarting anymore, but I'm nearly certain the viruses are still around. In fact, I think it might have something to do with the fact that I'm disconnected from the internet now.

Here is what DDS gives me now:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 20:26:17.59 on 16/08/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2553 [GMT 1:00]

AV: AVG... Read more

A:"Win32/Cryptor", "Packed.Monder" Issues

BUMP please! Sorry guys. My computer has been out action for days!

Read other 1 answers
RELEVANCY SCORE 176

I went to a website of a ligit company and a pop up came up asking if I would accept the certificate...thinking that this is a real company I accepted...as soon as I did my system restarted it self. When it loaded back up of course I had warnings from my virus detector that I was infected, but it was in quarentine..obviously not because I keep getting the pop-up.

I tried MANY times to run Panda ActiveScan however it would go so far and quit...after numerous tries I stopped it after it detected some things.

Panda ActiveScan

Incident Status Location

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Adware:adware/wupd Not disinfected Windows Registry ... Read more

A:"Your computer is infected!" pop-up (trojan-downloader.win32.adload.ma

Please download BootCheck.exe to your desktop.Double click BootCheck.exe to run the check
When complete, a Notepad window will open with some text in it
Save the Notepad file to your desktop as BootCheck.txt
Copy the contents of BootCheck.txt and post it in your next reply

Read other 19 answers
RELEVANCY SCORE 175.2

Whenever I open my internet explorer I always get this message saying Your computer was infected by "Trojan.Win32.Obfuscated.gx" It happens everytime I open IE and it also does it whenever I try to open a new page. Heres a link to what it looks like when I try to load a page http://i61.photobucket.com/albums/h5...1/untitled.jpg

I dont know what the hell it means and I really want to get rid of it. All help is very appreciated, and heres my log

Logfile of HijackThis v1.99.1
Scan saved at 2:00:13 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCO... Read more

A:Your computer was infected by "Trojan.Win32.Obfuscated.gx"

up to the top, need help guys please help me out

Read other 3 answers
RELEVANCY SCORE 174

Hi,
My pc was infected with the trojan win32 monder. I have gone through the process of downloading and running combofix and got the report as below, now i dont know if the infection is cleaned or not. Kindly assist please. I have the f-secure antivirus installed that does not appear on the task bar after the normal startup, why would this happen and yet it is on the startup items.
Thank you,
Faizal

ComboFix 08-06-04.3 - Tecra 2008-06-05 10:08:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1201 [GMT 3:00]
Running from: C:\Documents and Settings\Tecra\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tecra\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU_1.exe
* Created a new restore point
* Resident AV is active

C:\Documents and Settings\All Users\Documents\220 Accident\Desktop_.ini
C:\Documents and Settings\All Users\Documents\AOL Downloads\Desktop_.ini
C:\Documents and Settings\All Users\Documents\ENU\Desktop_.ini
C:\Documents and Settings\All Users\Documents\evans\AMM2007\Desktop_.ini
C:\Documents and Settings\All Users\Documents\evans\Desktop_.ini
C:\Documents and Settings\All Users\Documents\evans\emails address\Desktop_.ini
C:\Documents and Settings\All Users\Documents\evans\evans\Desktop_.ini
C:\Documents and Settings\All Users\Documents\evans\Evansmug\Desktop_.ini
C:\Documents and Settings\All Users\Documents\evans\Evansmug\docs\bobmorgan\Desktop_.ini
C:\Documents and Settings\All Users\Documents\evans\Evansmug\docs\D... Read more

Read other answers
RELEVANCY SCORE 170.8

Microsoft Security Essentials (MSE) keeps identifying the following malware. Every time I try to delete it, MSE says the deletion is successful, but the problem returns in a few minutes.TrojanDownloader:Win32/Karagany.I
Rogue:Win32/Winwebsec
Looking at the detailed information from MSE, I discovered that there's an undeletable executable that's causing the problems.C:\Users\Default.Default-PC\AppData\Local\gfrzerf.exe
I have the following programs on my computer:ClamWin Antivirus
Comodo Firewall
Microsoft Security Essentials (MSE)
Spybot Search & Destroy
I'v tried to delete the file with Unlocker, which says it requires a reboot first, but the file markedion is still there after the reboot.

I've tried to delete the file with FileAssassin, but it says I don't have the necessary permissions to open the file, even though I'm running FileAssassin as an Administrator.

