Over 1 million tech questions and answers.

2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

Q: 2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

Hello, I was told to post here by the moderator. Here's the scoop: I was infected with a virus and didn't have any protection on my PC. I went out and bought Kaspersky Internet Security 2009. My original problem was that the virus was not allowing me to surf the internet with out popups and redirects. After running the Kaspersky software it cleaned up a bunch of issues but has gotten to a point were it cannot clean the last two issues. It recognizes them and marks them for deletion but asks me to reboot in order to delete. After I reboot it just finds the viruses again and I repeat the process endlessly.

I went through some troubleshooting steps with a Kaspersky rep and she decided that she had exhausted all options and asked me to format the computer. That is not an option and I don't believe that there is no hope of cleaning the virus. I am in need of someone with a little more expertise and vigilance.

The two issues are described below as listed by the Kaspersky software:
1. Trojan-Cliker.win32.delf.cbe - Object: C:\windows\system32\gznvqkei.dll
2. Rootkit.win32.Podnuha.a - Object: System Memory

When I try to manually delete the gznvqkei.dll file I get an "Access Denied" error.

The Kaspersky rep did have me run the combofix software but it did not solve the issue. She had me run a custom script from within the AV software that was designed to delete the troubled files to no avail. She also had me create a boot disk but when using the boot disk it does not recognize my hard drive so I can't select it for a scan. She gave up on me after that.

I am not sure what my next step should be and hope that someone on this forum can help me other than suggesting to format. I use Microsoft Windows XP Professional.

Thank you in advance

I have attached the requested log files as well as a few screenshots that might help illustrate the issue.
DDS.txt log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by DANIEL at 2:36:37.85 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.474 [GMT -7:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\MCECardBusTV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SMC\SMC283~1.4GH\PRISMSVR.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\DANIEL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: : {265fd4bd-e7aa-4450-9fd6-80678894ae58} - c:\windows\system32\byhvbvy.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [MCECardBusTV] c:\windows\system32\MCECardBusTV.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smc283~1.lnk - c:\program files\smc\smc2835w 2.4ghz 54 mbps wireless cardbus adapter\SMC11GMonitor.exe
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://smc-notes.smc.com/iNotes6W.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader.cab
DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} - hxxp://onesite.realpage.com/coreglobal/RealpageCab/Realpage.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://24.248.96.243/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {43765B09-A947-4FF9-9DF6-197327055850} = 68.4.16.20,68.4.16.29
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
Notify: WB - c:\program files\alienguise\fastload.dll

============= SERVICES / DRIVERS ===============

R0 cqhcyenc;cqhcyenc;c:\windows\system32\drivers\cqhcyenc.sys [2004-8-10 23424]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-4-27 226832]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 206088]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-5-5 230448]
R3 SMC2835W_PCI;SMC2835W 2.4GHz 54 Mbps Wireless Cardbus Driver;c:\windows\system32\drivers\2835WICB.sys [2006-1-12 385920]
S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891]
S3 MSPANEL;Motorola AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2004-3-29 49024]
S3 PhTVTune;AVerMedia TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2004-11-23 28800]

=============== Created Last 30 ================

2009-05-16 17:58 90 a--sh--- c:\windows\klif.spi
2009-05-09 10:27 <DIR> --d----- c:\program files\iPod
2009-05-09 10:27 <DIR> --d----- c:\program files\iTunes
2009-05-09 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-30 21:48 161,792 a------- c:\windows\SWREG.exe
2009-04-30 21:48 98,816 a------- c:\windows\sed.exe
2009-04-28 14:35 <DIR> --d----- c:\windows\pss
2009-04-28 10:48 6,786 a------- c:\windows\system32\%LocalXml%
2009-04-27 12:29 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-04-27 12:29 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-04-27 12:27 2,924,576 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-27 12:27 532,512 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-27 12:27 23,928 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-27 12:27 2,900 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-27 12:27 <DIR> --d----- c:\program files\Kaspersky Lab
2009-04-27 12:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-04-27 12:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

