Over 1 million tech questions and answers.

trojan suddenly showing up

Q: trojan suddenly showing up

all of a sudden this morning my forefront software is discovering the above trojan on my machine. indiates it is cleaned and then 5 minutes later it finds it again.

How do I clean this?

RELEVANCY SCORE 200
Preferred Solution: trojan suddenly showing up

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: trojan suddenly showing up

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

Read other 5 answers
RELEVANCY SCORE 47.6

Hi folks. Just wondering if someone here has come across this kind of problem before. I run 2 HDD, both are Maxtor 60gb, the Master holds Win 2000, Win XP Pro, and Redhat 7.3. The 2nd HDD holds 3 partitions, I use these for storage of various data - Multimedia, Webdev, MP3, ect. Here's the prob - On reboot earlier today, the 2nd HDD suddenly showed up as unformatted. I've booted into a couple different DOS based diag apps, and get the same result, that the partitions are unformatted, including Partition Magic. The 3 partitions are intact, just unformatted. Which, of course, renders the data useless, as I can't get to it. Any advice here would be greatly appreciated. - Thank You. -Ed Parrott
 

A:2nd HDD suddenly Showing Up As Unformatted

hey edparrott
[tsg=welcome][/tsg]

Can you see them when you use the W2K OS?
 

Read other 2 answers
RELEVANCY SCORE 47.6

I ran Kaspersky as my computer was way overdue for a full scan and it scanned a BullGuard file without any issues to report, but the thing is I've never used BullGuard, never downloaded it, never been anywhere near it. So I took a look in the folder it's nestled in - Windows > Applications > Tools > Security > BullGuard

There are nine files in the folder, one a video aptly titled Video, two PNG files, two .EXE files (one is called BgLicTool and the other BullGuard90_64), a file called licensekey.dat, a VBScript file called Bullguard, and two Windows Command Scripts named License and Install. Are any of these legitimate files? Can I delete them without problems? Kaspersky can't quarantine them and I haven't tried to move or delete them. I haven't run either of the EXE files or opened the video or images. I would just go ahead and delete them but I've had serious problems trying to remove fake programs before =/ The more I type the sillier this question seems but I thought I'd make sure.

I'm running Windows 7 64-bit, don't know if that helps. The computer is slower than usual but nothing else weird's been happening other than finding these files.

EDIT: Looks like another user's having a problem related to mine, with descriptions of finding files they don't recognise. I've found one other folder with sub-folders that I don't recognise and can't figure out what it belongs to. The two unrecognised (to me) f... Read more

A:Program I've Never Used Suddenly Showing Up

Hello and welcome.Right-click the taskbar, and then click Start Task Manager. Do you see a ping.exe consuming the CPU?Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may in... Read more

Read other 9 answers
RELEVANCY SCORE 47.2

Hey everyone,

Today my external hard drive is suddenly not showing up in my computer or on my one file manager program. It is really weird cause the computer reads it and it comes up in disk management and in my device and everything says it is working fine.

I check for updates and everything with no luck. Rebooted it and tried all the simple fixes like that. I dual boot this computer and the external drive pops up on OS X Lion fine and lets me access it and everything, so it doesn't have to do with the hard drive itself.

It has been working fine for months and I really don't think I changed anything in the last day or two with the computer for it to suddenly not be working. Very strange problem. Windows basically says its working fine except it just won't show up in My Computer. I tried connecting with both a Firewire cord as well as USB and neither work. I spent hours checking all over the internet and still no luck.

Any advice? Please help!!

Thanks,
Dom

A:OWC Mercury Elite AL Pro Not Showing Up Suddenly

Mine just died not to long ago. That Oxford chip set doesn't last very long on these things. Been looking for something else that doesnt use that chip set.

Read other 8 answers
RELEVANCY SCORE 47.2

Hello everyone. My first post here, and I really hope someone out there might be able to help. I'm pretty worried about losing all my files.

I have had a Western Digital externall hard drive permanently attached to my wife's old desktop PC (which runs XP) for a year or so. I've always been very pleased with it - it connected perfectly, and it has always just shown up in My Computer there as an extra drive. Perfect. However, that PC was getting old and the memory nearly full, so I copied all my important files (family photos, etc.) to my WD HDDm disconnected it from the old desktop, connected it to my much newer laptop (which runs Windows 7), and hey presto - it appeared in Computer. Again, perfect, no problem. However, I realised that I had not transferred all the files I needed from the old desktop to the HDD, so I had tp disconnect the HDD from the laptop and reconnect it to the desktop again with the intention of transferring the files I'd forgotten to transfer first time around. And this time, the HDD did not appear in My Computer. It DID appear in the little icon, bottom screen right, which you click to safely remove something, and it did show up in Devices, it just didn't show up in My COmputer, so I couldn't access it. The exact same thing happened when I tried to connect it back to my laptop - it's there in the "safely remove" icon and in Devices, but not in My Computer.

I am not very computer literate, but I've tried everything I can think of to fix thi... Read more

A:WD External HDD suddenly not showing up on My Computer

Hello and welcome E mate hook up the drive > go to Start > type in cmd > right click on the small black window and run as admin > then type diskpart > hit Enter > at DISKPART type list disk > it should then show all the drives that are hooked up take a look at my pic (my screen is blue / white out of choice yours will be black / white).

Tell us what you see better still a screen shot using snip > Star type snip > pin to taskbar (very handy there) the screen will go milky drag a line arounf the screen part you want and then > File > sSave as (I put mine on the desktop for easy access but you can put it where you like)

When posting back just below the reply window there is manage attachments > browse and pick the screen shot > upload and post back.

