Over 1 million tech questions and answers.

Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

Q: Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

Hi, I am completely new to this, so please be patient. All I know is that my new computer has detected the Trojan files listed in the subject and I don't know how to get rid of them. I am running Vista premium and this is my first post, so I need to know what I can do to remove this stuff before it starts wreaking havoc. Thanks!

RELEVANCY SCORE 200
Preferred Solution: Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

Closing duplicate.

Please continue here:

http://forums.techguy.org/showthread.php?t=610916

Read other 1 answers
RELEVANCY SCORE 105.6

Hi, this is my first time and I am a novice at this, but I just can't ignore what my TrendMicro OfficeScan software told me it found a WinAntiSpyware2007 spyware and then I scanned my computer with SpyHunter v2.9 and it found a Trojan.vundo file in the registry. Can anyone help! Thanks so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:13 PM, on 8/16/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32... Read more

A:Solved: Help! Infected by WinAntiSpyware2007 and Trojan.vundo! HiJackThis file included.

Apparently my OfficeScan software actually was able to get rid of the spyware after I closed out my Internet explorer session but it just did not remove it from my computer regsitry, but I have been informed that it probably can't hurt anything. My computer has not started acting up on me or anything, so this is all that I can assume.
 

Read other 1 answers
RELEVANCY SCORE 85.6

SpyHunter detected Zlob and some other stuff when I scanned. So can someone please help me to get rid of this crap on my computer. My explorer.execrashes frequently and it's very annoying.Also when I ran the Spybot Search & Destroy it found some stuff and when I tried to fix it, it said I needed to log on under administrator privileges and I already am. I only have one user account on this laptop and I noticed I get that message a lot. That I don't have adequate privileges to do some things.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:38, on 2008-07-17Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\Taskmgr.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\mobsync.exeC:\Program Files\ManyCam 2.2\ManyCam.exeC:\Users\Shonda\Downloads\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpds... Read more

A:Zlob Detected By Spyhunter

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 2 answers
RELEVANCY SCORE 84.8

Okay, i have completed a scan
My mcfee detected this file and readed it as a vundo trojan. However... panda scan didnt read it as vundo trojan, but i do know which file have been causing tremdenous problems for me.

its this file
Sent Location ȃ
;===================================================================================================================================================================================
Yes C:\WINDOWS\SYSTEM32\TUVSQPMK.DLL

Thanks

A:Vundo Trojan detected. Need help

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner.

Read other 1 answers
RELEVANCY SCORE 84.8

This pop up keeps coming up that Mcafee has detected the Vundo Trojan in C:\WINDOWS\system32\geeba.dll and supposedly it has removed it. I restart my computer like Mcafee asks me to but the message keeps coming up. Please help me or I will go insane.

A:Trojan Vundo Detected

Hi Magpiefly and welcome to Bleeping Computer.For me to be able to help you, i need to see a Hjt log.Read the Preparation Guide before posting a HijackThis Log.Please read, and follow, all directions carefullyRun a log, and post the log in a reply to this thread.Thanks.

Read other 24 answers
RELEVANCY SCORE 84.8

I was refered to here for further assistance regarding a Trojan that has got into my system. I followed the Five Steps as instructed (aside from Step 2, as I am now unable to open Internet Explorer since this happened... I am using FireFox as my browser).

Below is the copy of the system scan, with the extra.txt attached. Please let me know if you need any further information.

Thank You!

Deckard's System Scanner v20070711.54
Run by Calvin on 2007-07-21 at 11:07:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
88: 2007-07-21 15:08:05 UTC - RP419 - Deckard's System Scanner Restore Point
87: 2007-07-20 14:17:47 UTC - RP418 - System Checkpoint
86: 2007-07-19 13:17:45 UTC - RP417 - System Checkpoint
85: 2007-07-18 12:18:50 UTC - RP416 - System Checkpoint
84: 2007-07-17 11:17:44 UTC - RP415 - System Checkpoint


-- First Restore Point --
1: 2007-04-23 02:21:18 UTC - RP332 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-21 11:10:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running pr... Read more

A:Vundo Trojan Detected

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 13 answers
RELEVANCY SCORE 84.8

Greets. I was going follow instructions for this trojan found in other threads, but there were warnings about doing that.