==================== Find3M ====================

2009-05-07 16:32 143,872 a------- c:\windows\system32\gznvqkei.dll
2009-04-30 21:59 102,912 a------- c:\windows\system32\wjlzqog.dll
2009-04-28 12:18 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2008-10-03 18:18 18,312 a------- c:\docume~1\daniel\applic~1\GDIPFONTCACHEV1.DAT
2008-09-05 18:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 2:38:11.10 ===============
Here is a snippit from a Kasperky log that I created some weeks ago. It was way to big for me to attach so I am just pasting a little bit:
Date: Today (events: 26879)
Protection (events: 26879)
5/3/2009 10:33:57 PM Protection is not running Kaspersky Internet Security
5/3/2009 10:32:07 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 10:31:55 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 10:30:41 PM Threats have been detected Kaspersky Internet Security
5/3/2009 10:29:10 PM Protection is not running Kaspersky Internet Security
5/3/2009 10:28:54 PM Untreated Kaspersky Internet Security AVZ Guard error: C0000034
5/3/2009 9:02:10 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/3/2009 9:02:10 PM Threats have been detected Kaspersky Internet Security
5/3/2009 9:02:10 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 3:00:45 AM Protection is not running Kaspersky Internet Security
5/3/2009 1:42:59 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 1:42:57 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 1:42:44 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/3/2009 1:42:44 AM Threats have been detected Kaspersky Internet Security
5/3/2009 1:42:44 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 5:33:51 PM Protection is not running Kaspersky Internet Security
5/2/2009 2:31:17 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 2:31:14 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 2:31:05 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/2/2009 2:31:05 PM Threats have been detected Kaspersky Internet Security
5/2/2009 2:31:05 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 6:36:09 AM Protection is not running Kaspersky Internet Security
5/2/2009 3:31:03 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 3:31:00 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 3:30:50 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/2/2009 3:30:50 AM Threats have been detected Kaspersky Internet Security
5/2/2009 3:30:50 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 2:30:56 AM Protection is not running Kaspersky Internet Security
5/1/2009 10:50:21 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 10:50:19 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 10:07:07 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/1/2009 10:07:07 PM Threats have been detected Kaspersky Internet Security
5/1/2009 10:07:06 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 5:12:46 PM Protection is not running Kaspersky Internet Security
5/1/2009 3:13:29 PM Restored from quarantine Kaspersky Internet Security c:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
5/1/2009 9:36:12 AM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir Written to report
5/1/2009 9:36:12 AM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
5/1/2009 9:35:08 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 9:35:02 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 9:32:39 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/1/2009 9:32:39 AM Threats have been detected Kaspersky Internet Security
5/1/2009 9:32:39 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 9:30:52 AM Protection is not running Kaspersky Internet Security
5/1/2009 9:16:48 AM Threats have been detected Kaspersky Internet Security
5/1/2009 8:31:03 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 8:31:00 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 8:29:35 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/1/2009 8:29:35 AM Threats have been detected Kaspersky Internet Security
5/1/2009 8:29:35 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 3:17:36 AM Protection is not running Kaspersky Internet Security
5/1/2009 12:05:34 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 12:05:30 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 12:03:39 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/1/2009 12:03:39 AM Threats have been detected Kaspersky Internet Security
5/1/2009 12:03:39 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 11:51:45 PM Protection is not running Kaspersky Internet Security
4/30/2009 10:31:24 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:31:20 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:30:02 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/30/2009 10:30:02 PM Threats have been detected Kaspersky Internet Security
4/30/2009 10:30:02 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:28:09 PM Protection is not running Kaspersky Internet Security
4/30/2009 10:27:36 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:25:45 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:25:25 PM Threats have been detected Kaspersky Internet Security
4/30/2009 10:03:49 PM Protection is not running Kaspersky Internet Security
4/30/2009 10:02:48 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/30/2009 10:02:48 PM Threats have been detected Kaspersky Internet Security
4/30/2009 10:02:48 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 9:46:46 PM Protection is not running Kaspersky Internet Security
4/30/2009 8:41:51 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/30/2009 8:41:51 PM Threats have been detected Kaspersky Internet Security
4/30/2009 8:41:51 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 2:36:10 AM Protection is not running Kaspersky Internet Security
4/29/2009 9:06:45 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:05:09 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:04:50 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/29/2009 9:04:50 PM Threats have been detected Kaspersky Internet Security
4/29/2009 9:04:50 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:03:16 PM Protection is not running Kaspersky Internet Security
4/29/2009 9:41:22 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:41:18 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:40:59 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/29/2009 9:40:59 AM Threats have been detected Kaspersky Internet Security
4/29/2009 9:40:59 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 2:47:24 AM Protection is not running Kaspersky Internet Security
4/28/2009 8:08:48 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 8:08:40 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 8:08:08 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 8:08:08 PM Threats have been detected Kaspersky Internet Security
4/28/2009 8:08:08 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 7:59:10 PM Protection is not running Kaspersky Internet Security
4/28/2009 4:11:47 PM Deleted: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0467AEE0-45E4-462C-B86F-E7C3157BAE9d}
4/28/2009 4:11:47 PM Disinfected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security HKCR\{0467aee0-45e4-462c-b86f-e7c3157bae9d}\InprocServer32
4/28/2009 4:11:38 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 4:11:34 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 4:11:04 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 4:11:04 PM Threats have been detected Kaspersky Internet Security
4/28/2009 4:11:04 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 3:58:20 PM Protection is not running Kaspersky Internet Security
4/28/2009 3:54:33 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 3:54:12 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 3:54:00 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 3:54:00 PM Threats have been detected Kaspersky Internet Security
4/28/2009 3:54:00 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 3:52:09 PM Protection is not running Kaspersky Internet Security
4/28/2009 2:46:08 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 2:46:08 PM Threats have been detected Kaspersky Internet Security
4/28/2009 2:46:08 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 2:44:13 PM Protection is not running Kaspersky Internet Security
4/28/2009 2:42:57 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 2:42:46 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 2:41:32 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 2:41:32 PM Threats have been detected Kaspersky Internet Security
4/28/2009 2:41:32 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 2:39:38 PM Protection is not running Kaspersky Internet Security
4/28/2009 1:03:50 PM Threats have been detected Kaspersky Internet Security
4/28/2009 1:02:43 PM Databases are obsolete Kaspersky Internet Security
4/28/2009 1:01:03 PM Protection is not running Kaspersky Internet Security
4/28/2009 12:58:32 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 12:58:32 PM Threats have been detected Kaspersky Internet Security
4/28/2009 12:58:32 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 12:56:42 PM Protection is not running Kaspersky Internet Security
4/28/2009 12:51:22 PM Restored from quarantine Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 12:51:22 PM Restored from quarantine Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 12:51:02 PM Threats have been detected Kaspersky Internet Security
4/28/2009 12:49:24 PM Protection is not running Kaspersky Internet Security
4/28/2009 12:48:36 PM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe Written to report
4/28/2009 12:48:36 PM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 12:47:41 PM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe Written to report
4/28/2009 12:47:41 PM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 12:46:45 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 12:46:43 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 12:46:34 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 12:36:44 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 12:36:40 PM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe Written to report
4/28/2009 12:36:40 PM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 12:35:42 PM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe Written to report
4/28/2009 12:35:42 PM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 12:34:45 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 12:34:25 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 12:20:43 PM Threats have been detected Kaspersky Internet Security
4/28/2009 12:18:30 PM Restored from quarantine Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 12:18:29 PM Restored from quarantine Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 12:18:26 PM Protection is not running Kaspersky Internet Security
4/28/2009 12:15:10 PM Databases are obsolete Kaspersky Internet Security
4/28/2009 12:10:03 PM Some components are disabled Kaspersky Internet Security
4/28/2009 11:50:11 AM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe Written to report
4/28/2009 11:50:11 AM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 11:49:18 AM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe Written to report
4/28/2009 11:49:18 AM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 11:48:07 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 11:47:59 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 11:47:34 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 11:47:34 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 11:47:34 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 11:45:41 AM Some components are disabled Kaspersky Internet Security
4/28/2009 11:42:20 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 11:42:20 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 11:42:20 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 11:40:25 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:53:41 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:47:01 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:46:00 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:45:29 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:45:29 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:45:29 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:33:59 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:33:59 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:33:59 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:32:13 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:27:44 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:27:44 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:27:44 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:25:42 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:24:48 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:22:14 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:22:14 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:22:14 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:20:11 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:13:24 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:13:17 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:12:49 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:12:49 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:12:49 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:10:40 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:09:41 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:09:08 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:08:22 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:08:20 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:08:15 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:06:22 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:02:47 AM Some protection components are not running Kaspersky Internet Security
4/28/2009 10:02:36 AM Automatic updates are disabled Kaspersky Internet Security
4/28/2009 1:29:26 AM Some protection components are not running Kaspersky Internet Security
4/28/2009 1:29:14 AM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 11:58:31 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 11:58:31 PM Databases are out of date Kaspersky Internet Security
4/27/2009 11:58:29 PM Some protection components are not running Kaspersky Internet Security
4/27/2009 8:48:19 PM Some components are disabled Kaspersky Internet Security
4/27/2009 8:44:52 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 8:33:15 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 7:45:10 PM Some components are disabled Kaspersky Internet Security
4/27/2009 6:38:29 PM Some protection components are not running Kaspersky Internet Security
4/27/2009 6:37:39 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 4:11:48 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 12:53:02 PM PRODUCT_STATE(56) Kaspersky Internet Security
4/27/2009 12:39:32 PM Automatic updates are disabled Kaspersky Internet Security
Protection (events: 26879)
5/3/2009 10:30:41 PM Task started Kaspersky Internet Security Files and Memory
5/3/2009 9:01:57 PM Task started Kaspersky Internet Security Files and Memory
5/3/2009 1:42:30 AM Task started Kaspersky Internet Security Files and Memory
5/2/2009 2:30:49 PM Task started Kaspersky Internet Security Files and Memory
5/2/2009 3:30:35 AM Task started Kaspersky Internet Security Files and Memory
5/1/2009 10:06:53 PM Task started Kaspersky Internet Security Files and Memory
5/1/2009 9:32:25 AM Task started Kaspersky Internet Security Files and Memory
5/1/2009 8:29:37 AM Task started Kaspersky Internet Security Files and Memory
5/1/2009 12:03:25 AM Task started Kaspersky Internet Security Files and Memory
4/30/2009 10:29:47 PM Task started Kaspersky Internet Security Files and Memory
4/30/2009 10:25:25 PM Task started Kaspersky Internet Security Files and Memory
4/30/2009 10:02:37 PM Task started Kaspersky Internet Security Files and Memory
4/30/2009 8:42:45 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/30/2009 8:42:45 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/30/2009 8:41:39 PM Task started Kaspersky Internet Security Files and Memory
4/29/2009 9:06:05 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:06:05 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:04:38 PM Task started Kaspersky Internet Security Files and Memory
4/29/2009 9:00:35 PM Detected: Trojan-Clicker.Win32.Delf.cbe FIXVUNDO.EXE C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:42:20 AM Cannot be deleted: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:42:06 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:41:56 AM Detected: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:41:53 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:40:46 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 8:09:04 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 8:09:00 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 8:08:58 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 8:07:53 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 4:12:04 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 4:12:01 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 4:12:00 PM Detected: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 4:11:59 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 4:10:51 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 3:54:58 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 3:54:53 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 3:54:51 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 3:53:44 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 2:46:57 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 2:46:57 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 2:45:55 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 2:42:47 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 2:42:46 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 2:41:16 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 1:03:50 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 1:03:50 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 1:02:44 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 12:59:28 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:59:28 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:58:19 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 12:52:27 PM Deleted: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0467AEE0-45E4-462C-B86F-E7C3157BAE9d}
4/28/2009 12:52:27 PM Disinfected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application HKCR\{0467aee0-45e4-462c-b86f-e7c3157bae9d}\InprocServer32
4/28/2009 12:52:13 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:52:13 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:51:03 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 12:46:02 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:46:02 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:46:00 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:46:00 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:59 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:59 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:59 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:59 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:53 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:53 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:52 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:52 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:52 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:52 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:09 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:09 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:36:56 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Internet Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:36:56 PM Detected: Trojan-Clicker.Win32.Delf.cbe Internet Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:27:57 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:27:57 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:27:21 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:27:20 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:26:44 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:26:44 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:26:28 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:26:28 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:26:06 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:26:06 PM Detected: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:25:44 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:25:44 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:25:22 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:25:22 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:18:28 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 12:15:11 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 11:48:33 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:48:29 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:48:26 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:47:19 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 11:43:26 AM Detected: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:43:26 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:43:10 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:43:10 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:42:04 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:46:29 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:46:29 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:45:15 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:35:19 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:35:19 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:33:46 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:31:17 AM Detected: Trojan-Clicker.Win32.Delf.cbe Internet Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:31:17 AM Detected: Trojan-Clicker.Win32.Delf.cbe Internet Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:29:08 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:28:38 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:28:38 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:27:25 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:21:47 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:12:17 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:10:33 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.nu SYSGUARD.EXE C:\WINDOWS\SYSGUARD.EXE
4/28/2009 10:10:30 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.nu SYSGUARD.EXE C:\WINDOWS\SYSGUARD.EXE
4/28/2009 10:10:28 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.nu SYSGUARD.EXE C:\WINDOWS\SYSGUARD.EXE
4/28/2009 10:10:26 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.nu SYSGUARD.EXE C:\WINDOWS\SYSGUARD.EXE