Read other 1 answers
RELEVANCY SCORE 47.2

Hi all, I recently got Windows 7 64 bit.
the day i got the machine home and running, i connected my USB harddisk and installed some stuff i had backed up from it.

But suddently i dont see the USB drives when i connect them, i have 2 and none of them is detected, or will they are detected and the "Safelly Remove Hardware and Eject Media" icon comes up in my right lower corner as it should, and when i click it my devices is shown by their propper names and i can safely remove them aswell. but they are not shown under "my computer" and my anti virus dosnt scan them aswell.

Tho if i plug in my USB flash pin from my key ring it finds it, anti virus scans it and it shows up just as it should.

Can anyone help me solve this as im really confused by now.

A:Win 7 Suddenly Stopped showing USB Drives

Welcome to SF, Jimkromann.

Could be a driver conflict.

Type MSCONF, go to startup tab, and uncheck everything EXCEPT microsoft items (for testing purposes).

Reboot and see if your usb devices are recognized.

Read other 5 answers
RELEVANCY SCORE 46.8

I just bought this tower from someone, HP Pavilion Windows Vista Home Premium OEMAct. It worked for an hour and a half. Then it said that it was shutting down to correct a problem. It never came back on. When I first got it I blew and vacuum so much black dust I never saw that thick before. I cleaned out both fans with blowing air and vacuum. It worked for 1 1/2 hours. He also had installed windows 10 on it. There is not many programs installed on it, he said he only used it to play games, and there are a few photos in the picture library. Please help someone please?













Solved!

View Solution.

A:Computer suddenly stopped showing on display

Hello Would like to help but first what is the specific model of your PC? Dirty PC is not good to begin with. Upgrading from Windows Vista, amazed the upgrade worked, to Windows 10 is another snag in finding the problem. Suggest you try going back to Windows Vista and diagnose problem with factory operating system. Do you have HP recovery discs for Windows Vista? Maybe you can start there to find problem. Grzy  

Read other 8 answers
RELEVANCY SCORE 46.8

I'm seeing reports in other forums about folks suddenly having a 256MB FAT32 SYSTEM (Z partition appearing on their PCs!

One person did mention they had used a VPN app (which might have created this), but none of the others have done anything like that.

Anyone have any ideas we can investigate??

A:System (Z:) partition suddenly showing up on Win10 PCs

Z is usually a Virtual Disk

Read other 9 answers
RELEVANCY SCORE 46.8

Anyone have any idea why suddenly out of the blue my network quit showing one of my computers? I have a tablet and laptop both with windows 10. my tablet still shows both computers, but my laptop no longer shows the tablet. I didn't change anything. What can cause this and how do I fix it? thanks.

A:network suddenly quit showing computer

The Winsock and DNS caches are corrupt.

Read other 0 answers
RELEVANCY SCORE 46.8

My background wallpaper is totally blank out. And the files on dekstop is not showing up. Plss help me ill insert a video of it.
 

Read other answers
RELEVANCY SCORE 46

Hi,
I have 3 computers: 1)Desktop running Windows 7 connected to a router. 2)XP Laptop. 3)New laptop running windows 10.

I have sharing between all 3. Suddenly today the XP laptop does not show up in the Network on the Windows 7 Desktop. The new Windows 10 Laptop shows up. The XP laptop does show up in the Network of the Windows 10 Laptop and I can access files.

I would appreciate any help in why this happened and how to get it back.
Thanks

A:XP laptop suddenly not showing up in network on windows 7 desktop

Well, it has suddenly reappeared for no apparent reason. After about 3 hours.

Read other 1 answers
RELEVANCY SCORE 46

Hi all,
I am at my wits end.
I stupidly relied on my Western Digital external to back up all my photography, and today its not showing in My Computer.

When I go to 'manage drives' it shows but is unassigned and when I right click there is no option to assign a letter to the drive. I should point out it does show in device manager.

I tried unplugging it, putting it in a different USB port and also tried it on my lap top and its not showing.

After reading a couple of suggestions I tried a programme called Partition Find and Mount, I didnt know what I was doing but it found the drive and asked me to mount it. I changed the drive letter and after a while it showed the contents in Windows Explorer, which leads me to believe that my stuff is recoverable (I pray).

Can anyone tell me how to get my drive to be recognised again?

Please!!
Thanks,
Al
 

A:External hard drive suddenly not showing and unassigned

Have you tried using it in another computer?
 

Read other 2 answers
RELEVANCY SCORE 46

Since I built this computer in 2010 I've had a scheduled task which runs a VBS script to remind me to take my tablets each morning. Until the last few days, only one element was visible from this task, the message box spawned by the VBS script.

However, in the last few days, I also get a taskeng.exe window appearing at exactly the same time as the message box. The window is labelled taskeng.exe, has a VBS scripting host icon and the content of the window is pure black.

If I terminate taskeng.exe in Task Manager or click OK in the VBS message box, both the VBS script and that black window disappear.

I have no idea what might have caused taskeng.exe to only appear in this situation, because MSI AfterBurner also uses it to start the app during user login and it doesn't appear for that. Both processes are ones I've been using for ages longer than this problem.

A:taskeng.exe suddenly showing up as window when I run a scheduled task

Heh. I should have clued into the icon that taskeng.exe was showing.

Somehow cscript.exe had become the handler for VBS scripts on my machine. I definitely didn't do that.

cscript //h:wscript

Problem fixed

Read other 1 answers
RELEVANCY SCORE 46

Suddenly my wifi started showing "No Networks Found"  with a red cross mark on WiFi symbol on taskbar, i had tried several method of fixing it by spending hours on internet but it didn't worked. I had updated the Wireless driver, flushed dns cache, unchecked the "Allow this computer to turn this device off", Reset router and a lot of things but i was unsuccessful al the time. Please help me, i am having a lot of trouble! HP Model : HP Notebook - 15-r202tx 

A:Suddenly my wifi started showing "No Networks Found" with a...