I've tried to use the following command line functions to delete the file, but it says access denied.CD C:\Users\Default.Default-PC\AppData\Local
DEL gfrzerf.exe

RMDIR DEL /F /Q /A C:\Users\Default.Default-PC\AppData\Local\gfrzerf.exe

DEL C:\Users\Default.Default-PC\AppData\Local\gfrzerf.exe

DEL /F /Q /A C:\Users\Default.Default-PC\AppData\Local\gfrzerf.exe
As per the instructions stickied for posting requests for help, the appropriate DDS logs are attached to this message and presented below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion... Read more

A:Unremovable Viruses "Win32/Karagany.I" and "Win32/Winwebsec" from Undeletable File

Just a quick update. An old related problem re-occured. An infected file I removed before has returned.
TrojanDownloader:Win32/Karagany.I C:\Users\Default.Default-PC\AppData\Local\Temp\oleda0.14743533410625287.exe
This means that now I have two infected files...
C:\Users\Default.Default-PC\AppData\Local\gfrzerf.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\oleda0.14743533410625287.exe
... causing two problems:
TrojanDownloader:Win32/Karagany.I
Rogue:Win32/Winwebsec
I've continued my own Google research and have tried to delete the file using the following command prompt lines, with CMD running in Administrator mode:takeown /f C:\Users\Default.Default-PC\AppData\Local\Temp\oleda0.14743533410625287.exe

icacls C:\Users\Default.Default-PC\AppData\Local\Temp\oleda0.14743533410625287.exe /GRANT ADMINISTRATORS:F

attrib -r -a -s -h del C:\Users\Default.Default-PC\AppData\Local\Temp\oleda0.14743533410625287.exe

DEL /F /Q /A C:\Users\Default.Default-PC\AppData\Local\Temp\oleda0.14743533410625287.exe
Each time returns "acess is denied". I cannot seem to get rid of the infected files.

Read other 2 answers
RELEVANCY SCORE 165.2

I've been having some problems with my computer and I've always somehow managed to work my way around the issues spyware/malware etc. have created but lately it's been getting out of hand.. Some time ago I got a virus or something that made the entire tab under "Processes" dissapear. So I could not see process-names in the task-manager. I have re-installed XP but this problem persists. I have been using a different application to monitor and handle processes.

The problem now is the constant pop-ups generated from this fake anti-virus program calling itself "Anti Virus Pro 2007" or something.. It pops up with fake commercials, and even attach itself into other explorer-windows while I view other pages.

As popups and messageboxes keep popping up, I close them, but after a while windows will open a messagebox telling me "Buffer overrun detected in e:\Windows\system32\explorer.exe" (or \\windows\explorer.exe I don't remember really but you get the idea) and explorer.exe will be terminated, sometimes taking some internet explorer windows along with it, other times explorer.exe just starts up again and all my windows remain.

I used to have Norton but was forced to remove it as it was sucking up all my CPU. It rendered my computer useless, as I mainly use it for gaming.

I've also experienced having the connection between me and my modem broken while beeing on the internet, and I don't know if my computer actually is offline or if -I'm- just... Read more

A:Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or something++

Hello and welcome to TSF

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

Expected logs:

Combofix.txt
HijackThis log

Read other 19 answers
RELEVANCY SCORE 164

Hi All, Happy New Year!

First time posting... On 1/3/08 i ended up with a bunch of viruses on my computer. From what I can gather they are bad news. I down loaded PC Tools to do a search and found a bunch of Trojans and other nasties...

I have uploaded a screen shot of the PC Tools scan...

In the "C:\Program Files\Video Add On" folder the following can't be deleted:
icmtr.dll
icthis
isfmdl.dll
isfmm
isfmntr

In the "C:\Program Files\Helper" folder the following was found:
turbosearchsite.dll e404 Module

What is this? Do I need the file in Helper?

Please help!

PS: I am not a techno savvy guy. I kinda know what is going on but only enough to get myself into trouble and not be able to get out! I tried a few things to get rid of them but was unsuccessful.

From what I have seen I will be here for a bit. Thanks in advance.

bassndude (that's Bass as in the fish not the musical instrument ;-)
 

A:Infected: "Video Add On" and "Helper" folder that contain Trojan viruses...HELP

Read other 16 answers
RELEVANCY SCORE 161.2

First noticed this issue a little while back, but was out of the country and thus away from my computer since then until recently.

I'm noticing a variety of Diverts while surfing the 'net, primarily clicking links outwards from google, as well as various others leading to search sites etc. though sometimes leading back to google (with rather obscene searchs already plugged in.)