RELEVANCY SCORE 200
Preferred Solution: 2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: 2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

Hello dmacc01.If you still have the same issues, you may consider the following. But first, be absolutely aware that having the system without an antivirus program is an extremely dangerous thing.Let's have you create a restore point (at this time). 1. Right click the My Computer icon on the Desktop and click on Properties.2. Click on the System Restore tab.3. If there is a check mark next to "Turn off System Restore on all drives", then click on the line to clear it.4. If C is your system drive (as it is in most cases) and you see other drives monitored in the list (like D, E, etc) click on the other drives, press Settings button, and get the other drives turned off.5. we only want to monitor the drive with Windows o.s.If you are unable to activate System Restore or if the service is disabled, then.....from the Start button > RUN option .... type in services.msclook for System Restore serviceIf it is listed as off or inactive, press on the link at top left to Start it.Next, See and do as outlined here http://bertk.mvps.org/html/createrp.htmlAfter that, also do this:1. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.=1. Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. 2. Take out the trash (temporary files & temporary internet files) Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.Start ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser, do this also:Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. ATF-Cleaner should be run per the above in every user-login account {User Profile} = Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exeClose all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!Exit OTListIt2 by clicking the X at top right.Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it! If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.Then copy/paste the following into your post (in order):the contents of OTListIt.txt;the contents of Extras.txt ; andthe contents of checkup.txt Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Read other 4 answers
RELEVANCY SCORE 225.6

Hello, I was infected with a virus and didn't have any protection on my PC. I went out and bought Kaspersky Internet Security 2009. My original problem was that the virus was not allowing me to surf the internet with out popups and redirects. After running the Kaspersky software it cleaned up a bunch of issues but has gotten to a point were it cannot clean the last two issues. It recognizes them and marks them for deletion but asks me to reboot in order to delete. After I reboot it just finds the viruses again and I repeat the process endlessly.

I went through some troubleshooting steps with a Kaspersky rep and she decided that she had exhausted all options and asked me to format the computer. That is not an option and I don't believe that there is no hope of cleaning the virus. I am in need of someone with a little more expertise and vigilance.

The two issues are described below as listed by the Kaspersky software:
1. Trojan-Cliker.win32.delf.cbe - Object: C:\windows\system32\gznvqkei.dll
2. Rootkit.win32.Podnuha.a - Object: System Memory

When I try to manually delete the gznvqkei.dll file I get an "Access Denied" error.

The Kaspersky rep did have me run the combofix software but it did not solve the issue. She had me run a custom script from within the AV software that was designed to delete the troubled files to no avail. She also had me create a boot disk but when using the boot disk it does not recognize my hard drive so ... Read more

A:2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

Probably you best chance is to submit a HJT logPlease read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another r... Read more

Read other 3 answers
RELEVANCY SCORE 165.2

Hello,My name is Raj and I am a new member to this forum. Let me thank you, first of all, for all the help you all provide with solving these nasty issues. Now here is my situation.My problems started when my IE web pages did not load inspite of having good wireless connection. I ran AVG free and got the web browsing back. But then my CMD and regEdit tools would not work. I ran Spybot S&D but it did fix my issue. In addition my desktop stopped loading. I could use ctrl+alt+delete to get task manager and then use File -> Create New task to run explorer.exe. This would get my desktop back but only intermittently. Then I decided to buy Kaspersky. I was totally disappointed with it. It detected several malware but it could not cure Trojan-Clicker.win32.delf.cbe and Rootkit.win32.podnuha.a infections. It would try to delete these files, ask me to restart the computer and would not delete the files after the restart. Each time I restart the computer, it would detect these, try to delete, ask me to restart and the cycle continued. On top of the I lost my CMD and reggedit tools again. I tried to run dds.scr with the hope of getting you all the dds logs but my CMD tool does not work. In addtion whenever I tried to run 'cmd' I would lose my desktop (if I happend to get it back comehow).So instead of giving you attach.txt I can only give HT logs at this point. Hope you can help me out and I appreciate your help very much.ThanksRaj P.S : I could not attached the log... Read more

A:Trojan-Clicker.win32.delf.cbe and Rootkit.win32.podnuha.a infections

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 12 answers
RELEVANCY SCORE 139.6

My pc is infected with Win32/Rootkit.Podnuha.trojanwhen i searched for the problem in google i found out this forum i immediately looked at few topics another guy from this forum was facing same problem .My Nod32 picks up this file as a trojan it shows some kbd......dll file but nod32 fails to delete the file . when i try to delete it myself even then it doesnt get deletedso after i looked up for the similar threads in this forum http://www.bleepingcomputer.com/forums/t/192270/win32rootkitpodnuhatrojan-please-help/i found that a student of this forum was helping a guy and asked him to download COMBOFIX AND ROOTAPPEAL and post the logs . well i was in a hurry so i just downloaded both of them run it on my pc and i have the logs saved in my pc for both of the program . so should i post the logs ?one more thing ..when i run combofix it said that session expired but still i continued and it gave results.please guide me to remove this trojan from my PC . Thanks in advance

A:Infected with Win32/Rootkit.Podnuha.trojan

ComboFix and HJT logs cannot be reviewed in this section of the forum. Those must be posted to this forum: HJT ForumA HJT team member should be with you shortly to help assess the logs. Thanks!~

Read other 1 answers
RELEVANCY SCORE 139.6

Hi there,
I have Intel Core 2 Quad Q6600 @2.40GHz 4GB DDR2 ram and a 500GB SATA harddisk with Windows xp SP2 and 40GB hardisk installed in my pc.My computer has been infected with a virus which Eset Smart Security 4 detects as "Win32/Rootkit.Podnuha trojan" due to which i have lost my partition many times event after a complete format and making new partitions it pops up again,appearently the computer works fine but some times it freezes and when i restart it manually some critical system files are deleted and i have to insert win cd to repair them the setup say bootsector virus detected write? and when i press y the whole partition is deleted.The torjon also creates files in system32 directory like "askorea.dll,cabvie.dll,comprop.dll" which i am unable to clean.Please help me.
Logfile of HijackThis v1.99.1
Scan saved at 7:08:58 PM, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService... Read more

A:Infected with Win32/Rootkit.Podnuha trojan

Read other 6 answers
RELEVANCY SCORE 136.8

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 15:38:19.37 on Thu 03/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.75 [GMT -7:00]

AV: The Shield Deluxe 2008 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\... Read more

A:infected with detected: Trojan program Rootkit.Win32.Podnuha.bsh

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Edit..Extra note..Please uninstall the Ask Toolbar, because that one is not recommended.