I have the Vundo!grb trojan and Mcafee detects it, says it removes it, but its lying.

Thanks for your help.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 9:34:07.34 on Sat 03/14/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1358 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\V... Read more

A:Detected: Vundo!grb (Trojan)

One more thing on this...IE won't launch at all. Get's the, "encountered a problem and must close" every few minutes. And my HDD is constantly working quietly on something.

Read other 5 answers
RELEVANCY SCORE 84

Hi All,

I run the Malware Antibytes, then vundo.fix and show no results, but i am not 100% sure it's all clear now,

Please find the log from: HijackThis. Would be great if somebody let me know if we are now good to go,

cheers.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:19, on 28/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTra... Read more

Read other answers
RELEVANCY SCORE 82.8

Symantec has found an instance of the virus name : Trojan.Vundo on a work computer.
File: C:\WINNT\system32\hgghfde.dll
Location: C:\WINNT\system32
Clean failed, Quarantine failed, Access denied.

When I ran HJT I got an application error at the end of the scan, about the tim when the report would pop open. "The instruction at '0x10037b81' referenced memory at '0x00000000". The memory could not be 'read'".
Click OK to terminate the program
Click Cancel to debug the program

HJT log
Logfile of HijackThis v1.99.1
Scan saved at 9:23:14 AM, on 9/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Smtray.exe
C:\WINNT\system32\Promon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\eCopy\Desktop\PCL... Read more

A:Trojan.Vundo detected on work computer

Read other 6 answers
RELEVANCY SCORE 82.8

I have run about a half of dozen programs to fix but nothing works. Norton 360 continues to detect a Trojan.Vundo infection but after cleaned, it reappears later. IE is extremely unstable and will open numerous malware pages. Firefox at times is also affected. Hard-drive is constantly churning away. Below is my HijackThis log. Thanks in advance! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:13:29 PM, on 4/22/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Sy... Read more

A:Trojan.vundo Virus Detected But Still Have Problems

Hello Str3 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a... Read more

Read other 1 answers
RELEVANCY SCORE 82.8

Directed to come here from "Am I infected? ..." (boopme, global moderator)OTHER Detection Info:Win32 (Quarantined)PUPs MyWebSearchXP Internet Security 2012 (found on two networked PCs)The following inputs are listed in AVAST Quarantine Log File:Label_FedEx_Print_document.zip (i think Win32 was associated with this one)Label_Parcel_USPS_13_114.exe46469.htm (two entries, April & July 2012)475314.pdf (two entries, April & July 2012)5152297.htm (two entries, April & July 2012)COPIED FROM ORIGINAL POSTS as instructed:Posted 12/16/12WHAT I WAS DOING: Preparing to install a new printer by first uninstalling the old printer and all associated software. (and other unused programs).FIRST PROBLEM ENCOUNTERED: Software uninstallers failed. Unable to remove programs.OTHER PROBLEMS: CD/DVD drive doesn't always work. Unable to access "All Users" folders. I am the only administrator/user of this PC.OTHER OBSERVATIONS: Network wizard is remembering an old network name. Folders are set to remember settings but they don't. Not all features of programs are working. Defrag reported some files could not be defragged but report did not list file names. KB977914 failedWHAT I'VE DONE SO FAR:Ran disk clean up and defrag.Ran "Check System Compatibility" feature from XP OP disk (all OK)Uninstalled SP3 - In retro spec, I believe I should have never done this. Note: Original OP disk includes SP2.Ran sfc /scannow and chkdskRESULTS:sfc /scannow -- "... Read more

A:trojan.vundo -- most recent, detected 12/20/12, quarantined

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 39 answers
RELEVANCY SCORE 82.8

Please help! Every time I log into my computer Norton detects Trojan.Vundo and Downloader and says that my computer is secure but doesn't quaratine them or delete them. Sometimes it finds Trojan.Zlob too. It will also tell me to restart my computer to complete the security risk, but when I restart it happens all over again. When I use the internet I keep getting unwanted popups and Windows Antivirus messages, etc...I'm sure there's an executable file running somewhere in the background, but I can't find it to get rid of it.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:12 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\U... Read more

A:Trojan.vundo, Downloader being detected by Norton

Read other 9 answers
RELEVANCY SCORE 82.8

XP Slowdown TROJAN VUNDO TROJ_VUNDO.IFH Detected but Won't Die

Thanks in advance!

