Over 1 million tech questions and answers.

trojan horse downloader generic9

Q: trojan horse downloader generic9

Hello I have a recurring trojan showing up with AVG. trojan horse downloader generic9.aebx I have tried to delete it several timnes to no avail. My computer has been freezing after 10mins or so after boot up, and running really slow. Is it possible that this might be the cause?Here is the HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:09 PM, on 1/8/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\WINDOWS\Explorer.EXED:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeD:\WINDOWS\system32\CTHELPER.EXED:\WINDOWS\system32\CTXFIHLP.EXED:\WINDOWS\system32\rundll32.exeD:\WINDOWS\SYSTEM32\CTXFISPI.EXED:\PROGRA~1\AVG\AVG8\avgtray.exeD:\WINDOWS\system32\RUNDLL32.EXED:\Program Files\Ideazon\ZEngine\Zboard.exeD:\Program Files\iTunes\iTunesHelper.exeD:\Program Files\Zune\ZuneLauncher.exeD:\program files\steam\steam.exeD:\Program Files\Windows Media Player\WMPNSCFG.exeD:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeD:\WINDOWS\system32\ctfmon.exeD:\Program Files\Logitech\SetPoint\SetPoint.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Creative\Shared Files\CTAudSvc.exeD:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXED:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeD:\PROGRA~1\AVG\AVG8\avgwdsvc.exeD:\Program Files\Bonjour\mDNSResponder.exeD:\PROGRA~1\AVG\AVG8\avgrsx.exeD:\WINDOWS\system32\CTsvcCDA.exeD:\WINDOWS\System32\svchost.exeD:\Program Files\Java\jre6\bin\jqs.exeD:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeD:\WINDOWS\system32\nvsvc32.exeD:\WINDOWS\system32\svchost.exed:\WINDOWS\system32\ZuneBusEnum.exeD:\PROGRA~1\AVG\AVG8\avgemc.exeD:\Program Files\AVG\AVG8\avgcsrvx.exeD:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeD:\Program Files\iPod\bin\iPodService.exeD:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeD:\WINDOWS\system32\wscntfy.exeD:\PROGRA~1\AVG\AVG8\avgnsx.exeD:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uotdealer.com/login.jsp?dt=1242269923470R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [AudioDrvEmulator] "D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXEO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [NI.GSCNS] "D:\DOCUME~1\BIGZ~1\LOCALS~1\Temp\winvsnet.tmp"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Zboard] D:\Program Files\Ideazon\ZEngine\Zboard.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Zune Launcher] "d:\Program Files\Zune\ZuneLauncher.exe"O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silentO4 - HKCU\..\Run: [DUStat] D:\Program Files\DUStat\DUStat.exeO4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exeO4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://courses.gmtraining.com/gm/Raytheon/...er_active_x.exeO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6FC011AB-4A53-45EF-9E8F-D64A062B5612}: NameServer = 192.168.1.1O17 - HKLM\System\CS1\Services\Tcpip\..\{6FC011AB-4A53-45EF-9E8F-D64A062B5612}: NameServer = 192.168.1.1O17 - HKLM\System\CS2\Services\Tcpip\..\{6FC011AB-4A53-45EF-9E8F-D64A062B5612}: NameServer = 192.168.1.1O17 - HKLM\System\CS3\Services\Tcpip\..\{6FC011AB-4A53-45EF-9E8F-D64A062B5612}: NameServer = 192.168.1.1O17 - HKLM\System\CS4\Services\Tcpip\..\{6FC011AB-4A53-45EF-9E8F-D64A062B5612}: NameServer = 192.168.1.1O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dllO20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files\Creative\Shared Files\CTAudSvc.exeO23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe--End of file - 9177 bytesThanks for any help in advance.

RELEVANCY SCORE 200
Preferred Solution: trojan horse downloader generic9

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: trojan horse downloader generic9

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 2 answers
RELEVANCY SCORE 110

Hi, I have just rebooted my computer and avg is picking up the trojan mentioned in the title, when it is removed there is a second one that comes from the recyclers folder, it is called dropper.Generic.bygt.dropper. They bsre one has just returned from the system volume information folder so I'm kind of worried they are not being cleared properly by avg. Thanks for any help you can give with this.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:35:44.85 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.83 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Progra... Read more

A:Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

BUMP please

Read other 10 answers
RELEVANCY SCORE 109.6

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 106.4

hello greetings.