Hi @vivekcoool21, Welcome to the HP Forum! I am pleased that you have become a HP Forum member.  It is such a wonderful site to find answers and tips. Here is a link to guide you   to having the most rewarding experience and answer any concerns about posting.: First Time Here? Learn How to Post and More  I understand that you suddenly lost your WiFi and you have the message :"No Networks Found" with a red cross on it.  Please try the following by @Great-Deku-Tree: First, we have a step by step guide to walk you through the troubleshooting process here: Troubleshooting Your Wireless Network and Internet Connection A second option, is to try these steps:Power cycle the network:1. Shut down your notebook.2. Unplug the power to your router.3. Unplug the power to your modem.4. Wait at least 45 seconds.5. Plug in the modem, and wait for it to come back online.6. Plug in the router, and wait for it to come back online.7. Turn on your notebook, and test your connection.Disable the Power Off option for the adapter:1. Open Device Manager. (Win Key+R > type devmgmt.msc > OK)2. Expand the Network adapters.3. Right-click on the Ethernet/Wireless Adapter and click Properties.4. Click the Power Management tab.5. Remove the check mark beside Allow the computer to turn off this device to save power.6. Click OK.7. Test.Reset the TCP/IP settings on your PC:1. Go to your start screen/menu and type CMD.2. Right- click on ... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

Hi,

This is just a minor thing but I really want to get it fixed.

Recently I bought a new laptop dell xps15 and its windows 7 home premium 64bit.

I really like it and its got some really special function.

For example when you put your mouse cursor on the icon on the taskbar, it shows you the screen of that programme in a small window box.

But now that function is gone. Instead it looks like this:



does anyone know how to fix it?

Any help will be really appreciated.

Thanks

A:Windows suddenly stopped showing the screen of the running programme.

look like your "aero" theme got disabled.
right click>personalize> and select any of the aero theme

Read other 9 answers
RELEVANCY SCORE 45.2

Yesterday I was burning a CD of some of my music to take to work and listen to. After burning 4-5 songs there was an error (windows media player) and it could not burn the rest.

I hit OK and exited the program, then went to eject myCD, and it did not open. So I go to My Computer to select eject, adn there is no cd drive lsited all of a sudden, and not one in Divice manager either.
The LED light on the cd rom is still glowing green constantly, but it will not respond or try to open when I press eject. And it makes no sounds as if it is trying to read a disc or such.
I tried system restoring to 2 days ago, but it did not fix the problem. I've tried unhooking it, and hooking it back up to no avail. I have tried the Mr Fixit program from the microsoft site, and it DETECTS the problem, and syas 'CDrom/Drive not being recognized" or such, but has a red X next to it saying it could not resolve the problem.
I have also tried going intoo regedit, HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/
{4D36E965-E325 -11CE-BFC1-08002BE10318} Then deleting Upper and lower filters (mine only had upper) and rebooting. And still nothing.

This is very frustrating since I am an avid computer gamer and can no longer insert my game discs to play/etc.

I'd be beyond thankful if someone could help me fix this soon, and please put it in turns/steps I can understand. Aside from gaming and internet, I am a tech novice.

Thank you so much in advance!
--Poe
 

A:CD Rom suddenly not showing up in device management/computer etc in Vista &wont eject

Its likely a physical hardware problem. Open up the case, disconnect and reconnect both the power and data cables(on both ends) and see if the drive opens. If not the drive may have failed. The drive should even open with just the power cable connect and the data cable connected, so as a last test try ejecting the tray with only the power connected.
 

Read other 2 answers
RELEVANCY SCORE 41.2

Hi all,

Tonite, I went to install a new PCI-E Firewire card into my desktop running Windows 7 Ultimate X64 and I had to install the most recent critical updates before shutting down.

Foolishly, I did not boot up after the updates, to verify my OS's integrity..I just installed the card and booted up. The card installed just fine, but now I have no network config. Odd, eh?

While troubleshooting, I changed slots and eventually removed the card. I also performed a system restore to a point prior to this evening. Still, I can not see my adapters from ipconfig. I can, however, see the adapters in the Control Panel, and I see they still have their configs.

I removed and reinstalled the adapters to no avail. I installed a wireless adapter, and even was able to see my router, and authenticate and establish a connection, but nothing in ipconfig.

It looks like my stack is hosed...any idea what I can do next? Can one reinstall "Networking" on a Windows 7 host? I hesitate booting off the emergency CD and doing anything drastic if there is a more simple solution I can consider.

Thanks all.

A:"ipconfig" Suddenly Stops Showing Adapters

Is it listed in Network Connections? If it's disabled there it might not show up in ipconfig.

Read other 4 answers
RELEVANCY SCORE 40.4

I was about to scan my computer with Combofix (since i had a lot of outbound traffic with skype for some reason (blocked connections every minute) ) , but when I tried to open Combofix , it first said something about an NSIS error. I did what Combofix told me to do , going to a site that helped me to get the file complete. I removed my history and everything , and the file came in fully. But , when I opened Combofix.exe (from Bleepingcomputer) , Avast! told me this:
AutoIt:Banker-BG [Trj]
 
I thought , maybe I just downloaded the wrong file. So I re-downloaded it , but nothing goods.
 
When I scanned ComboFix (1).exe on Virustotal , other Antiviruses detected it as virus too , and it looked like it was an whole new file since it said it was first scanned around 2014 , and the program exists longer.
https://www.virustotal.com/en/file/de544972c0d5f934f0ca27e6d63e665641f87037f810b7a3f185bf428f2fc61a/analysis/1407007306/
(only 1 rating too , and it was not a good rating...)
 