WoW Startup also gives me the title message claiming I have a "Trojan-Downloader.Win32.Agent variant" on my computer.

I have run various scans and cleanups etc. and thought I had the problem fully sorted out, but apparently not.

Here's my HJT Log for analysis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:32 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WIND... Read more

A:"Trojan-Downloader.Win32.Agent variant" Detected + Diverts (HJT Log)

Read other 7 answers
RELEVANCY SCORE 161.2

So I stupidly downloaded a virus hidden as an ActiveX control from a site posing as CNN Now I'm getting little system alert pop-ups from my taskbar that say I have a virus called "[email protected]". I know it's totally bogus since "balloon" is spelled incorrectly I also get IE popups that want me to install virus software. When I click the red X to close the windows, they generate more IE popups downloads of more spyware junk.

Please help! PandaScan doesn't want to work for me, so I don't have that. But here's my DSS log. Also, the extra.txt doesn't appear for me, so I don't know what's up with that.

Thank you in advance.


Deckard's System Scanner v20071014.68
Run by Diana on 2008-03-08 23:47:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.27 GiB (less than 15%) free.


-- HijackThis (run as Diana.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:00 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\sp... Read more

Read other answers
RELEVANCY SCORE 161.2

This is a little emabarrasing. You woud have thought I'd have learned my lesson after the last time, but apparently I need a refresher course in not being an idiot.
Once again, browsing for stupid s**t, I allowed an app that looked legit on the face of it. It wasn't.
Only Firefox appears to have been affected by the highjacker. I can provide links to some of the sites it tries to access if required.



DDS (Version 1.0) - NTFSx86
Run by Sir.MadHatter at 23:21:01.18 on 2008-12-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1002 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Avast\Avast4\ashMaiSv.exe
C:\Program Files\Avast\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\C... Read more

A:Firefox hijacked, Avast reports "Win32:Trojan-gen {Other}"

Shouldnt have done the Kaspersky online scan yet. We wont require one till later

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

Read other 6 answers
RELEVANCY SCORE 161.2

Hello;
Did a trojan/virus scan and came-up with a trojan my software can ID but cannot remove. It's referred to only as being in the "GENERAL FAMILY of WIN32 Trojans". I am hoping that the HJT scan below might help identify what I'm deal with here- if someone would please take a look below, I'd appreciate the help-
thank you
Q

HJT SCAN BELOW
______________

Logfile of HijackThis v1.98.0
Scan saved at 4:25:00 PM, on 8/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\user\My Documents\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.oc... Read more

A:Have detected a WIN32 "General Trojan" (HJT Scan included)

Read other 16 answers
RELEVANCY SCORE 161.2

Hi,

It looks like I have some sort of spyware on my computer and can not figure out how to get rid of it. A yellow flashing triangle pops up in my tray saying "System Alert: [email protected]"

Here is what my HijackThis log says. Any help you can offer would be greatly appreciated!!!

Thank you!
Christy

------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:38 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\mrphweax.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\I... Read more

A:"System Alert: Trojan-Spy.win32.mx" bubble keeps popping up

Welcome to TSG

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------
Please go to Start---> Run---> In the space provided, type "%userprofile%\Desktop\ComboFix.exe"/killall
& follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 

Read other 3 answers
RELEVANCY SCORE 161.2

hello,

This site helped me cure my Laptop in the past and now I am in the process of aiding a friend whose IE is being hijacked to a suspected Anti-malware site for a product known as "Ultimate Cleaner 2007". He also keeps getting repetative pop-ups for an alleged virus known as "Worm.Win32.NetSky" which redirects you again to an unknown site.

here is his HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:27:09 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Docume... Read more

A:HJT log for "Ultimate Cleaner 2007" browser hijacking and "Worm.Win32.NetSky" warning

Welcome to TSG

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 3 answers
RELEVANCY SCORE 161.2

when i open world of war craft i get a "Trojan-Downloader.Win32.Agent variant" . has been detected. i have downloaded hijackthis and saved my log can anyone tell me if theres anything i need to fix

Logfile of HijackThis v1.99.1
Scan saved at 8:28:48 PM, on 11/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127... Read more

Read other answers
RELEVANCY SCORE 160.4

Hi Guys

Sorry to bug you with this, but I'm about 2 or 3 weeks in to my issue, and pulling my hair out.

Running Win XP Home, on a small office network.