Computer has slowed down incredibly over the past day. Here is the DDS log:


- RESOLVED - USED THE INSTRUCTIONS ON THIS SITE AND GOT RID OF IT WITH MALWARE - THANKS ALL!

A:XP Slowdown TROJAN VUNDO TROJ_VUNDO.IFH Detected but Won't Die

As the problem here seems to be resolved, this topic is now closed.If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. If you should have a new issue, please start a new topic. Everyone else with similar problems, please start a new topic.

Read other 1 answers
RELEVANCY SCORE 82

Hi,I am running winxp sp2.I have been very good with preventing viruses but recently found my pc to be infected with multiple viruses according to norton. I have tried following deletion instructions provided by norton but this has not worked and the viruses keep coming back.Originally I was infected with "Trojan.Vundo", then "Downloader" and now finally "Trojan Horse". I am now also infected with "Trojan.adclicker" and "Downloader.misleadapp". Here is my log.Please help! My computer is virtually paralyzed.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:28:10 PM, on 16/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\Yalon\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\... Read more

A:3 Viruses Detected Using Symantec Including Trojan.vundo

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 7 answers
RELEVANCY SCORE 82

Today Norton Antivirus began to block threats from Trojan.Zeroaccess.B, Trojan.Gen, Trojan.Gen.2, and Trojan.Zeroaccess.C. I have been prompted to do a manual removal of Trojan.Zeroaccess!inf4 from c:\windows\system32\services.exe. Additionally, Bitcoinminer is being repeatedly detected, blocked and quarantined. I'm not sure if Norton is having a problem deleting/quarantining Bitcoinminer, or if it is actually being downloaded over and over. I suspect that these two problems are related, as they started at the same time.

From what I gather, the fix seems to be quite complicated and I would appreciate some help.

My system is running 64 bit Windows 7 Home Premium w/ SP 1. Looking at similar threads, it looks like I'll need to use a flash drive to run removal tools. I do not currently have a flash drive on hand, but I do have an 4 GB SD card. Will that be a sufficient replacement?
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Ii-chan at 21:49:01 on 2013-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.6060.2045 [GMT -8:00]
.
AV: Norton AntiVirus *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows... Read more

A:Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 14 answers
RELEVANCY SCORE 81.6

I did a stupid thing yesterday. I downloaded an icon pack APK file on my computer to upload to my mobile. Anyway, the thing is, when I double clicked on it, BlueStacks (Android Emulator) opened up, and Avast started giving me lots of warnings about BlueStacks accessing Trojan URLs (it blocked them of course).
 
Now, the thing is: I scanned the APK file both in Malware Bytes Anti Malware and Avast (and even Malware Bytes Anti Rootkit), and it showed no virus or malware found. But when I try to attach the the same APK file as a Gmail attachment (which I read on the net detects viruses, which is why I tried it), Gmail gives me a "Virus found" error.
 
So, my question is how come such reliable antivirus / anti-malware programs like MBAM and Avast didn't detect the virus but Gmail did? And more importantly, (though I have deleted the APK file in question from my computer) is my computer safe? Or has a rootkit / trojan been installed?

A:Virus not detected in Avast & MBAM, but detected when I upload the file to Gmail

Upload file in question here: https://www.virustotal.com/ for security check.

Read other 5 answers
RELEVANCY SCORE 81.2

Hello everyone and thank you very much for your time, ahead of time.

Firstly, I am getting a message via Norton AntiVirus (which IS up to date, by the way) that I am infected with a Trojan.Vundo in ?Object Name: C:\WINDOWS\system32\geebc.dll?. It also indicates it is unable to repair the file. I logged onto Norton AntiVirus? website and downloaded the FixVundo and FxVindoB utilities they have. Neither of them could find the virus (they both said my system did not have it). Therefore, I updated via LiveUpdate and ran a full system scan. The full system scan indicated the presence of Trojan.Vundo in C:\WINDOWS\system32\geebc.dll and said it could not repair / quarantine / delete the file.