 
I re-scanned the old file i have on this laptop (downloaded 7-21-2014) , and Virustotal told me this:
https://www.virustotal.com/en/file/fbbe1f51f8fa9fc88e8572a5dd111503802654f33f80e10f7ecde6e53f2a23a3/analysis/1407008723/
 
(again , only 1 rating and it was bad , again.)
 
I'm now scanning the laptop with Malwarebytes PRO (full scan on both drives + rootkit scan) , but im still worried.
I Avast just giving me an false positive or is the ComboFix file really infected , or is m... Read more

A:Combofix is suddenly an trojan , according to Avast.

This is a false positive by the anti-virus.Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of ma... Read more

Read other 3 answers
RELEVANCY SCORE 40

Hello and thanks in advance to whoever can help me.

A couple of days ago I was downloading some video files and since I wasn't paying attention I clicked an .exe instead of a video file. I know this makes me the idiot, but I have beaten myself up over it for a while and cannot fix this myself so I am now humbly coming forward with my idiocy to get my Toshiba Qosmio back up and health. So here's the deal:

I got the popup that I wasn't running a genuine copy of Windows 7 64 bit Pro (which I am...came from the factory). Tried to resolve it online and the only answer I got was to buy another copy of Windows, which I don't really want to do. Then I tried to run Windows Update and I get random error codes as to why I can't. I tried a system restore and got a message that there is an error on my hard drive, to run chkdsk. Tried that, nothing. Even when Windows rebooted it wouldn't let me. So then I boot towards the safe mode menu and see an option for Windows Repair, choose that and click on system restore. I pick a restore point a week or so ago and try to restore. Negative. Got a message that not only could it not restore but now that restore point was damaged (hooray). Tried rebooting to that screen and all I get is black: pointer works with touch pad but not mouse. Tried booting into safe mode and I couldn't get explorer.exe to run and had no icons. Then rebooted to Last Known Good Configuration which is where I am now.

Another thing.... Read more

A:Suddenly my genuine Windows is showing up as NOT Genuine

From Microsoft .............Check your validation status by going to http://www.microsoft.com/genuine/validateIf that fails, go to the diagnostics page at http://www.microsoft.com/genuine/diag and see what it has to say.

Read other 32 answers
RELEVANCY SCORE 40

It's been a long time since I've had to use this site as I'm pretty careful with virus control nowadays.

Anyway, I thought I was being clever by downloading a torrent for AVG Pro with keygen. The keygen turned out to be a quite malicious trojan called Smitfraud-C Core Service and disguises itself as a driver in C\Windows\System32\driver\core.cashe.dsk. I noticed it straight away as a yellow telephone appeared in my systray (though its a popup virus not a dialler). Anyway, it took over my Human Interface Device and Modem Device on High Definition Bus. I was able to check this by comparing my laptop to my boyfriend’s as we have the same. In place of these, it installed a Motorola SM56 fax modem, which after a bit of searching 'appears' to be harmless but I wasn't so sure.

StopZilla kept finding Smitfraud and fixing it but on re-start it would be back (a regenerating type of virus?)

I started digging around on your site for the latest help files and information.

Firstly, I ran Kaspersky online scan, it came up with nothing.

Then I ran Deckard's dss.exe and got a log. After running StopZilla, it showed this as a Trojan called FUNNY UST Scandal and pointed directly and the DSS.exe file on my desktop, I had it removed. THEN I started getting more Trojans that weren't there before: 180 Solutions Seekmo, Ipv4mons, SearchSquire, Adssite Browser Optimiser, Vundo.F, WindUpdates which I also had removed.

I ran ComboFix.exe and that seeme... Read more

Read other answers
RELEVANCY SCORE 40

DDS (Ver_09-03-16.01) - NTFSx86
Run by RoyF at 19:18:08.18 on Sun 04/26/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.231 [GMT -4:00]

AV: Rogers Online Protection Anti-Virus *On-access scanning enabled* (Updated)
AV: Norton Security Online *On-access scanning disabled* (Updated)
FW: Rogers Online Protection Firewall *enabled*
FW: Norton Security Online *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

A:PC suddenly slow as molasses/suspect trojan

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DSS log back here

Read other 4 answers
RELEVANCY SCORE 40

  This is my partner's computer and it's on Window's 7. Since I don't regularly use this computer and my partner isn't very software savvy I am unsure how long it's been without antivirus. A scan with AVG Zen found the following:
 
A broken digital signature from Microsoft (Microsoft Office)
A corrupted executable file in sysWOW64\mfc45
Adware 'PowerpointViewersetup' 
Adware from 'GoogleChrome'
And a trojan horse in 'Wild Tangent Games game Launcher'.
 
I am unsure if that is the extent of the infection or if scanning with a few different scanners may help.
 
Thanks in advance,
 
Sophie.

A:Infected with Trojan Horse after suddenly not having antivirus!

Looneycorn:
to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil. I would like to address you by your first name if that is alright with you, since we will be working together.
I think that we should run a few preliminary security scans on your computer and see how seriously your partner's computer might be compromised by malware.
 

ESET Online Scanner using Internet Explorer:Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
*Then click the button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found... Read more

Read other 5 answers
RELEVANCY SCORE 39.6

Tech Support Forum

Submitted post on 9/2/8

Not sure if this is allowed but this is two posts in one but put both parts in this thread as they are related by way of disinfection.

It's been a long time since I've had to use this site as I'm pretty careful with virus control nowadays.