Read other 26 answers
RELEVANCY SCORE 132

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 124.4

Listed as and Alcohol 120% browser helper object but is a trojan - picked up during a Christmas screensaver install on 12/25/2008 at 12:48pm (pbhne.dll)...No program or method I've tried has been able to remove this .dll / Please Help!C:\\WINDOWS\system32\pbhne.dllProbably a variant of the Win32/Rootkit.Podnuha.trojanRuns under explorer.EXEDDS (Version 1.1.0) - NTFSx86 Run by Owner at 18:19:44.00 on Sun 01/04/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.61 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Stardock\CursorFX\Curs... Read more

A:Win32/Rootkit.Podnuha.trojan (Please Help)

Hi fdsaurbo
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.

Please respond to this post if you still require help.

Thanks
maranatha

Read other 23 answers
RELEVANCY SCORE 124.4

I have Eset Smart Security, and when I open a number of programs (including FireFox, My Documents, and a few others so far) it displays:

Object:
C:\WINDOWS\system32\acctresj.dll
Threat:
Win32/Rootkit.Podnuha.BSD trojan
So far I notice no problems in any programs, or any other areas. Eset quarantines the attack before it can do anything, but I have to restart my computer to remove the files, however, the trojan is still there and does the same thing when I start opening programs again.
HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:39 PM, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\b... Read more

A:Win32/rootkit.podnuha.BSD trojan

*bump*
 

Read other 1 answers
RELEVANCY SCORE 119.6

Hi I have been overrun with adware etc in the last month or so. Have run through the steps in your preperation guide. Any help much appreciated.Thanks DaveLogfile of HijackThis v1.99.1Scan saved at 12:59:22, on 16/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Dell\AccessDirect\dadapp.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\System32\DSentry.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\SMSC\Seticon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exeC:\Program Files�... Read more

A:Infected With Win32.delf.trojan.b And Win32.centim

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Please click: Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:Daily Weather ForecastThen reboot your computer.Step #2Scan again with HijackThis and check the following items:O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (file missing)O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exeAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #3We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide file extensions for known types option.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Step #4Reboot Your System in Safe Mode:Restart the computer.As s... Read more

Read other 9 answers
RELEVANCY SCORE 116

My Avast antivirus recently started detecting a whole host of viruses. I ran a thorough scan of all files and deleted every infected file until the scanner turned up a hit in the operating memory. It then suggested I run a boot sector scan - I did so. Upon rebooting Avast started detecting more viruses. This time I rebooted into Safe Mode and ran the scanner there, deleting everything I found. Apparently one of the files I deleted was important, because after that my computer Blue-Screened during boot-up and I had to do a system restore to a save point from a few days ago (before the virus was contracted). Since then the virus has continued to crop up, and I haven't the foggiest notion of how to get rid of it.

The title is a list of the virus descriptions that my Avast scanner gave me. I ran all the programs the walkthrough on this site instructed me to, but the RootRepeal program crashed and generated an error message and crash report, both attached (error message in .png image format - I took a screenshot of it).

Thanks for your help!

__________________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bryan at 18:56:06.09 on Wed 12/02/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1546 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32&... Read more

A:Infected with js: downloader-FT Win32:Banload-GLR Win32:Malware-gen Win32:Refpron-AW Win32:Rootkit-gen Win32:VB-NWC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 110

I use ESET NOD32. At startup it detects the win32/Kryptik in a start-up scan and later mentions the Win32 rootkit running in memory. The scan log shows that it has detected this on each startup but it cannot delete because files are locked from removal. I have not been able to tell what file NOD is trying to find. Below is last log file post: This same message is repeated in numerous 10+ restarts in the past 24 hours.

5/19/2009 8:25:51 PM Startup scanner file \\?\globalroot\systemroot\system32\gxvxctxujtymqsiltimrpcilnqyirvmqgrlhk.dll a variant of Win32/Kryptik.PF trojan cleaned by deleting (after the next restart) - quarantined
5/19/2009 8:25:46 PM Startup scanner operating memory Operating memory Win32/Rootkit.Agent.ODG trojan unable to clean

I have run ESET in safe mode. It didnot do anything to eliminate the problem. Windows Defender has apparently not done anything either. Finally, I tried windows malicious software removal, but apparently it could not do anything either.

Main problem I notice is delays in internet usage. Happens both in firefox and ie. I changed DNS settings from automatically detect to a fixed DNS setting from earthlink.net. Still same slow down in internet usage.

Appreciate any help you can give. I have tried to find bad file, but to no avail.

Thanks
===============================================

DDS (Ver_09-05-14.01) - NTFSx86
Run by Pop at 21:38:42.70 on Tue 05/19/2009
Internet Explorer: 7.0.... Read more

A:Infected with Win32/Krptik.PF and win32/Rootkit.agent.odg.trojan

It now looks like I may have been able to repair my problem. I used a somewhat, haphazard, unguided approach to removal. The final solution came from AVG Rootkit removal ( http://download.cnet.com/AVG-Anti-Rootkit-...4-10662685.html ). Here is a list of all the steps I attempted. I was worried at times I could have hurt my system, but then I would have had to reinstall the OS. But, on the other hand, some internet posts I read were saying that was the only way to repair the situation. So, desperation took hold. I found my reinstall disks, just in case I needed them and proceeded. ATF Cleaner -- Who needs temp files anyway, especially if they might have trojans, I eliminated temp files this program would find.CC Cleaner - used this to clean out internet cache and history.Recycler folders - I had multiple recycler folders, one that had a rundll in it. I assumed you only have one recycle bin so you only need one of these folders. I had to reset the folder view options in exlorer to see all files and folders (hidden, system, etc.) I deleted the extra recycler folders I could find.System Restore - I turned off system restore. This would erase all the previous positions I had saved. This meant I could never go back to a prior position where my computer was running good, but I didn't know how to find out if I had virus/trojan in one of these saved files I then immediately turned back on the system restore after the old restore files were deleted.b]Windows defender[... Read more

Read other 2 answers
RELEVANCY SCORE 109.6

m ades, windows xp sp3
to whomever can help- i tried to remove some viruses
using info from bleeping, but am not having any luck.

i downloaded a file that i thought could help me on another
matter, but it had a virus that zone alarm's active scan did not
catch.

it was a rootkit virus. i tried tdsskiller several times as well as
malwarebytes, and thought i finally got rid of it. then another
virus popped up despite my not having connected to the internet.

another was this patch virus that kept redirecting my opera
browser. malwarebytes did not see this, but zone alarm did.
i tried to get rid of it and used tdsskiller, and thought i did.
i had to keep switching between safe mode and
normal mode to do it. i had no problems for two weeks, then
both seemed to pop up again. my guess is that i never
actually got rid of them. i tried zone alarm, malwarebytes,
and tdsskiller over and over again, with no luck. then my
ability to connect to the net went away. i gave up and restored
my hdd using the file i made just after i thought i had gotten
rid of the problems, so that though i would still have the viruses,
i would get back the net. using tdsskiller and malwarebytes
still did not work, and a new virus showed up. .

i'm including the logs from zone alarm, malwarebytes, and tdsskiller.

i would really appreciate help.

first to show up. used tdsskiller, seemed to be removed, kept showing back up.

(Forged): C:\WINDOWS\system32... Read more

A:infected with Rootkit.Win32.ZAccess.e, HiddenFile.Multi.Generic, Trojan.Win32.Patched.mf,, Backdoor.Agent.Gen) -> Value: Sh...

ps i have mbam, zone alarm,tdss,
and hijack logs, but was not sure
how to post them since the number
of text characters on this page
was limited.