I logged onto your website and I?m pretty sure I?ve followed all the steps in the Please, Read This Before Posting A Hijackthis Log. Please let me know if I?ve forgotten anything.

I have created a new log via the HiJackThis software I was directed to download. It is below. Thanks for your time!

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe ... Read more

A:Trojan.Vundo Virus Detected & Norton AntiVirus Will Not Remove

Uninstall the following programs, if present, using Control Panel->Add/Remove Programs: WildTangent

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop. Double-click on it to extract the files to a new folder on your desktop.

Reboot your computer into Safe Mode.
Restart your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
At the introductory screen, press <Enter> to proceed.
When asked to type in a filepath, please key this in:C:\WINDOWS\system32\geebc.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Next you will be asked to type in a second filepath.
At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\cbeeg.*

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


The fix should then automatically launch HijackThis. (if it doesn't, you'll have to do it manually)
In HiJac... Read more

Read other 8 answers
RELEVANCY SCORE 81.2

Hi,

I got the following message from McAfee:

McAfee has detected an infected file that cannot be repaired.

Details
Detection: Vundo (Trojan), Vundo (Trojan), Vundo (Trojan), Vundo (Trojan), Vundo (Trojan), Vundo (Trojan), Vundo (Trojan)
File Path: C:\WINDOWS\system32\ddcArPhw.dll

This is on an XP system with SP2. The browsers (both IE and Firefox) are unable to open any websites. (I am sending this request from a different machine)

I may not be able to run online scanners. Please help me remove this trojan/virus.

Thanks
sman

A:Trojan (Vundo) detected. Browsers unable to open websites

Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

========
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

Read other 1 answers
RELEVANCY SCORE 80.4

Referred from here: http://www.bleepingcomputer.com/forums/t/322193/random-adds-popping-up-on-computer-and-when-browsing-the-internet-i-am-being-hijacked/ ~ OBhello all, i posted my problem in the am i infected? section and the helper went through some steps. and he told me to post my problem in here with a GMER log and DDS log. he think i may be infected with a powerful rootkit. below are both my GMER and DDS logs. From previous scans i have deleted multiple trojans and a vundo which is not good news for me. Here is the GMER log i previously posted:GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-08 23:31:25Windows 5.1.2600 Service Pack 3Running: 0s2ddkub.exe; Driver: C:\DOCUME~1\james\LOCALS~1\Temp\axddqpog.sys---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF7726514]---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C.text C:\WINDOWS\system32\svchost.exe[584] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 013F000A.text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A.text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes ... Read more

A:vundo trojan detected, malware problems and internet constantly re-directing

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.One or more of the identified infections is a Backdoor Trojan. - TDSS rootkitThis could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain ... Read more

Read other 50 answers
RELEVANCY SCORE 80.4

Hello,

I would be pleased if someone could review the enclosed Hijackthis log and let me know a suitable remedy.

I have both AVG Anti-Virus 8.0 Free and SuperAntiSpyware (Lifetime). Somewhere along the line I have picked up both Adware.Vundo Variant and Trojan.Fake-Alert/Trace - the latter is described as Trojan Horse BHO.GME by my AVG program.

AVG detects the Trojan Horse on start-up every time, so quarantining it does not solve the problem. Clearly I need help from someone who knows what they are doing!

Cheers,

Graeme
 

A:Adware.Vundo Variant & Trojan.Fake-Alert/Trace detected

Read other 16 answers
RELEVANCY SCORE 76.4

Hi there, Look, I'm currently using Kaspersky Internet Security 7.0 and it has detected some trojan called Monderc. Problem1: First when I'm using a administrator user account, it will hang when I'm connected to the internet (after I plug in my wireless device). I could only use and currently using a limited user account to connect to the internet while the computer won't hang.Problem2: I tried to re-install my Windows but when it's installing half way it pops up an error saying that my pci.sys file is corrupted and I'd no idea what is it.I think i know how i get infected (through a cd key exe file for a game I downloaded from somewhere. I know, it was my mistake), just that i have no idea how to get rid of it. So I'm hoping experts out there will help me out here. (Thanks )Kaspersky Scan:detected: riskware Invader Running process: C:\WINDOWS\System32\svchost.exedeleted: riskware not-a-virus:AdTool.Win32.WhenU.u File: C:\System Volume Information\_restore{081BAB4F-18B5-4675-80E8-6C6E94CA211C}\RP7\A0002363.dlldeleted: Trojan program Trojan.Win32.AutoHK.bc File: F:\Autorun.infnot found: new threat Hidden.Object (modification) File: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edbnot found: new threat Hidden.Object (modification) File: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\W5NWCWB4\LD_Check[1].htmdeleted: virus Worm.Win32.Muha.a... Read more

A:Trojan Moderc Detected And Pci.sys File Corrupted

someone please help! please...