My initial issue was poor connectivity something was preventing any internet connections.
Avast identified Alureon-FZ on 6/22/2010, , so I looked through the forums and found a very similar thread. Tried running Gmer it never finished without seizing up my machine. Ran the OTS but didnt know what to do with the results, and now the program has disapeared from my machine. I thought I resolved my issue by uninstalling/reinstalling all my adobe and java products. But it seems it has just transformed into a different issue. I have been getting multiple pop up windows that say "this window is busy closing this window may cause problems" initially they happened about 2 or 3 times per day, but now they come about every 45 seconds since yesterday

Avast has also identified Win32:trojan-gen
here is my Hijack This from this am.

Thanks for your time

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:33 AM, on 7/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Softwar... Read more

A:Alureon FZ, Win32:Trojan gen, "This window is busy Box"

Read other 15 answers
RELEVANCY SCORE 160.4

I got a nice virus earlier this week, Zlob iirc, anyways I went through, deleted the proper files etc. have been keeping Trend Micro's Internet Security Pro running + scanning often, but every time I go to open up WoW, it still says I have "Trojan-Downloader.Win32.Agent variant" on my system.

He's my HiJackThis log for interpretation.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:03 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program File... Read more

A:"Trojan-Downloader.Win32.Agent variant"

Note:

Running Fix Wareout won't work, I get a msg:
Unable to execute file:
C:\fixwareout\fixit.bat

ShellExecuteEx failed; code 1155
No application is associated with the specified file for this operation.


and I can't install kaspersky without removing Trend Micro >.>
 

Read other 1 answers
RELEVANCY SCORE 160.4

Hey guys, I completely forgot to add my HijackThis Log.. Sorry

I am running Windows XP Media Center Edition. I have ESET Smart Security. Dell Inpiron 6000 Laptop.

Upon boot up keep getting file error:

"*****".EXE - Unable To Locate Component"
(the asterisk is intended as a file or application name)

"This application has failed to start because mshbobjq.dll was not found. Re-installing the application may fix this problem"

This box is coming up several times, each time a new file or application is name is in place of the "******".

Also: ESET found this... from the log:

2/6/2009 11:32:48 AM Real-time file system protection file C:\WINDOWS\SYSTEM32\MSHBOBJQ.DLL Win32/Agent.BDSK trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Common Files\AOL\1170558247\ee\AOLSoftware.exe.

2/6/2009 11:33:44 AM Real-time file system protection file C:\WINDOWS\SYSTEM32\MSHBOBJQ.DLL Win32/Agent.BDSK trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.

2/6/2009 11:35:37 AM Real-time file system protection file C:\WINDOWS\system32\mshbobjq.dll Win32/Agent.BDSK trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by ... Read more

A:What the heck is this? "Win32/Agent.BDSK trojan"

Read other 16 answers
RELEVANCY SCORE 160.4

just ran a scan with Zonelabs security suite (latest), and it turned this up-
Searches have failed to pull up anything but a few obscure references (which were either on suspicious looking sites I didn't want to visit, or weren't even on the page of the two sites I did-for some reason). Zonelabs advised delete, and reported success, but it would be nice to have some reassurance--
can I assume it's gone completely?
according to ZL,its a full access trojan (complete access to files,keystroke,mouse,the works)
Should I assume it had complete access despite Zonelab's protection?
Is there any way to trace it?
How do I protect against future infection?
It was in the following file,apparently-File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP17\A0005475.dll

Thanks much
 

A:Trojan infection !!"Win32.AdWare.SnowyLunchRush"

Read other 7 answers
RELEVANCY SCORE 158.8

This pop up comes up continuously whenever I open a window in IE; the header says: Critical System Error - then text: "Your browser was hijacked by Trojan.Win32.akk You need to clean your system immediately, in other case it can be crashed soon! Click Ok to download the high-tech antispyware protection software! (Recommended)" I also have a porn site that comes up with a warning in Google everytime I try to do a search. It is the second listing that says: "Google Error - Your browser was hijacked! Some results was changed by porn advertising! You need to clean your system immediately to prevent it! Download the newest antispyware software!"

My kids were trying to find 2 girls and a cup, or something like that, on UTube, and infected me. I have followed all the Steps required. Your help is more than appreciated; I will forever be in debt to my cyber space friend that helps. THANK YOU, THANK YOU, THANK YOU. That does not mean I will not leave a donation, we do live in the material word and words are not enough. So here we go:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(... Read more

A:"Your browser was hijacked by Trojan.Win32.akk.."