Read other 70 answers
RELEVANCY SCORE 109.2

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 108.8

Hi,

Since my computer has been infected it often shuts down, getting consecutively trying to start up without success.
I ran straight away Karpersky which detected and eliminated the Trojan.Win32.delf.zd but the problem keeps going on.
I followed the steps of your forum and I?m sending the txt files.

Thanks for your attention.

DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by LC at 10:04:45.31 on 2009-11-03
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.1033.18.1023.735 [GMT 0:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pt/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283... Read more

A:Infected with Trojan.Win32.Delf.zd

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 18 answers
RELEVANCY SCORE 108.8

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 108.4

i am sorry to post a log over here, as i have read through the forum and try to resolve the problem on my own but i failed.since i had ran the comboFix, so i feel that it may be of help to post it.sorry for the trouble..here's the log file...ComboFix 09-07-28.06 - Bentley 07/30/2009 0:35.1.8 - NTFSx86Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.3069.1872 [GMT 8:00]Running from: c:\users\Bentley\Desktop\ComboFix.exeSP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Install.txtc:\windows\system32\tmp0_144047822718.bkc:\windows\system32\tmp0_16962678345.bkc:\windows\system32\tmp0_205418834021.bkc:\windows\system32\tmp0_355351885288.bkc:\windows\system32\tmp0_424346226483.bkc:\windows\system32\tmp0_516880812123.bkc:\windows\system32\tmp0_517948877969.bkc:\windows\system32\tmp0_525286544717.bkc:\windows\system32\tmp0_687442396617.bkc:\windows\system32\tmp0_77071886817.bkc:\windows\system32\tmp0_779592338841.bkc:\windows\system32\tmp0_790261416358.bkc:\windows\system32\tmp2_1075327197... Read more

A:Infected with win32/rootkit.agent.ODG trojan and win32/Olmarik.JU trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 108.4

My computer has been infected with Win32/Rootkit.Agent.ODG trojan and Win32/Olmarik.JU trojan. AVG, ESET NOD32, and Avira couldn't delete it, and I want to delete it. It redirected all Google searches and slows down my computer. Can you please help me. Thanks ahead to anyone who can help.Here is the HJT logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:28:51 PM, on 18/08/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC... Read more

A:Infected with Win32/Rootkit.Agent.ODG trojan and Win32/Olmarik.JU trojan

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

Read other 20 answers
RELEVANCY SCORE 108.4

Hello,


Plz help me in removing Trojan program Rootkit.Win32.Podnuha.ay


I am uing K-sky v7.0, and my AV is unable to delete this trojan from my computer. It says like the file is write protected./ Password protected.

detected: Trojan program Rootkit.Win32.Podnuha.ay
File: C:\WINDOWS\system32\tapi3s.dll//PE_Patch.UPX//UPX

A:Rootkit.Win32.Podnuha.ay infection

The below log is Combofix log file generated for your review.

Please advise about the next step.
****************************************************************

ComboFix 08-04-22.1 - admin 2008-04-23 13:03:54.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.124 [GMT 5.5:30]
Running from: C:\Documents and Settings\admin.ADMIN-FC2A2F65E\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000239_.tmp.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-20 23:47 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-04-20 23:47 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-04-20 23:47 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-04-20 23:47 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-04-20 23:47 . 2008-04-20 23:47 1,024 --a------ C:\.rnd
2008-04-20 23:46 . 2008-04-20 23:46 <DIR> d-------- C:\Program Files\LogMeIn
2008-04-19 17:57 . 2008-04-19 17:57 <DIR> d-------- C:\... Read more

Read other 1 answers
RELEVANCY SCORE 108.4

Computer infested with: Win32 Rootkit. I have applied a variety of free malware/spyware programs without success. Using Adaware, combofix, HJT, etc. I think I have located the source (or maybe just a symptom), but I believe the registry will need to be changed to complete a fix and I do not possess the experience to confidently make those types of changes. I appreciate any assistance you could provide.

Source/symptom? BHO: {59c5df85-9341-4fec-8ea0-0d4e43eb6c35} - c:\windows\system32\bidispli.dll

Anyway, Here is the DDS.txt log:
DDS (Ver_09-02-01.01) - NTFSx86
Run by at 12:39:33.64 on Sun 02/22/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.37 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WI... Read more

A:Remove Win32 Rootkit Podnuha

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Read other 12 answers
RELEVANCY SCORE 107.6

HeyI consider myself a very experienced user, and hence can usually get rid of most stuff on my own but this time I seem to have come across a particularly elusive virus/trojan on my system. Yes I got it from P2P file sharing and I understand the risks involved.Anyway, I noticed this first start when I opened a keygen -- Kaspersky noticed the virus and tried to stop it -- and then a mysterious processes tried to start sending data and I used Kaspersky to disallow that and to terminate the processes. However -- it's unable to keep the processes terminated permanently....the process just restarts itself again and trys to get through. So what I get is a fight between my anti-virus and this trojan for a period of a few minutes and then the trojan goes inactive for an unknown interval before it tries to fight Kaspersky again. The reason why kaspersky and the virus "fight" is because I told it to perform the same action (terminate and deny internet access) everytime it detected the trojan.Also of note: Ive seen mozilla firefox open a window on its own a few times (not often) but thats all that happens.I am going to post my kaspersky log as well as the logs in the "pre-post" instructions because I think the kaspersky notes will be helpful. KASPERSKY LOGSdeleted: Trojan program Trojan-Downloader.Win32.Zlob.knt File: C:\Users\Brian\AppData\Local\Mozilla\Firefox\Profiles\93x9ahv1.default\Cache\EC46F395d01deleted: Tro... Read more

A:Infected With Trojan-downloader.win32.delf.gas

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply with a fresh HijackThis log.

Read other 5 answers
RELEVANCY SCORE 107.6

Hi,My laptop is infected with the Trojan-Clicker.Win32.Delf.cbe virus. Kaspersky keeps popping up with this message that it is infected and deletes the file C:\Windows\System32\midehqjw.dll. But after every reboot the file is there again.I also got some kind of rootkit virus, kaspersky reporting strange files starting with names like kung*.tmp and kung*.dll and kung*.sys. I couldn't find these files anywhere on my harddrive though (some in memory virus?). It seems UnHackMe tool was able to remove those.I'm not sure if these two viruses are related though.I've attached the DDS and attach.txt. log. Any help on how to remove this would be greatly appreciated.***********DDS (Ver_09-05-14.01) - NTFSx86 Run by A.C. Ypil at 10:14:04,17 on za 06-06-2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.commStart Page = hxxp://www.yahoo.com/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: : {197811d7-bd2e-4de4-b17e-66a912e63ccd} - c:\windows\system32\veplsvp.dll... Read more

A:Infected with Trojan-Clicker.Win32.Delf.cbe

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 107.2

hi all. first time to post here... look slike a great site!

i am infected with a particularly resillient malware that no program i have found can remove.
Win32.RootKit.Podnuha with "audiosr.dll"
not even sure where i picked it up, but it's hijacking IE & i'm sure is capable of other harm as a "backdoor" variety. i'm new to the "advanced" world of malware removal, so any help you can offer in a timely manner would be GREATLY appreciated!
i'm dead in the water until i get this resolved.

thank you, in advance!

A:Can't shake Win32.RootKit.Podnuha with "audiosr.dll"

an update: due to the severe nature of the rootkit infection, i decided to do a complete hd reformat & reinstall of windows. time consuming to say the least, but the system appears to be clean & healthy now. also running a fresh install of Kaspersky IS for a stronger "first line" of defense. please disregard my request (unless you can post a fix for the 40+ other viewers of my topic.)
thank you.