Read other 6 answers
RELEVANCY SCORE 76.4

Hey all,Windows Defender detected a suspicious file. I uploaded it to comodo for analysis and it came back as suspicious. I hit quarantine in Windows Defender. The file is no longer on my system it looks like but the Windows Defender quarantine is empty. I just ran Spybot S&D and it detected Virtumonde.sdn Trojan C-04 and said it cleaned it. I have also run Avast, Comodo, Ad-Aware, Antimalwarebytes, Superantispyware, and A-squared and Threatfire. None of these have detected anything.Im running Windows 7 x64. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:40:10 PM, on 4/14/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exeC:\Program Files (x86)\geswall\gswserv.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Program Files (x86)\a-squared Anti-Malware\a2service.exeC:\Program Files (x86)\a-squared Free\a2service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Program Files (x86)\ThreatFire\TFService.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Users&#... Read more

A:Hijackthis log, trojan & suspicious file detected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 18 answers
RELEVANCY SCORE 75.6

I hope I am posting this in the right place this time...

Microsoft Security Essentials found a trojan downloader virus, and supposedly removed it. But I wonder if I am still infected...

Here is the DDS notepad log...

I have deleted what I think might be personal information and replaced it with this symbol: [!]
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: [!] BrowserJavaVersion: 1.6.0_31
Run by [!] at 9:42:53 on 2012-05-23
Microsoft? Windows Vista? Home Basic [!] [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\W... Read more

A:DDS Log file after trojan downloader virus detected and removed by MSE

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Read other 18 answers
RELEVANCY SCORE 75.6

I have tried Adaware, Spybot, Stinger, And the instruction from Symantec and I wont go away,,,, Any Ideas would be great!!
 

A:Norton has detected Trojan Horse on hosts file

Closing duplicate thread, Continue here:
http://forums.techguy.org/showthread.php?t=252379
 

Read other 1 answers
RELEVANCY SCORE 72.8

Avast detected a trojan horse and had it moved to the quaranteed chest as avast advised. What do I need to do to get rid of it? Here is my lof file:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:21 AM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\Rea... Read more

A:Solved: Help - Trojan Detected

Read other 9 answers
RELEVANCY SCORE 72.8

can anyone help
I share my pc with my spouse
recently i had a trojan. posted it here and tried to get rid of it.
seems it traveled to my wifes space on this pc.. she had 6 different versions this trojan.
Trojan horse downloader.Zlob.ISH is its name.

HJT included
Logfile of HijackThis v1.99.1
Scan saved at 8:37:46 PM, on 3/29/2107
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\i... Read more

A:Solved: Trojan detected

Read other 14 answers
RELEVANCY SCORE 72.4

Hi,

Please kindly assist me.
Few days ago, my Spyware Terminator suddenly alerted me that my file C:\orant\BIN\ONRSD80.EXE has been detected with Trojan.Generic.394789 during its daily routine scan.
However, my Symantec AntiVirus with the latest definition file did not pick up anything at all despite repeat scans.
I tried to uninstall completely Spyware Terminator, and re-downloaded the version, upon reinstallation, it still detected my C:\orant\BIN\ONRSD80.EXE been infected with the same Trojan.Generic.394789
Out of desperate, I chose to install both Malwarebytes' AntiMalware and Trojan Remover, however none of them pick up any positive result same as Spyware Terminator.
I do not know which one is the reliable result.
Can someone please kindly advise?
Thank you very much.
I also have HijackThis in my PC.
FYI, my PC is running on Win XPSP2, IE6, have Oracle 8 installed. Nothing has been done lately nor new installation before the detection.
Thank you,
Ken

A:Spyware Terminator Detected My File C:\orant\bin\onrsd80.exe Infected With Trojan.generic.394789?