Hello and welcome to TSF

I apologise for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems,follow instructions below.

====================

P2P

P2P - I see you have P2P software LimeWire 4.14.10 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

=====================

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Java 2 Runtime Environment, SE v1.4.2_06
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Leave Java(TM) 6 Update 3 installed

WildTangent Web Driver(optional) WildTangent asserts that the software bundle is safe, but many antispyware programs classify it as adware/spyware, mainly because it reports activity and games played to WildTangent servers, such as number of times played, length of time played and machine specifications, such as OS version, processor speed, RAM, and DirectX... Read more

Read other 19 answers
RELEVANCY SCORE 158.8

Yesterday I noticed my computer starting to act funny, and I figured it might be spyware, but stupidly I let it go because I didn't think it was that big a deal. One pop up every now and then with spam or advertising.

Now my computer is seemingly ravaged with problems I did not have 24 hours ago. These include.

- A yellow /!\ icon in my system tray that has a balloon reading "System Alert: [email protected]" "Type: Spyware/Trojan" "Vulnerable: Windows XP, Windows Vista" (I have Windows 2000) "Description: Spyware program that sends confidential information to a remote attacker" "Protection: Click this baloon to download antispyware for Windows."

- A plethora of command prompts load on login and persist for a good minute or two before they all close down. Some of these include "command.com" "cmd.exe" and "ntvdm.exe" (or something like that)

- Extremely slow performance as well as internet connection.

Initially I ran my trial version of avast! Anti-Virus which produced 0 infections. Last night after the problems became very bad, I downloaded and ran Spybot - Search and Destroy which produced multiple infections. After selecting "Fix selected problems", I believe it was 6 infections that could not be healed, all of which were PUPs.

I'm not sure what to do except show you guys my HJT log and hope you can help me. Thank you very much in advance.



Logfile of Trend Mic... Read more

A:"System Alert: [email protected]"

Bump?

Read other 17 answers
RELEVANCY SCORE 158.8

Hijack this log & Kaspersky log attached

A:Please help me "Trojan program Backdoor.Win32.VB.bmv"

in the virus report1 & virus report2.txt file, the shown virus is not getting deleted... it always shows the same report.


9/21/2007 3:53:05 PM File C:\WINDOWS\system32\inetsrv.exe: is still infected, postponed.





And i think "Trojan program Backdoor.Win32.VB.bmv" is cleared.

Read other 1 answers
RELEVANCY SCORE 157.2

Hi

I got a "Solve PC Issues" (white flag) saying "Remove the Win32/Small.CA virus".

I am running MSE (Microsoft Security Essentials) on Windows 7 Pro (x64). So I did an update followed by a full scan using MSE. I then ran
- Malware Anti-Virus
- SUPERAntispyware
- Microsoft Safety Scanner (full scan)
- Windows Defender Offline (booting off a CD)
- AVG Rescue CD
- Avira Rescue CD

But none of them have found any thing!

I am nervous that I still have an infection - particularly after the trouble that I had recently running updates.
(See my thread: "Windows Update failing with Error codes: 8007371B, 800736B3, 80070246"
Windows Update failing with Error codes: 8007371B, 800736B3, 80070246)

Any thoughts?

J

A:How can I be sure if I am still infected with "Win32/Small.CA" virus".

Rerun them in safe mode.

Read other 9 answers
RELEVANCY SCORE 157.2

About a month ago Computer Associates' internet security suite (free through my ISP) told me it couldn't update. Tried a couple of things and gave up. Uninstalled CA and installed AVG Free. Same thing. AVG Free can't update. Today I got a message "attention...trojan spm/lx...etc." with a prompt for a web page, but instead I closed the window from the top right corner. Today I also got a background on my desktop that said "your system is infected, system has been stopped due to a serious malfunction".

I started through some of the threads on this site, and was looking at a promising thread (855938-trojan-spm-lx-infection..) that cybertech posted and instructing kramer8886 to run malwarebytes. I installed malwarebytes and it opens but self closes in a matter of seconds (regardless if I hit quick scan or not).