Read other 1 answers
RELEVANCY SCORE 107.2

According to AVG I'm infected with Clicker.AAFT which appears as c:\windows\fonts\services.exe. Task Manager always has at least 2 of these additional services.exe running.I used to have Norton antivirus running but the virus broke it and i couldn't re-install it. I bought the Kaspersky Labs virus scanner but that to would not install. it looks like this virus has changed the "rights" of some objects. The only virus scanner that would install and work was AVG.I tried to re-install service pack 3 thinking it would possibly overwrite some of the virus infected files but I got an "access denied" when I tried to start installing... ARRRRRRRGGGGHHHH!!!!Any help would be much appreciated!/Blair Here's my DDS log: DDS (Ver_09-06-26.01) - NTFSx86 Run by Blair at 15:18:10.15 on 2009-07-11Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2127 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\sv... Read more

A:Infected with Clicker.AAFT Win32.Delf.rtk Win32.Agent.atta

I just noticed that I'm also infected with Virtumonde in
C:\WINDOWS\system32\sopidkc.exe

/Blair

Read other 15 answers
RELEVANCY SCORE 106.8

Problems:1) I keep getting pop-up and sometimes links redirect me to other sites, often ads.2) It makes my computer slow down drastically : Windows crashes most of the time when i change user and the gmer scan crashed 5times before i could get it done. 3) One pop-up in particular (that would be the trojan clicker) tries to lure me to download an antivirus because it simulates the window control pannel so that i think it's windows that's asking me to download an antivirus.What i've already done:1) Nod32 alerts me that there's a trojan every 10min but when I put in quarantine the trojan seems to duplicate and the alerts juste keep coming.2) I scanned with : Ad-aware, spybot : search and destroy, docor web (in safe mode), malwarebytes anti-malware, nod32It did a full scan with each.3) When i scanned with spydoctor in safe mode it crashed at the end and two infections could not be treated : C:/program files/eset/infected (quaratine of nod32) and c/documents and settings/username/local settings/Anplic/mozilla/firefox/profiles/2cpk5271.default/cache4) After the spydoctor scan nod32 detected a second infection (Olmarik) and nod32 can't get rid of itLogs:DDS (Ver_10-03-17.01) - NTFSx86 Run by Gilles at 18:47:41,28 on lun. 26/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP ?dition familiale 5.1.2600.3.1252.32.1036.18.2030.1342 [GMT 2:00]AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D3... Read more

A:Infected with win32/Olmarik.VM Patched and Win32/TrojanClicker.Delf.NJE

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 106.4

I was frequently getting the blue screen of death. Downloaded ad-aware. Up pops win32.trojan.delf. It was removed, and I frequently restarted and re scanned. It didn't pop up again. I have norton anti-virus installed also. I thought that was the last of it. I tried installing zone alarm for extra protection, upon restarting my computer to complete installation, my computer froze and did this 10 times and I wasn't able to even get my computer past start up. I rebooted in safe mode and did a system restore to yesterday (just after virus was removed). Computer was working fine. Now, all of a sudden msconfig wont run. I have been googling for hours now and I've managed to figure out that the virus affected my registry files. I know there's stuff I have to delete and do to completely remove the after affects but I dont know what to delete.

I downloaded hijack this. Here's the log report. Please tell me step my step what to do, I'm not that great on computers!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:49:13, on 02/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:... Read more

Read other answers
RELEVANCY SCORE 106.4

I have had 3 viruses or infections show up during virus scans. The only things out of the ordinary I have noticed is my homepage of comcast has a couple of sections that say loading and it never loads (including a display of how many emails I have), a pop-up of Trend Micro website continually pops up on my screen, and the computer seems to be running a little slower. I ran the Kaspersky scan and the DSS and posted below. Thanks,JamesKASPERSKY ONLINE SCANNER 7 REPORTThursday, August 7, 2008Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Thursday, August 07, 2008 18:37:50Records in database: 1067337Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\G:\H:\I:\J:\K:\L:\M:\Scan statisticsFiles scanned 308319Threat name 2Infected objects 3Suspicious objects 0Duration of the scan 04:25:06File name Threat name Threats countC:\Program Files\Iexplorer\Iexplorer.rmvb.vzr Infected: Trojan-Downloader.Win32.Delf.ixg 1 C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE.vzr Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 F:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE.vzr Infected: not-a-virus:AdWare.Win32.SearchIt.t 1Deckard's System Scan... Read more

A:Infected With Trojan-downloader.win32.delf.ixq And Adware

Hello hazegrey,Welcome back to Bleeping Computer Click Start Menu > Run > type (or copy and paste)%SystemRoot%\System32\restore\rstrui.exePress OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.Next goto Start Menu > Run > typecleanmgrClick OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * Whe... Read more

Read other 15 answers
RELEVANCY SCORE 106.4

I was frequently getting the blue screen of death. Downloaded ad-aware. Up pops win32.trojan.delf. It was removed, and I frequently restarted and re scanned. It didn't pop up again. I have norton anti-virus installed also. I thought that was the last of it. I tried installing zone alarm for extra protection, upon restarting my computer to complete installation, my computer froze and did this 10 times and I wasn't able to even get my computer past start up. I rebooted in safe mode and did a system restore to yesterday (just after virus was removed). Computer was working fine. Now, all of a sudden msconfig wont run. I have been googling for hours now and I've managed to figure out that the virus affected my registry files. I know there's stuff I have to delete and do to completely remove the after affects but I dont know what to delete.I downloaded hijack this. Here's the log report. Please tell me step my step what to do, I'm not that great on computers!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:49:13, on 02/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI... Read more

A:Was infected with win32.trojan.delf, now msconfig wont run

Hi juicyjen ukWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.Please do this.Download RSIT by random/random and save it to your desktop.Double click RSIT.exe to start the tool.At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.Please post the contents of those logs here in your next reply.Thanksmaranatha

Read other 15 answers
RELEVANCY SCORE 106.4

When I start my computer, I receive notice that my windows firewall is off. When I click on the icon, it tells me my firewall is on. I have pieces of icons (font.exe) on my desktop, which will not move into my recycle bin. An hourglass remains on my desktop whether I am on the internet or working offline (and the computer is slow; for example, when I type in a password, the letters do not appear on the screen right away). NOD 32 virus scan detects the trojan and quarantines it, but if I run a malwarebytes', super antispyware, or lavasoft scan, the worm and trojan are detected. Scans indicate I must restart my computer to completely remove traces of these malicious objects, which I do. When restarting my computer, a windows boot cleaner appears on a blue screen with a list of deleted internet explorer files. Then the whole process starts again, with NOD detecting an Internet Explorer Trojan agent and downloader. How can I get rid
of this trojan and worm once and for all? Any help is much appreciated.

A:Infected with Win32 Trojan Delf & Worm Archive

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 106

system spec

intel 6320
2gig ram
ATI HD240
unkown MB


recently i noticed my pc getting a lot slower than normal IE scrolling down on an email would cause the window to stutter where normaly it would be smooth. i ran a virus scan useing AVG (paid version) and it didnt come up with anything i also ran adaware and i tried to install spybot but it unable to connect to the server to install. i tried the same spybot exe on a seperate machine and it installed fine

the computer was still slow so i ran a kaspersky online scan which found a few trojans and backdoors (see attached txt) that AVG fails to detect.


DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by L.HALL at 20:30:22.25 on 24/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1443 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceSer... Read more

A:Trojan.Win32.Agent.dkai, Backdoor.Win32.Delf.nut plus others

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 106

I have verizon security suite and it keeps finding this virus but everytime I try to delete this it keeps comming back. How can I get rid of this? Here is the hijackthis scan I just did. I am not good at this so any help would be appreciated.ogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:02:35 PM, on 12/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Verizon\Verizon Internet Security Suite\rps.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exeC:\WINDOWS\System32\h... Read more

A:comaddi.dll virus rootkit.win32.podnuha.y can't delete

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 105.6

I have tryed to scan computer with Spybot S&D, Ad-Aware, and AVG 8.0 but nothing changes. Pleas can anybody help me?
DDS (Ver_09-07-30.01) - NTFSx86
Run by Issi ja Inno at 19:28:12,59 on L 08.08.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1257.372.1033.18.511.290 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Mess... Read more

A:Infected with Win32.Delf.uc , Virtumonde.sdn, Win32.Viru.bg

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 105.6

Hello everyone and thank you.I've ran Malwarebyte's Antispyware, AVG8 and Spybot S&D, but these 2 trojans are still present.I've also done the scans in safe mode, all the same results.Whenever Spybot finishes scaning, tons of TeaTimer windows show up giving me prompts called "SpybotDeletingXXXX". I then run HijackThis and remove the entries associated with that name.Upon a reboot, both the trojans are back and nothing seems to have worked.Here's the DDS log:DDS (Ver_09-03-16.01) - NTFSx86
Run by Lucas at 13:20:06,32 on 07-04-2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2047.799 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~2\AVG\AVG8\avgrsx.exe
c:... Read more

A:Infected with multiple win32.delf.uc and win32.TDSS.rtk

Hello, lucasfWelcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.If you do not make a reply in 5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they d... Read more

Read other 2 answers
RELEVANCY SCORE 105.6

OK Nomally I goto google, and read past bleeping computer related topics to the three viruses I listed in the topic, or for anything. But this crap takes the cake. Ive never delt with garbage like this.

I just moved into a new neighborhood, and have been looking for an unsecured internet for a while. Someone just brought one online friday. But when I connected to it (which its what Im connected to now) Trojans started popping up out of nowhere. Ive run Hijackthis and SDfix and will put the logs at the bottom. SD Fix seems to find the viruses, but cannot delete them properly. Itll find them delete them then list hidden attributes, which are still viruses, and not delete them. These little buggers are tricky.

So if someone could please help me out here. It keeps trying to send mass loads of spam mails. Ive also reformated about 4 times now. Its giving false positives in the ask manager running proccesses. svchost, IEXPLORER (listed under system, its supposed to be listed under HP_Owner for me not to mention its in caps), random charactered trojans that google has no info on, winlogin.exe is all messed up. MY LoginUI wont work properly anymore. and all of them are listed as exe in places they shouldnt be. Anyways heres the logs, Im gonna TRY to play some runescape while I wait for an answer.

One more thing, Computer is running slow, dont know if i can run spybot or counterspy again. LOL speaking of which Counterspy's Safe mode scan wont even run. PERIOD. So yeah:
Edit. Runn... Read more

A:Infected with PWS.LDPinchIE, Win32.Delf.uc, Win32.Agent.pz

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 1 answers
RELEVANCY SCORE 105.6

hello,i've read most of the manuals here, and tried my best to scan and recover my pc. problem is, since i got infected by those trojans, i cannot use my antivirus/antispyware programs. they are instatnly closed as i open them. so i can't use AVG, Hijackthis, and others. i m not able to open websites that are connected to antivirus programs, with some exceptios.though i cant download and install them on my pc, even on safe mode - i managed to scan the pc online using Panda Active scan and bit defender. those have found hundreds of trojans and spywares on my computer. i have also used Search & Destroy ( with lil effect) and AdAware, but they weren't as effective as Panda and Bit Defender.although they have deleted quite a few, i stll cant access AVG , Hijackthis, and certain websites, including some of the forums here like HijackThis log Analysis (typical AVkiller.C work...).im writing this post from another computer, since i cannot enter the forum from mine.please advise me on how to clean my computer, and get rid once and for all of those pests. i've added some examples of the viruses found during the scan : (some could not be deleted)Panda's Active scan found: Virus:Trj/Downloader.MOW Disinfected C:\WINDOWS\system32\bxjoqoiabbjn.dll Bit Defender has discovered, but could not clean :C:\WINDOWS\system32\vpxyofsugazx.dllSuspected of: BehavesLike:Trojan.WinlogonHookC:\WINDOWS\system32\vpxyofsugazx.dllDisinfection failedC:\... Read more

A:Infected By Trojan-downloader.win32.delf.pa (trojan.stwoyle), Avkiller.c And More

i was directed to this forum by fozzie :[img] You have a nasty infection on hand Trojan-Downloader.Win32.Delf.pa (Trojan.Stwoyle) You will not be able to run HiJackThis unless a special tool will be utlised. Please post the panda report in the HiJackThis forum here and they will help you. This is a sophisticated tool which needs expertisewhat is this tool he is speaking of, and how can i utilise it?thank u for ur time.

Read other 11 answers
RELEVANCY SCORE 103.6

The infections have prevented Symantec from working, lavasoft adaware, redirects on the internet. Ran Spybot and Malewarebytes in safe mode removed what was found and still the problem exists. Ran spybot again in normal mode and both infections came back. Seems to be messing with my network authentications also. I uninstalled adaware and reinstalled it tried to run it and it crashed the program and now it won't work again.
DDS Log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by mtalcott at 11:32:50 on 2011-09-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1285 [GMT -6:00]
.
AV: Windows System Defender *Enabled/Updated* {7ECB290C-0906-4B45-B485-362D38525C52}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Windows System Defender *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe&#... Read more

A:PC is infected with Win32.AVKillsvc.e and Win32.Delf.uc

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After down... Read more

Read other 9 answers
RELEVANCY SCORE 102.8

I believe I was infected last night when a website somehow redirected me to liteautogreatest{dot}cn.I'm running XP Home SP3 and the ZoneAlarm Internet Security Suite (just updated earlier today).ZoneAlarm continually finds a couple of problems and hibernates them but they do not go completely away after a reboot.The ZoneAlarm active monitor scan shows the following...Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BNB.tmp on 4/20/2009 13:29:22Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BNA.tmp on 4/20/2009 13:23:26Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN9.tmp on 4/20/2009 13:17:40Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN8.tmp on 4/20/2009 13:14:30Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN7.tmp on 4/20/2009 13:07:26Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN6.tmp on 4/20/2009 13:02:40Rootkit.Win32.Agent.ikz was found in C:\WINDOWS\system32\drivers\systemntmi.sys on 4/20/2009 12:57:48Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\T... Read more

A:Infected with Rootkit.Win32.Agent.ikz, Trojan-Dropper.Win32.Agent.amzh, Trojans? Malware?

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.alternate download linkThen download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, re... Read more

Read other 3 answers
RELEVANCY SCORE 102.4

Firefox and Mostly IE is experiencing redirects when I search through any search engine. Avast is continuously stopping malware in the Windows\Temp folder.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ricardo at 15:09:36.31 on Sun 12/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2184 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\... Read more

A:Infected with Win32:Malware-gen, Win32:Rootkit-gen, and Win32:Spyware-gen

Please close this post. I'm reformatting and reinstalling an Acronis Image prior to the infection. Thanks anyway.