Upload the file at Jotti for analysis.

Read other 3 answers
RELEVANCY SCORE 72

Hi,
AVG Pro just detected TrojanHorse BHO.BPY.
When I was surfing, AVG popped up and asked what to do. I selected Heal, which it stated it had done so successfully.
Then I just ran a scan in AVG on my non-Admin account(the account I was on when this happened) and it found it again and says it deleted it.
How should I proceed? Should I stay on the non-Admin account? Run Hijackthis? Only it's on the Admin account. Can I log out of the non-Admin account and go into the Admin account to run Hijackthis?
Also, is the trojan really deleted as AVG states it is?
How to proceed...Thanks for your time
 

A:Solved: AVG Detected Trojan Horse

Read other 8 answers
RELEVANCY SCORE 72

Help needed. I get a message fron Norton AV that it has detected a virus on my computer:
"Object Name: C:\Windows\Temp\2532209317.exe; Trojan Horse; unable to repair this file". When I press ok, I get another NAV virus alert; same root, another file with numbers and the .exe extension. Norton is unable to fix anything. What should I do?

Thank you for your urgent support. Here is an HTL log; if needed,
Logfile of HijackThis v1.99.1
Scan saved at 8:23:35 AM, on 5/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files... Read more

A:Solved: Help! Trojan Virus Detected

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Run HJT again and put a check in the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://85.255.113.67/privacyWarning.php

Close all applications and browser windows before you click "fix checked".
Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.
Double-click the Network Connections icon
Right-click the Local Area Connection icon and select Properties.
Hilight Internet Protocol (TCP/IP) and click the Properties button.
... Read more

Read other 1 answers
RELEVANCY SCORE 72

I have Norton SystemWorks 2003 and it has detected a Trojan Horse virus in C:\WINDOWS\system32\req.dll, I have tried to delete the virus, but Norton will not delete it. I have also tried to delete the virus by going into Windows XP safe mode (while shutting off the system restore), and a menu bar appears saying: this file you are trying to delete is being used by another person, or program right now. I have no idea how to get rid of it, and before I spend money to get a computer tech to fix it, I thought I might as well try you guys out. Please help me!

Thank you
 

A:Solved: Trojan Horse Detected In Req.dll

Read other 13 answers
RELEVANCY SCORE 72

Okay, I know this is a total n00b questions, but I have been receiving this error every couple of minutes:

Help! What should I do?

Thanks in advance.
 

A:Solved: Trojan Detected By Norton

Read other 16 answers
RELEVANCY SCORE 72

Hi On my PC with XP running norton I keep getting warning tath trojan.killav is detected then quarentined. Five minues later I get a new killav file found. Where is this comming from. Below is my HJT log. Any help is greatly apprecaited.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:34 AM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WIN... Read more

A:Solved: Trojan.killav keeps getting detected. HELP

Read other 7 answers
RELEVANCY SCORE 72

Hello all - my first post as a new member, hope I do this right.

I frequently run scans with: McAfee VirusScan, Ad Aware, and Spy Sweeper.

Spy Sweeper just found Trojan Pushu and I clicked to remove it, but another scan shows that it is still there.

How do I completely remove Pushu???

Here is the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:30:35 AM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prom... Read more

A:Solved: Trojan Pushu still detected

Read other 10 answers
RELEVANCY SCORE 72

Seeing as nobody is interested in my Sticky key problem how about this one?
Microsoft's new anti spyware prog. detected & quarantined a trojan downloader file called XferPro - should I delete it or leave it quarantined? Also, Spybots would not allow an IMesh download (blocked something called Avenue.Inc) any suggestions from you spybuffs! Seems to me I spend more time on security issues than anything else Am I the only one who is fed up??

a not so purry smartcat (I keep getting disconnected & it's driving me crazy)!!
 

A:Solved: Trojan Downloader detected

Read other 7 answers
RELEVANCY SCORE 72

my avg detected Istbar.CM trojan and healed, but I also ran hijack and think I still have a problem. the log is below, thank you!