Some additional symptoms:
1. Can't open computer in Safe Mode
2. Can't use "run" from start menu
3. Can't use volume on computer
4. Malware is redirecting my url choice to its own choices

This is the first virus that I can't seem to deal with myself. Any help is appreciated
 

A:Malware indicates "trojan spm/lx" and "your system is infected"

Windows XP operating system
It has also disabled my Task Manager and is currently running something in the background
 

Read other 2 answers
RELEVANCY SCORE 156

Deckard's System Scanner v20071014.68
Run by Robert on 2008-08-02 13:41:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-08-02 12:41:38 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-08-02 12:29:33 UTC - RP3 - Installed WinZip 11.2
2: 2008-08-02 02:25:07 UTC - RP2 - Go
1: 2008-08-02 02:24:07 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Robert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:23, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~... Read more

A:I think it could be "Trojan-spy.win32.GreenScreen"

I also done a Active scan online and this is what i got:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-02 16:25:21
PROTECTIONS: 1
MALWARE: 25
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040467 adware/elitebar Adware No 1 Yes No hkey_classes_roo... Read more

Read other 2 answers
RELEVANCY SCORE 156

My PC has recently displayed a pop-up. It's only displayed when I try to open an explorer window, and when I open certain folders, but only some, not all. Also, I have not noticed a pattern to the folders that display it. I am running Windows XP Home SP2. Any help would be really appreciated, and thanks in advance.

My HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:48:25 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Video - {02788C74-8A3E-455D-9820-59784297DF96}... Read more

Read other answers
RELEVANCY SCORE 155.6

Hi.. My scanner showed that my system was infected with these 2 virus' and I need help removing them as I have read that they are very bad. Any help is greatly appreciated. I have attached and pasted what I believe is required. Thank you in advance!

Hijackthis.log
------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:35, on 6/23/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Common F... Read more

A:"Win32:Alureon-er" and "badcab-k" removal help needed!

Read other 3 answers
RELEVANCY SCORE 155.6

I noticed my computer is not starting up the same as it use to. I used Ad-Aware SE and it found "Win32.Mydoom.A". When i clicked to delete the file a popup screen said "Some objects could not be removed, Try closing browser windows prior to the removal. If this does not help, reboot and run Ad-Aware again."
The files were "c:\windows\system32\wmimgr32.dll". This file address was listed 13 times.
After I rebooted the system I got the same message.
I also tried and used xoftspy and superantispyware with no luck, then I tried to delete "wmimgr32.dll" manually but wasn't allowed to.
Logfile of HijackThis v1.99.1
Scan saved at 10:17:07 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGR... Read more

A:Solved: "Win32.Mydoom.A" and "wmimgr32.dll" problem

Read other 16 answers
RELEVANCY SCORE 152.8

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

Read other 16 answers
RELEVANCY SCORE 152.4

Hi there!

I need some help pretty please! My other half was surfing the net yesterday and visited some errr, well, websites that blokes like to surf around on if you see what I mean.

Anyway, he confessed that something "tried to install itself" when he clicked on some link and that our virus software (Norton 360) picked it up and put it into quarantine. However, when I tried to log onto the PC this morning, the Norton Software didn't work at all, wouldn't boot up, nothing. Also, we weren't able to connect to the internet either. I then installed a Kapersky trial software to run a virus check on the PC and also installed the Spysweeper. Neither detected any viruses but Norton was still not working and neither was the internet. In the end I uninstalled the Norton software which also seemed to have fixed the problem with the internet connection.

The problem I have now is that when I rebooted the PC, Kapersky came up with all sorts of Trojans that it was unable to fix. One of them being "Trojan.win32.pakes.bpw". I've run out of ideas how to get the PC clean again....can anyone help please??

HJT log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:22, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.ex... Read more

A:Help please - Trojan "trojan.win32.pakes.bpw" and more

Read other 8 answers
RELEVANCY SCORE 151.6

Hi!

First post here :-)

I followed the 5 steps described in the sticky.
Here's the problem: my Norton antivirus is bombing me with alert messages about dialer.trojan files in my pc, several can't be removed. I attached a .txt copy of the virus alert log (too extensive for cut/paste)

I'm also getting the "spyware removal wizard" pop-up very often.

When trying to run Ad-Aware, the software starts the scanning process and after a few minutes the computer shuts down and reboots. After reboot I get the message "winlogon.exe encountered a problem and needed to close"

I've been working on this all day with no luck :-(

I ran a system scan with Norton Antivirus, Pandasoftware ActiveScan Pro (log attached), security.symantec.com, ewido anti-spyware, Spybot-Search and destroy, Ad-Aware (failed, see above), cwshredder. I have SpywareGuard, SpywareBlaster and ZoneAlarm always active.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:25:05 AM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Syst... Read more

A:dialer.trojan and "spyware removal wizard" issues

I see from the HJT log there are several unwanted tools in my computer, should I just find the files and erase them manually?