Anyway, I thought I was being clever by downloading a torrent for AVG Pro with keygen. The keygen turned out to be a quite malicious trojan called Smitfraud-C Core Service and disguises itself as a driver in C\Windows\System32\driver\core.cashe.dsk. I noticed it straight away as a yellow telephone appeared in my systray (though its a popup virus not a dialler). Anyway, it took over my Human Interface Device and Modem Device on High Definition Bus. I was able to check this by comparing my laptop to my boyfriend?s as we have the same. In place of these, it installed a Motorola SM56 fax modem, which after a bit of searching 'appears' to be harmless but I wasn't so sure.

StopZilla kept finding it and fixing it but on re-start it would be back (obviously a recycling type of virus)

I started digging around on your site for the latest help files.

Firstly, I ran Kaspersky online scan, it came up with nothing.

Then I ran Deckard's dss.exe and got a log. After running StopZilla, it showed this as a Trojan called FUNNY UST Scandal and pointed directly and the DSS.exe file on my desktop, I had it removed. THEN I started getting more Trojans 180 Solutions Seekmo, Ipv4mons, SearchSqui... Read more

Read other answers
RELEVANCY SCORE 39.6

Guys, I really need help. I recently observed that my laptop hoards too much RAM from 700 mb to 1.59 mb. It became so much slower and I suspected It might be a malware or something. I read on a forum here to run SAS, so I did and it found Agent.Trogan/Gen-nullo[short] on my system. SAS reported that it was successfully remove. My laptop is still slow. Help! I don't know what to do. I'm just a student away from home and I don't have the resources to send my laptop to a technician. I'm desperate, since as a student I really need my laptop. Thank you so much!

A:My computer suddenly became slower. I ran SAS and found trojan nullo

Hello,Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/553333/agenttrogangen-nulloshort-found-on-my-system/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.Please be patient. It may take several da... Read more

Read other 1 answers
RELEVANCY SCORE 39.2

First and foremost thank you for taking the time to help those of us who have no clue how to fix these problems. A few days ago my computer started really slowing down so I did a scan with Ad aware. It found a problem, win32.trojan\..\wmagetcodec. It says it was quarentined. Now today I'm browsing the web and all of a sudden my browser goes to a different website on it's own. AVG kicked up a warning about the site. When I looked at the log for AVG it showed something called adware.why.ppc. Any help that you can give will be greatly appreciated. Thanks!

DDS (Ver_09-10-26.01) - NTFSx86
Run by Kathleen Draughn at 16:04:51.76 on Mon 11/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============
============== Pseudo HJT Report ===============

uStart Page = hxxp://home.peoplepc.com/websearch
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://home.peoplepc.com/search
mSearchAssistant = hxxp://home.peoplepc.com/search
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\... Read more

A:AVG, Ad aware showing warnings about trojan

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

Read other 15 answers
RELEVANCY SCORE 39.2

HiI'm not sure whether to post a HJT log yet, i'd just like to ask a question first oOO(hope I'm doing it in the right place) ......Today after my AVG finished scanning I came back to find that it said that I had 3 x trojan horse downloader,generic 5.PIO and one other trojan something another Trojan horse downloader,generic 5.PIO was showing up as being in my ad aware2007, I'm a bit concerned because I have been using ad aware for a long time and have made no changes so I can't see why all of a sudden it's showing this. AVG has now deleted all these files. Something just doesn't seem right ....can anyone help?Oh Yes............ no other scan indicated that there was anything wrong

A:Avg Showing Trojan Horse Downloader

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Sensual1 My name is Richie and i'll be helping you to fix your problems.Please read and follow the imformation in the link below.Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 1 answers
RELEVANCY SCORE 39.2

Hey all,

Trojan.Riern keeps showing up on my malwarebytes scan logs. Is this a rootkit or something? Please help.

MB Logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/17/2010 10:10:52 PM
mbam-log-2010-05-17 (22-10-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 210470
Time elapsed: 1 hour(s), 10 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Update\cliat.exe (Trojan.Riern) -> Quarantined and deleted successfully.

A:Trojan.Riern keeps showing up on my scans

Ok try updating to MBAM and seeing if it gets removed.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 6 answers
RELEVANCY SCORE 39.2

Friends,
 
OS: winxp sp3
 
I am keep on getting an alert message from mcafee that qucltocr.dll is not deleted and not cleaned.
i deleted with dellater program. but again after 1 or  2 days, i am getting the same message from mcafee....what should i do now?
 
thanks
 

A:qucltocr.dll is keeps on coming and showing as trojan what to do?

Did McAfee provide a log or a specific file(s) name associated with the malware threat(s) detected and if so, where is it located (full file path) at on your system?You may also want to get a second opinion on the detection. Go to one of the following online services that analyzes suspicious files:Jotti's virusscanVirusTotalVirSCAN-- In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

Read other 13 answers
RELEVANCY SCORE 39.2

Alright my computer has been a little slow starting up and shutting down. Also i have been getting pop up alot so here is my logs. Thank you for your help in advance.

If you need any more information just message me and i will get it to you asap.

Deckard's System Scanner v20071014.68
Run by Vincent Mendoza on 2007-11-26 19:45:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-11-27 03:45:17 UTC - RP193 - Deckard's System Scanner Restore Point
11: 2007-11-27 00:20:13 UTC - RP192 - Software Distribution Service 3.0
10: 2007-11-26 19:48:36 UTC - RP191 - System Checkpoint
9: 2007-11-23 09:05:39 UTC - RP190 - System Checkpoint
8: 2007-11-22 07:10:39 UTC - RP189 - System Checkpoint


-- First Restore Point --
1: 2007-11-14 04:44:53 UTC - RP182 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
System Drive C: has 2.06 GiB (less than 15%) free.


-- HijackThis (run as Vincent Mendoza.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:54 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Runnin... Read more

A:trojan.vundo and other things keep showing

Yes you do have a very nice infection here..


Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify any malware on your system.
Please downloa... Read more

Read other 17 answers
RELEVANCY SCORE 39.2

Hi Bleeping Computer, I have a new computer just a few weeks old its running Windows XP Pro-32 bit SP2. For the last week or so I am having problems on the internet pages wont load, links wont open i get the "Internet Explorer Connot Display The Webpage" message but if I go back and forth from the page I came from it does eventualy open, the same with online games i get "Unable to open the server" but If I go back and try again sometimes several times I get there. For several days Kapersky Anti-Virus 6 Has after booting up and letting it scan says "Detected riskware-Trojan generic-running process-C:\Documents and Settings\Temp\Administrator\Local Settings\temp\is-on532.temp\is-CMNBA.temp" and "Detected riskware invader-running process-C:\ComboFix\catchme.cfexe" . I have run "Adaware", "Super Anti Spyware", "Spybot Search and Destroy", " Stinger", "Trend Micro CW Shredder", "ComboFix", which is now ment to be uninstalled and removed, then yesterday I instaled a trial version of "Spy Eraser" by Uniblue which told me I had a Trojan Spy "BZub.hv" but I also Installed "Spyware Doctor" which removed a trojan "PWS-Tanspy" and the "BZub.hv" did not appear again. after several of the scans I have run "Registry Booster 2" by Uniblue and "speed Up My PC3" by the same to ... Read more

A:Trojan Showing On Vius Scan

Hi Di-lemma, Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed.If you have not done so already, please do the initial cleanup steps in the following instructions before posting your new log: Preparation Guide For Use Before Posting A Hijackthis Log

Read other 1 answers
RELEVANCY SCORE 39.2

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Exécuté par Tom (administrateur) sur TOM-PC (15-09-2016 11:38:25)
Exécuté depuis C:\Users\Tom\Downloads
Profils chargés: Tom & Administrateur & DefaultAppPool (Profils disponibles: Tom & Administrateur & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\Au... Read more

Read other answers
RELEVANCY SCORE 39.2

Hi my computer keeps redirecting me from search sites to the most bizzare websites or sending me too google homepage, i keep having extra tabs open up with other unknown websites. all of this has only been upsetting the computer since i started looking around for antivirus software the second i came off of the microsoft antivirus page the computer started to play up. i now have avg downloaded and it keeps alerting me of all kinds of things, one of them i am aware of and need to add as a safe file still i have included my router log as this is whats got me a little bit worried Firewall Log08/10/2012 03:20:42 **TCP FIN Scan** 192.168.2.4, 60751->> 199.93.54.126, 80 (from WAN Outbound)08/09/2012 22:26:31 **TCP FIN Scan** 65.55.53.235, 80->> 192.168.2.4, 53210 (from WAN Inbound)08/09/2012 22:26:31 **TCP FIN Scan** 12.129.199.110, 80->> 192.168.2.4, 53140 (from WAN Inbound)08/09/2012 22:26:31 **TCP FIN Scan** 199.59.150.42, 80->> 192.168.2.4, 53215 (from WAN Inbound)08/09/2012 22:26:31 **TCP FIN Scan** 65.54.165.55, 80->> 192.168.2.4, 53164 (from WAN Inbound)08/09/2012 22:26:31 **TCP FIN Scan** 64.4.21.40, 80->> 192.168.2.4, 52860 (from WAN Inbound)08/09/2012 22:18:30 **TCP FIN Scan** 65.54.165.55, 80->> 192.168.2.4, 52596 (from WAN Inbound)08/09/2012 21:57:15 **Smurf** 210.186.233.0, 49153->> 192.168.2.100, 16470 (from WAN Inbound)08/09/2012 21:06:17 **UDP flood** 192.168.2.6, 49153->> 123.213.188.3, 16470 (from WAN O... Read more

A:Desktop.ini is showing as trojan plus other odd happenings

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464591 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 39.2

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Exécuté par Tom (administrateur) sur TOM-PC (15-09-2016 11:38:25)
Exécuté depuis C:\Users\Tom\Downloads
Profils chargés: Tom & Administrateur & DefaultAppPool (Profils disponibles: Tom & Administrateur & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\Au... Read more

Read other answers
RELEVANCY SCORE 39.2

I've been fighting this for days. The Trojan shows up with Trend Micro Antivirus as:"Virus Scan Logs" "Jan 27, 2008" """Time" "Detected by" "Source Type" "Threat Name" "Infected File" "First Action" "Second Action""16:21" "Manual Scan" "File" "TROJ_PANDEX.AF" "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP11\A0002337.sys" "Quarantined Success" """16:21" "Manual Scan" "File" "TROJ_PANDEX.AF" "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP12\A0002571.sys" "Quarantined Success" """16:21" "Manual Scan" "File" "TROJ_PANDEX.AF" "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP15\A0003014.sys" "Quarantined Success" """16:49" "Manual Scan" "File" "TROJ_PANDEX.AF" "C:\WINDOWS\SYSTEM32\DRIVERS\smtpdrv.sys" "Quarantined Success" ""I've used ComboFix several times here is the latest log:ComboFix 08-01-23.1C - Linzy 2008-01-27 16:58:01.3 - NTFSx86Running from: C:\Documents and Settings\Linzy\Desktop\ComboFix.exeWARNING -THIS... Read more

A:Persistent Trojan Showing Up With Pandex.af

Hi RXDad, Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.Thanks for your patience.