Logfile of HijackThis v1.95.0
Scan saved at 5:36:46 PM, on 6/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Documents and Settings\myname\Application Data\whan.exe
C:\WINDOWS\System32\wnsapisv.exe
C:\Setups\security tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/sea... Read more

A:[Solved] avg detected trojan and hijack log

Read other 10 answers
RELEVANCY SCORE 72

My dad's computer keeps getting a pop up at startup about a.bat begin detected as zapchast.reg trojan. I have ran numberous spyware remover programs as well as running a full scan with mcafee. Any help would greatly be appreciated.

Here's his hijackthis log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:32:10 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\... Read more

A:Solved: a.bat detected as zapchast.reg trojan

Read other 12 answers
RELEVANCY SCORE 71.6

I am running Win XP with McAfee security center and it wont remove. I have tried a few different methods after reading a little into this trojan, but nothing was successful yet. Below is the log file after I just ran hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:49:52 AM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.... Read more

A:HELP "Vundo" Trojan Detected

Read other 16 answers
RELEVANCY SCORE 71.2

HI TO ALL,I'M A NEWBE WHEN IT COMES TO COMPUTER I NEED HELP!!MY AVG DETECTED A BACKDOOR TROJAN IT WAS IN THE VIRUS VAULT NOW OF AVG,MY QUESTION IS CAN I DELETE IT?OR JUST KEEP IT THERE?IT ALSO CREATED A FOLDER IN MY DRIVE C BUT IT WAS EMPTY SAY ONLY THE DATE WAS CREATED.SHOULD I USE HIJACK THIS?PLS GUIDE ME!!!I'M SCARED COZ THIS WAS MY FIRST VIRUS!!!TRIED TO LEARN ALL THERE IS TO LEARN HOW TO STAY AWAY FROM VIRUSES AND YET I STILL GOT ONE!! ,I HAVE SO MANY TOOLS NOW LIKE SPYBOT,ADAWARE,CCLEANER,ECLEANER.PLS GUIDE ME HERE.ALSO I RUN MY AVG AND SAY THERE WAS NO VIRUS DETECTED THIS WAS AFTER I QUARANTINE THE VIRUS,I RUN WINDOWS XP PRO,NOT THINK SPI,PENTIUM 4 2.4,256RAM.
 

A:Solved: back door trojan detected by avg

Read other 14 answers
RELEVANCY SCORE 71.2

Hello,

Symantec Norton Antivirus keeps showing pop about it detecting a virus on my computer.

Details:
Object Name: C:\Windows\Temp\blahblah.tmp
Virus Name: Trojan.Dropper
Action Taken: Unable to repair this file
Action Taken: Access to the file was denied

I was surfing the internet a few days ago and all of a sudden norton kept displaying this virus alert. I didnt know what to do and everything is slow. The internet is slow and the Performance from windows task manager is always 80% +.
I went into safe mode a couple of times and did a full scan using Norton and it found like 5 virus called trojan.dropper. Repairing them failed so I quarantined them or removed them.
Then I thought it was fixed but when i go back into Windows, the virus popup is always coming. When i press ok, another alert comes. This is very annoying. And I dont know what to do as I never had this before.
I went on this forum a few minutes ago and saw some application like Hijackthis and smitfraudfix so i downloaded them and ran them.

My HJT log is below:

Logfile of HijackThis v1.99.1
Scan saved at 01:31:25, on 24/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svc... Read more

A:Solved: URGENT!! Trojan.Dropper detected

Read other 16 answers
RELEVANCY SCORE 71.2

Hey..im new here..ive been having problems with my dell optiplex 280 it has xp on it. AVG detected a trojan and i removed it butim still getting pop ups all the time. I'll leave the computer and get like 15 of them...Webroot spy sweeper detects Traffic Solution, I did adware scan too...but no luck...please help me...

I dnld hijack this and here is my file..Please help me.. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 1:46:01 PM, on 8/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\Hij... Read more

A:Solved: comp has pops ups, ads..trojan detected please help me thanks

Read other 7 answers
RELEVANCY SCORE 71.2

A week back the norton scan showed a file c:\windows\system32\winyzo32.dll infected by nebular.trojan but was unable to quarantine it or delete it. And since, then the alert is being displayed everyday when i try connecting my pc to internet.
Yesterday, i installed TROJAN HUNTER and ran the scan. But it did not detect that file for being infected. What should i do. Please guide me.
I have been through one thread, wherein they have put up a copy of HIJACKTHIS for your review. And then you have supplied him with a customised solution.
 