D.

Read other 14 answers
RELEVANCY SCORE 151.2

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

A:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

Read other 8 answers
RELEVANCY SCORE 149.2

I've done everything I was supposed to do except I can't make hijack this it's own folder in C :P I don't know why. Anyway, here is my log. I appreciate your time and look forward to your advice!
Thanks in advance!

Logfile of HijackThis v1.97.7
Scan saved at 9:46:45 PM, on 9/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program ... Read more

A:Multiple pop-ups and virus eTriust calls "!update.exe" or win32/clspring.FH"

You are using an outdated version of HiJackThis. Please click on the link below to download the latest version:
http://www.bleepingcomputer.com/file...ckthis_sfx.exe

1. Delete your current HiJackThis.exe file
2. Double-click on the file you just downloaded.
3. Click on the "Unzip" button to install the newer version.
4. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

I require your next HJT log to be from this newer version

Read other 10 answers
RELEVANCY SCORE 148

Hello,

Well this one is interesting - there are two main syptoms I noticed which made me think I have a problem. Ironically, I hadn't used the computer in about 2 weeks, and noticed these issues immediately.

1) Vipre identified a "Desktop.ini" Trojan, and asked me to reboot. Yet when i reboot, the problem was not fixed - instead, the message just keeps poping back up.

2) I figured i'd try to update Windows, yet the update functionality is not working - it asks me to reboot, yet rebooting does not allow me to update windows.

3) I use "Postgres" Database for one games i play online (online poker). Yet, this service will not run.

Other than the 3 symptoms above, there is nothing else (i.e// browser redirects) which are affecting my computer.

I'm posting the required documents below, and appreciate all the help. Thanks so much.

I also, as stated in the guide, do not believe i have access to my old boot/windows CD (really don't know where these are - but could potentially dig up if required). I am on a dell computer.

Also when running GMER - i kept getting problems regarding "not found hard disks/drives" - so i ran simply with "Sections and C:\" selected as per guide.

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.4.1
Run by Andrew at 23:08:56 on 2013-03-26
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.3069.1602 [GMT -4:00]
.
AV: GFI Software V... Read more

A:Multiple "Trojans" / "Desktop.ini" Trojan via Vipre

Hello!

I am currently reviewing your logfiles and will assist you shortly with instructions. Please be patient.

Meanwhile: Please subscribe to this thread if you have not done already and please don't do any other scans on your own and don't install or remove software. Thank you!

Read other 18 answers
RELEVANCY SCORE 147.2

Hi,

This is my first post, but I've heard wonderful things about the helpfulness of people here! So I'd appreciate it if you could direct some expertise my way...

My anti-virus program keeps telling me I have an infected file, which I've researched and it seems that the file is a system resport file. The file is "Win32/Spax!generic". For some reason none of my other malware programs detect it, and my anti-virus software never detects it in a scan, but it does pop up randomly to tell me about it. So, I've tried setting a new system restore point, which doesn't help, so can anyone tell me if there's a way to find the file of my system restore point and delete it manually?

Many thanks in advance

Nick
 

A:"Win32/Spax!generic" infected file

Welcome to TSG

Click Here to download HJTsetup.exe:

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 145.6

here's my Kaspersky log..
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 13, 2008 8:50:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/01/2008
Kaspersky Anti-Virus database records: 510009
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 100546
Number of viruses found: 2
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:36:39

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is lo... Read more

A:my pc is infected with "Virus.Win32.AutoRun.abt"

Read other 7 answers
RELEVANCY SCORE 145.6

here's the kaspersky online scanner log..
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 13, 2008 8:50:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/01/2008
Kaspersky Anti-Virus database records: 510009
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 100546
Number of viruses found: 2
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:36:39

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFA... Read more

A:please help me.. my pc is infected with "Virus.Win32.AutoRun.abt"

Logfile of HijackThis v1.99.1
Scan saved at 8:42:34 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Synaptics... Read more

Read other 2 answers
RELEVANCY SCORE 145.6

Heres my HJT Log I NEED HELP PLEASEE

Logfile of HijackThis v1.99.1
Scan saved at 6:11:21 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:... Read more

Read other answers
RELEVANCY SCORE 144.4

My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar was represented with a big custom icon to save eye strain. I had them installed in opposite vertical margins, and they were set on auto-hide to keep them out of the way when not being used. Just move your mouse pointer to the left or right margin, and BAM! Sorry for the cliche, but I really got used to the convenience of what I had set up, and I just don't think I can be as efficient without anything comparable.