Read other 1 answers
RELEVANCY SCORE 39.2

Hi MSE scan shows a potential trojan.
Its MLMnet.exe deep inside .zip and regular sub folders.
Cant manually delete it.
Says permission denied because administrator rights is needed.
My email sends out mass mailer spam emails to all my contacts and I think this file might be why..any help please?Thanks

Read other answers
RELEVANCY SCORE 38.8

I've tried to find the answers for this problem in every possible place I could look and I'm not having any luck. Since yesterday, my AVG free software performs a scan and it shows that I have numerous infections and tracking cookies. But after the scan they're not listed as viruses but as potential threats or warnings. Even after I've cleaned them out, they still show up with the next scan. I also did the online scanner at TrendMicro and Kaspersky, and they both show no infections. But the warning files have attachments like, trojan.bomka and adware.virtumonde. Am I just not understanding what AVG is telling me? This computer is only about two weeks old and does not have very much on it yet. I have a gateway fx 6860 operating on windows vista 64 bit. I'm using the free version of Avg 8.0 anti-virus and Spyware blaster. This is just part of the file that was in the virus vault:"Scan ""Scheduled scan"" was finished." "Infections found:";"0" "Infected objects removed or healed";"0" "Not removed or healed.";"0" "Spyware found:";"0" "Spyware removed:";"0" "Not removed:";"0" "Warnings count:";"196" "Information count:";"0" "Scan started:";"Friday, May 16, 2008, 12:00:00 PM" "Total object scanned:";"1588032" "Time needed:";&qu... Read more

A:Trojan, Virtumonde, Hijacker Keep Showing Up In Avg Scan

may I suggest you have a nosey at this thread on here?http://www.bleepingcomputer.com/forums/ind...=146069&hl=on MY squeeky clean XP machine (which has NOT been on line for some time) I installed the AVGFREE8.0 version ;updated it, ran a full computer scan with itvoila I did not complete the scan due to lack of time BUT apparently I have trojans, worms, back door thingis and the like...................no comment if you wish to run a tool that will check you out FOR some rubbish on there?try thisI THINK your result with be a negativeSuperantispyware; guide on how to install and run If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ; Installing superantispywareSuperantispyware is found here http://www.superantispyware.com/index.htmlDownload to the Downloads folder the free exe to superantispyware from herehttp://www.superantispyware.com/downloadfi...ANTISPYWAREFREEyou install superantispyware by clicking on the icon in the downloads folder ; it will launch the installation process; follow the instructions and I suggest you ask for a default installation ; ensure it creates a desktop icon for you ;once the program has been installed it should ask you if you wish to update the program ; say YES if it does not ask you , you need TO fully update the definitions by opening the program and find the ?check for updates ?tab in the bottom left of the menus you see; click on it and it will do the... Read more

Read other 4 answers
RELEVANCY SCORE 38.8

Hello,
 
I've been attempting for 2 days now to remove this trojan that seems to show back up after each restart. I've tried OTL, combofix, hitmanpro, tdsskiller, mbar, mbam, MSE and a few others but am willing to try every one again at your request.
 
In addition to this trojan (which, as far as I can tell, edited my hosts file to redirect all popular websites to a survey/phishing website [unless that was another virus]), I also seem to have been blessed by a bitcoinminer.
 
Any help would be lovely. I've attached the logs that the preparation guide requests.
 
Thank you.
 

 attach.txt   10.63KB
  2 downloads
 

 dds.txt   19.84KB
  6 downloads

A:Trojan.agent.cn consistently showing up in svchost.exe

I have attempted to use both TDSSkiller and MBAR in safe mode to no avail.

Read other 11 answers
RELEVANCY SCORE 38.8

Hi.

Please Please Help me

I somehow got what Norton has dubbed "Downloader.Trojan" virus. it started out downloading a toolbar to my ie and changing my homepage to "web search". i knew i had something. I ran Norton and it found the virus, and it supposedly deleted it. i started my windows xp in safe mode and ran norton again and no virus was found. i have also ran adaware and deleted all it found as well. Now, when i am online, my realtime norton virus detecter keeps warning me of the downloader.trojan virus and tells me it quarantines it. the warning comes routinely and i don't know what else to do to get rid of it.

is it in the registry? i have not deleted anything in there yet as i do not know which ones to delete. nothing blatantly says "downloader.trojan". can you tell what to delete from the hijack log? attached it my hijack log.

thanks so much. maybe this is an easy one for you?

Logfile of HijackThis v1.99.0
Scan saved at 12:41:14 PM, on 1/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\NavNT\rtvsc... Read more

A:Downloader.Trojan won't stop showing up! Plese Help!

Read other 7 answers
RELEVANCY SCORE 38.8

Its showing up in my Super-Anti Spyware scan everytime I run it, see it, remove it and re-boot. I tried a full scan using AntiMalware byte - Kapersky TDSS - Avasti - Trend-Micro Housecall, YAC (yet another cleaner), Spyware Blaster and ESET. None of them picked it up. None of them reported malicious items.
I'm baffled and tired of looking for the right free removal tool.

Here's the log entry:
Trojan.Agent/Gen
(x86)HKLM/Software/Microsoft/Windows/.../Run#20131121

I was able to go to the location and delete part of its entry and also disable it in the start up menu but it still comes up in the scan. I believe its showing itself as popup coupons and ads in my surfing.

A:Trojan.Agent/Gen still showing after multiple different scans

Trojan.Agent/Gen still showing after multiple different scans
Its showing up in my Super-Anti Spyware scan everytime I run it, see it, remove it and re-boot. I tried a full scan using AntiMalware byte - Kapersky TDSS - Avasti - Trend-Micro Housecall, YAC (yet another cleaner), Spyware Blaster and ESET. None of them picked it up. None of them reported malicious items.
I'm baffled and tired of looking for the right free removal tool.