A:Solved: winyzo32.dll detected as nebular.trojan

Read other 13 answers
RELEVANCY SCORE 70.4

I'm running 2 pc's on windos xp pro, I have a d-link wireless N router, and i just can't use my pc which is connected through the wireless part of the router.

It shows the signal Very strong strength, then it doesn't see anything at all, and it keeps happening over and over. I've tried changing the wireless channel, nothing.
The other PC has an USB wireless adapter.
PS: i've tried restarting the router/moden, to no avail.

Anyone got any ideas ?
 

A:wireless network detected, not detected, detected and so on.

Read other 6 answers
RELEVANCY SCORE 70.4

Hello,

I was recently infected with a trojan, virus, and/or malware that propagated into more trojans, viruses and/or malware on my WinXP SP2 computer. I had my background turned into a fake anti-spyware ad, which I eventually managed to remove. Also, I had a little yellow triangle with an exclamation point in it that kept popping up with balloons that told me my computer was being attacked, my machine was at risk, my information could be compromised, etc; I managed to take care of that problem too. In addition, command prompt and task manager had been locked, but I also fixed that problem.

Now, I ran several different security programs, most notably Spyware Doctor, on my machine, which detected a considerable number of problems. I let all of these delete/fix what they could, but neither were able to permanently delete anything. However, I went through and manually hunted for all of the things they found, and I was able to permanently rid myself of some of the detected files, programs, etc.

Here is my logfile from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:52 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\... Read more

A:Solved: Trojan/Malware Detected but Unsuccessfully Deleted

Read other 16 answers
RELEVANCY SCORE 70.4

Hi, I ran a scan this evening with my AVG anti virus software and saw that 7 viruses were detected. They were:
GetAccess.class (was found twice)
InsecureClassLoader.class
Installer.class (was also found twice)
classload.jar-dd2361c-51716919.zip
jrl.jar-79aa262e-2682e90f.zip

I entered the files into Google to see if I could find some software to help me delete these files (as AVG didn't give me the option to quarantine) and went to a website that suggested I download CWShredder. I did and ran the program but it said nothing was found.

I have downloaded Hijack This and have a copy of my log file here:

Logfile of HijackThis v1.99.1
Scan saved at 5:32:09 PM, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIB... Read more

A:Solved: Trojan virus detected - can someone please check this logfile? Thank you!

Read other 14 answers
RELEVANCY SCORE 70

One .xls (2003) file, out of hundreds, on a network share throws this error. OK, I've read all about why I need it and where to download it from... but what exactly is causing the problem? (and how do I fix it?) No malware or AV products have picked up anything! Network guys have noticed no unusal traffic on my subnet. AND, of course, it's a file frequently used by all the secretaries. Int WTF over?

Office File Validation, a Microsoft Office 2010 security feature, is now available for both Office 2003 and Office 2007. Office File Validation helps prevent file format attacks by scanning Office binary file formats before they are opened in Microsoft Excel 2010, PowerPoint 2010, or Word 2010. We strongly recommend that Office File Validation be applied to all computers that use Office 2003 and Office 2007. However, Office File Validation, in combination with Protected View, offers an even better security experience. Protected View is a new security feature that is available only in Office 2010. It helps mitigate exploits to your computer by opening files in a restricted sandbox environment. There, they can be examined before they are opened for editing in Excel 2010, PowerPoint 2010, or Word 2010.

About Office File Validation
Office File Validation helps detect and prevent a kind of exploit known as a file format attack or file fuzzing attack. File format attacks exploit the integrity of a file, and they occur when someone intentionally modifies the structure of a ... Read more

A:Solved: Office File Validation detected a problem...

Read other 7 answers
RELEVANCY SCORE 69.6

Salutations and seasons greetings , Have detected a trojan (Trojan Win32Qhost.df) using BTYahoo anti -spy which is causing pc to run slow and its blocking access to Norton 2006 anti virus. Please see below Hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 21:23:42, on 16/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C... Read more

A:Solved: Trojan.Win32 Qhost.df detected by BT YAhoo anti-spy

Read other 12 answers