Now there appears to be nothing comparable in the Windows 7 GUI, and it's making me sick with rage! I see only the option to put a "toolbar" on an existing "taskbar", and no option to create any additional taskbars! This cramps up your one-and-only taskbar, plus the tiny toolbar access buttons require way too much precision for anything that's supposed to be quick. When you've figured out how to bring up that ridiculous button, the list that it yields is small enough to cause painful eyestrain - nothing efficient, much less cool about this at all! I have seen customization options in other OS GUIs that may have resolved some of these issues, but I see none such in W7.

I have tried every google search string that I can think of, and found... Read more

A:Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"

Several possibilities here: Second taskbar in windows7? [Solved] - Windows 7 - Windows 7

Read other 1 answers
RELEVANCY SCORE 144

Maybe you can help... I found a virus or trojan (don't really know which) and was able to boot in safe mode and disable it at startup. I don't think it bothers my system anymore but I'd like to know a safe way to remove it, but when I look up either name above I find absolutely nothing.

When I look in System Config, under the Startup programs where I disabled this, it reads as:

Startup Item: gutigiwiz
Manufacturer: Unknown
Command: Runndll32.exe "c:\progra~2\yavuhoki\yavuhoki.dll",a
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Has anyone heard of this, and can you give me a hand? I'd really appreciate it, thank you. ~RTG

A:Virus/Trojan -- "gutigiwiz" and "yavuhoki.dll"

Hi and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

Read other 1 answers
RELEVANCY SCORE 144

Hi,

When our website users click on an html attachment embedded on a web-page in IE9, the download manager will not display the "Open" option. It will only display "Save" and "Cancel" which our users don't like, having to save the
html document in a folder to open it. Whereas, when downloading attachments like pdf, word etc. all three options are displayed. 

Is there any setting to tweak , which will display all the 3 options for HTML attachments as well?

A:IE9 download manager will not display "Open" option (only "Save" and "Cancel" is displayed) for downloading HTML documents.

Hi,
As you know, the Open-Save-Cancel dialog box helps you prevent your computer from affecting by virus while downloading. 
So I suggest you test to reset all zones to a lower level temporarily and then please attempt to download this html attachment again.

However, since you can normally download the other documents, I suspect there is some restriction in the website which you are trying to view. I recommend you to contact the administrator of that website if possible.
could you please send me the link of the website from where you are trying to download the html attachment?
Thanks!


We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Read other 6 answers
RELEVANCY SCORE 144

I got my dell few days ago. Installed it with Samsung EVO 850 SSD 500 Gb and Kingston 8GB PC3L - 12800 SODIMM.The Windows 10 Home OEM home is installed on HDD 1TB so I decided to use Samsung Data Migration software to clone the data to SSD. However, the OS crashed and decided to install a fresh Windows 10 Enterprise to SSD and deleted the previous OS on HDD using diskpart.Now after Installing Windows 10 Ent OS files. Every after BIOS run, I got BSOD errors "MEMORY MANAGEMENT" + "Page Fault it non paged area" + "IRQL NOT LESS OR EQUAL" 

Read other answers
RELEVANCY SCORE 143.6

Hi first of all thanks for what you do I love this site its been a lifesaver to me many times.
I use Microsoft Security Essentials and these viruses where detected.

"pws:win32/fareit" "backdoor.Win32.cycbot.B" "backdoor.Win32.cycbot.G"

after using the "remove selected" option from Microsoft Security Essentials several minutes later the viruses where detected once again. I used the "remove selected" option again.

Now Microsoft Security Essentials hasn't altered me of anything within a substantial amount of time but I'm still weary of the virus hanging around somewhere on my computer. It should be noted that at the same time my MSE(MicrosoftSE) caught the virus I was doing a Malware bytes antimalware scan and did a "removal" of what it found. Maybe the two scanners clashed and didn't effectively remove something

I had to change my settings in Firefox so I could access the internet, a proxy was changed
All in all. I think the virus is gone. I Know that a Hijack log can confrim this but I'm not good at reading those.

Can you please take a look at my log and let me know if I have anything going on?
Thanks again for your help, you guys are great. Heres the HJ log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:28:24 PM, on 11/19/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (... Read more

Read other answers