Here's the log entry:
Trojan.Agent/Gen
(x86)HKLM/Software/Microsoft/Windows/.../Run#20131121

I was able to go to the location and delete part of its entry and also disable it in the start up menu but it still comes up in the scan. I believe its showing itself as popup coupons and ads in my surfing.

Read other 13 answers
RELEVANCY SCORE 38.8

Hello,
 
I ran Malwarebytes because the computer was slow AND I was seeing lots of ad site loading when starting Iron. I do not internet explorer but it is on the computer. Originally was getting a message Malware Bytes/Avira saying outgoing IP is being blocked. I found lots of PUPs and removed them using this quide:
 
 http://www.bleepingcomputer.com/forums/t/490177/malware-bytes-blocks-outgoing-ip-addresses/
 
my quarantine in Avira shows ADWARE/Adware.Gen2 on March 17
 
now trojan.elex is detected.  
 
 
as I type this, the bottom left of Iron keep saying waiting for... (bunch of sites) and sends over and over slowing down my typing.
 
Here are the logs as instructed:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Sean Concannon at 21:58:50 on 2014-03-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4000.2696 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetw... Read more

A:lots of PUP detected now trojan.elex is showing up

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528810 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 36 answers
RELEVANCY SCORE 38.8

Hi.
Looking for some advice.
I have a Windows xp on a dell workstation.
I have McAfee virus protection and have started to get this warning ref Boaxxe.
Carried out a manula scan of system but nothing showed up.
My virus protection cannot seem to remove this. I assume because it's tied to a system file.

Could anyone assist me in removal? I would be most grateful.

I have attached a short few lines from the McAfee event log.


5/3/2009 7:01:15 PM Move failed (Clean failed) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\fwydivf.dll Boaxxe
5/3/2009 7:01:24 PM No Action Taken (Clean failed) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\fwydivf.dll Boaxxe
5/3/2009 7:01:32 PM No Action Taken (Clean failed) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\fwydivf.dll

Thanks
Steve

A:Started getting warnings showing Boaxxe trojan.

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here or here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure... Read more

Read other 9 answers
RELEVANCY SCORE 38.8

Hi Guys,

Vista has just started running really slowly for about the last 2 days or so. I havent really had time to have a look at it as ive been so busy last few days. I suspect its somekind of malware or trojan possibly as ive been on irc a lot recentley, internet connection also seems slow so im pretty certain ive been hacked or something. If you guys could have a look at my log and help me out asap that would be amazing! many thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 18:46:09, on 02/06/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
E:\Windows\system32\Dwm.exe
E:\Windows\system32\taskeng.exe
E:\Windows\System32\rundll32.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\Program Files\Synaptics\SynTP\Toshiba.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
E:\Windows\ehome\ehtray.exe
E:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Windows\ehome\ehmsas.exe
E:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
E:\Program Files\Windows Sidebar\sidebar... Read more

A:vista suddenly running really slow, hijack this log included possibly trojan?

can anyone help me out please? i had some problems before a while ago and you guys were all very helpful. Just my laptop is on its deathbed it seems, all running so slowly and im worried that someone might have access to my pc throught the trojan as its so slow. thanks in advance
 

Read other 2 answers
RELEVANCY SCORE 38.4

I had the google redirect virus and want to make sure I am clean of everything.
All removal programs come up clean except Hijack and DDS which show the .exe files in my temp folder. I ran autorun and unchecked them, which removed them from Hijacks log but not DDS, I am wondering if this is a problem and if there are still traces of the infection somewhere.

I have OTL/DDS/etc,etc logs if needed.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Caitlynn at 17:23:09 on 2011-06-06
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1734 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc... Read more

A:Cleaned, but clear? DDS logs showing trojan .exe's in services

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 3 answers
RELEVANCY SCORE 38.4

I have tried everything I know of to remove this virus - please help!I purchased and downloaded Kaspersky Anti-Virus 7.0, but I'm still getting occasional pop-ups and less than ideal responsiveness and performance from my computer.Symptoms:Slow windows operation and web browsing.Internet explorer pop-up ads when attempting to use the internet (regardless of whether I'm using firefox or internet explorer).Frequent alerts from Kaspersky that "Trojan.Win32.Agent.bck" is attempting to install.When I boot in Safe Mode, I get the "Windows is in diagnostic mode, would you like to use System Restore?" prompt.Here is my Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:44:35 PM, on 11/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program ... Read more

A:Trojan.win32.agent.bck - Keeps Showing Up In My Kaspersky Report

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 38.4

Hi and Happy New Year.
 
I have tried to avoid coming back here, tried to be careful with my laptop and scan/clean it regularly.  Yet, there is something that quite possibly was embedded before I got this machine that is recurring.
 
I have noticed that my antivirus software keeps notating that there is a .tmp file infected with Trojan.Gen.2.  The file name begins with DWH, and then has 3 or 4 random numbers behind it.  98% of the time the file is quarantined.  Sometimes the file is labeled "access denied."  Also, my boot time is elongated, and strange things happen from time to time with my browsing, like a known. trusted site will not accept my login or I won't be able to navigate to a site at all or there is a pregnant delay before taking me to a site.
 
So, I would like to check and see if there is a remnant of a hijack on this machine, and then get rid of it.
 
Here is the DDS file; the other file is attached.  Thanks in advance!
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by owner at 10:36:00 on 2015-01-06
#Option MBR scan  is disabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2991.488 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {... Read more

A:Trojan.Gen.2 keeps showing up on scan, weird things happening.

Hey my friend, Can you give me please the file path of the file it detects as Malware?Please download FRST (by Farbar) from the link below and save it to your Desktop.Download Mirror #1If you are unsure whether you have 32-Bit or 64-Bit Windows, see hereDisable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)When the disclaimer appears, click Yes.Click Scan to start FRST.When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Read other 18 answers