Read other 2 answers
RELEVANCY SCORE 101.6

Hey I could use some help getting rid of this virus, I think Ramnit-A might be around too on it. I've done some researching trying to see if I could try and fix this on my own, but I think this might go quicker.I have spybot and adaware (freeware) on my computer, spybot hasn't bothered to pick anything up in this mess. Adaware has picked up Ramnit-A virus on the system and it always ends up with a list of items to repair (mostly files and a few processes at the end of the list), a cookie, and then ~4 misc. items that it recommends the "just once option". Anyways it hasn't been working, so from my reading, from a topic I managed to google from this forum board I downloaded Avast, which has grabbed virus file types that I listed in the topic with quick scan (and with it's "shields" too) . The other disturbing thing is that I think I have about 3000+ files now sitting in my virus chest on Avast from running the thing...safe to probably say it's not fixing anything.I'm a little worried too about the fact that the files Avast is taking are, or were just regular exe's some that were actually on my desktop. Has left me wondering if I should delete everything in the virus chest or not, I'm not going to end up deleting something important if I do? (main worry)From what I've read I hope I posted the required stuff, I'm currently running Gmer right now, I'll probably leave it running and try posting it tomorrow morning as ... Read more

A:VBS:ExeDropper-gen;Win32:Ramnit-B;Win32:Rootkit-gen;Win32:Trojan-gen

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 100.4

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 100.4

(DDS log below)I re-installed my AV after running without it for a while and found that I had quite a few bad things going on picked up by Nod32 including (see attachment for more detail):Win32/Olmarik.ZCJava/TrojanDownloader.Agent.NBEa variant of Win32/Olmarik.UL trojanWin32/Cimag.CL trojanI also get multiple outbound connection attempts which are at least partially being blocked by Nod32 to weird .cc .cn and a few .com domain urls, this happens after performing a google search. Also getting some browser redirects going on and homepage changes.I tried setting nod32 to pre-release updates and performing a full scan, this picked up the above and removed them, but after a reboot there are still things going on. Before reading the steps on this site, I ran the latest ComboFix twice which picked up a rootkit in intelide.sys both times, but appears to come back each time. While I disabled nod32 when I ran ComboFix, it re-enabled upon reboot automatically, not sure if that matters.I've also been getting a startup delay of around 1 minute after logon, in this time, nothing appears to be going on (no apparent CPU or disk activity), but wireless, AV and other startup items do not run. Then a minute later, everthing fires up.I've tried running GMER several times but this keeps giving me a BSOD with IRQL_NOT_LESS_OR_EQUALLast scan with nod32 came up clean but still getting outbound connections and browser redirects.Looking to sort this out once and for all!DDS (Ver_10-03-17.... Read more

A:WinXP rootkit? problem + Win32/Olmarik.ZC Java/TrojanDownloader.Agent.NBE a variant of Win32/Olmarik.UL trojan Win32/Cimag.CL t...

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perfor... Read more

Read other 14 answers
RELEVANCY SCORE 99.6

OK- I am not extremely computer savvy... I may have destroyed the computer beyond repair, but my files are not backed up and all of the videos of my son when he was a baby are on there and only there. So, HELP!!!! I had a bad virus that started as pop ups for fake virus protection- I can't even remember what it said. I gave it to my brother in law to fix and it took him a month to tell me I needed to backup my files cause he was going to dump the whole thing. Last night after plugging in the USB and having it fill up without even getting through a 1/4 of our pictures, I decided to try to get rid of the virus myself. I ran malwarebytes which found some items and told me to shut down to complete. I did, got the blue screen- started in safe mode w/ networking (got a pop up that said malwarebytes could not be located). After some more searching, I downloaded Hitman that was made for the DNS virus- I know whatever it is on my computer is really bad. The local connection icon was completely removed. Ethernet driver gone and microsoft system tools like firewall and security all gone. Here is a what hitman said before it told me to reboot to complete the deletion of the virus (s). Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.graftor.13001 (engine A), backdoor.maxplus, trojan-dropper.win32.sirefeflIK... and 57 items in tempfiles..... HELP PLEASE!

A:. Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.g...

Copy this tool to the infected PC FSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

Read other 1 answers
RELEVANCY SCORE 98.4

Hi, im having a problem with popups. When I run Avast it finds files and gets rid of them but it seems that every time i do a scan it picks up something new. here is a list of the files its deleted so far.

A0007433.dll win32:trojan-gen
A0007484.dll win32:rootkit-gen
A0007485.dll win32:adware-gen
geBqQJYp.dll win32:trojan-gen
pmnOHXoL.dll win32:rootkit-gen
trz1.tmp win32:rootkit-gen
tuvvpjgd.dll win32:adware-gen

here is the DDS log

DDS (Ver_09-01-19.01) - NTFSx86
Run by Administrator at 7:09:47.25 on Mon 01/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.250 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090125-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C: ... Read more

A:Pop ups, win32:trojan-gen, win32:adware-gen, win32:rootkit-gen

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Read other 8 answers
RELEVANCY SCORE 96

I have an F-Secure internet security software suite on this computer, and it is up-to-date and functioning. I also have MalwareBytes (free) installed and have been running it regularly, and I use the ESET Online Scanner as well. The OS is Windows XP, and it is up-to-date.About three weeks ago I cleaned around three trojans from this computer using MBAM and the online scanner. A few days ago, Adware.Win32.WebHancer.x was found by F-Secure, and is currently quarantined. Today, several instances of the two Trojan-Spy programs were found and quarantined by F-Secure; they infect system files and system restore files. I already looked up information on cleaning the system restore files by stopping and restarting system restore (and scanning inbetween). I deleted the quarantined files.All of the Spy-Trojan's found are infecting in C:\hp\recovery\wizard\fscommand\. The file names are:AppRecoveryLink_ret.exeCDLogic_ret.exeCreatorLink_ret.exeRestoreLink_ret.exeRTCDLink_ret.exeRunLink_ret.exeSysRecoveryLink_ret.exeWizardLink_ret.exeThe Adware infected a .dll file, and I was advised not to delete it.CDLogic_ret.exe is Agent.bdzz; the rest are Agent.beafI have run my antivirus, MBAM, and the online scanner again and they picked up nothing. Also, the Adware and Trojan-Spy's were all found during MBAM scans, but F-Secure picked them up.I have attached a HiJackThis log and a DDS log; GMER froze my computer partway through the scan when I used it. I have ran a... Read more

A:Infected with Trojan-Spy.Win32.Agent.bdzz, Trojan-Spy.Win32.Agent.beaf, and Adware.Win32.WebHancer.x

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 96

Hello, Ive been fowarded from Bronis care(Security > Am I infected? What do I do? forum) as stated "...at this point some more advanced tools (not allowed in this forum) will be needed to clean up your computer.
With the information you have provided I believe you will need help from the malware removal team."

thread link
http://www.bleepingcomputer.com/forums/topic417272.html

I dont know the name of the infection but Spybot found Win32.AVKillsvc.e which it keeps fixing & keeps showing back up.
AVG cannot be accessed or found but did just previously find Trojan Horse Backdoor.Generic.UFQ & Win32\Cryptor. There was also a popup of something like- "Microsoft Feeds Update needed" or something? and there was a message something like- "Windows is not your operating program"?

I couldnt connect to internet (wireless) but Broni seems to have sorted that out so now I am able to but GMER(which did fully scan with Broni, using UBB flash for download) now cuts out. I was able to stop & copy the scan before the cut point & will include that log which may be incomplete (see previous full scan log posted on previous thread) Other logs also posted on that thread may be helpful.
Thanks in advance for trying to get me through this part! Cat

Here is the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Owner at 23:27:46 on 2011-09-05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.95... Read more

A:fwd from Broni- nasty rootkit! Win32.AVKillsvc.e - Rootkit.Win32.ZAccess.e - Win32\Cryptor

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 43 answers
RELEVANCY SCORE 96

old sony laptop with windows xp pro sp3 intel pentium 3 with 640 MB rami've got some nasty bugs on my laptop. i can remove them with spybot or malwarebytes, but they come back every time i restart the pc. they are able to turn off windows firewall and symantec anti-virus autoprotect. my laptop got infected after my desktop, so both are only in safemode and off the network for now. any help would be greatly appreciated.from spybot:win32.delf.ucfrom malwarebytes:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\llpinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\nvtpm32.dll (Spyware.Agent.H) -> Delete on reboot.C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\azton.mt (Trojan.Agent) -> Quarantined and deleted successfully.Here is my log from HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:41:32 AM, on 3/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.ex... Read more

A:Laptop infected with win32.delf.uc, Spyware.Agent.H, and Trojan.Agent

you can close this out as i actually just did a clean reinstall of the OS. however, if anyone can help me with my other PC i'd prefer to not reinstall it as well:http://www.bleepingcomputer.com/forums/t/207842/desktop-infected-with-trojanagent-more/it has:trojan.agentadware.cometadware.starwaretrojan.dnschangerthanks!

Read other 2 answers