I have downloaded and installed this trojan or hatever it is, was supose to do what it did lol, was supose to install new themes for my windows xp. my antivirus didnt react so I installed, after reboot a weird sound comes out my computer, somethign mess with the keyboard after install and keep typing going trough dos to the welcome windows to introduce password but this thing is keep typing giving me no chance to delete, the trojan installer is Crack.Windows.7.Theme.for.WindowsXP.45059.exe, descripcion: Trojan horse Downloader.Generic9.AILO is is in my documents folder, and shows also another adress after click as process name, c:\WINDOWS\explorer.exe .
Im using my second hd wich has op for this cases and Im doing what I can to fix this, I found the virus,
I found the virus I can delete but the harm to my boot system is what I need to fix, please any help aspreciate, Im working on this and keep an eye here for some help, I think I should find to repair the boot system but it seems is working this is more like a boot bug (start typing a letter for ever from the turn computer on)
my system is p4 2.4 windows xp sp3

thanks in advance.. Nik

Read other answers
RELEVANCY SCORE 105.2

AVG detected Trojan horse Downloader.Generic9.CAXD. AVG will remove them and say the computer needs to be restarted but they come back every time I restart

- I deleted all the files from my temp folder.
- I cleared the System Volume Information (SVI) by "Turning off System Restore".
- Then I changed the security setting in SVI folder and I was able to remove it temporarly but when I reboot the system the virus reappears.
- The virus that AVG detects resides in this folder but obviously there is a problem somewhere else too, maybe the master boot record :

"C:\System Volume Information\Microsoft\smss.exe"
"C:\System Volume Information\Microsoft\services.exe"

How do I remove Trojan horse Downloader.Generic9.CAXD?

Help appreciated. Thanks.

A:How do I remove Trojan horse Downloader.Generic9.CAXD

Welcome to TSF :)

You have pretty serious infection, i will need to know what version of Windows you have. Also, i will need the same windows installation disc. Let me know.

Thanks

Read other 2 answers
RELEVANCY SCORE 88

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 83.2

Hello. AVG picked it up and I'm having a difficult time figuring out how to get rid of it. I'm not sure what it's doing or what it does, but whenever I run a virus scan, it always gets picked up somewhere on my hard dives. AVG can successfully heal or move it to the virus vault, but whenever I run the scan again, it's back in some other place. Does anyone know how to get rid of it? Maybe someone can point me in the right direction?

Thanks!

--------------------------------------
Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:28 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.... Read more

Read other answers
RELEVANCY SCORE 83.2

Hello

My explorer use (both win explorer and internet explorer) is terrorised by an AVG pop up warning about a Trojan.
What do I have to fix in my software and how ?

Thanks in advance and kind regards. JPMaurice

A:Trojan Horse Generic9.xld

Did your scan provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?"Generic Trojan" is a heuristic detection and a name provided to possible new variants of malware. AVG uses heuristic detection which incorporates the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware. Reducing the detection sensitivity will minimize the risk but then that increases the possibility for new malware to infect your system.See How AVG Heuristic Analysis Works. Get a second opinion, by submitting the file to jotti's virusscan or virustotal.com. In the &q... Read more

Read other 5 answers
RELEVANCY SCORE 82.8

hello,I'm a fairly experienced pc user,but I can't seem to destroy this trojan:Downloader.Generic9.CDFLI would highly appreciate any help!AVG comes back with this report:"Bestand";"Infectie";"Resultaat""C:\System Volume Information\Microsoft\smss.exe (1604)";"Trojaans paard Downloader.Generic9.CDFL";"""C:\System Volume Information\Microsoft\smss.exe";"Trojaans paard Downloader.Generic9.CDFL";"Object is niet toegankelijk.""C:\System Volume Information\Microsoft\services.exe (932)";"Trojaans paard Downloader.Generic9.CDFL";"""C:\System Volume Information\Microsoft\services.exe";"Trojaans paard Downloader.Generic9.CDFL";"Object is niet toegankelijk.""Object is niet toegankelijk." is Dutch for "Object is not accessible" so they are not Quarainteened or destroyed.System restore didn't help.Here's my HiJackThis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:23:14, on 21/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\System Volume Information\Microsof... Read more

A:Trojan Downloader.Generic9.CDFL

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

Read other 32 answers
RELEVANCY SCORE 82.4

I have been stuck with Trojan Horse Generic9.AQNO since 6:59 AM Friday Morning. I did not feel like allowing it to ruin my weekend so I did not bother with it until this morning. I am stuck. C:WINDOWS\System32\xstwbtzd.dll can not be deleted. Thanks in advance for any help.

A:Trojan Horse Generic9.aqno

Hello and welcome. What application found this and is this an XP system?Let's do this first.Download SUPERAntiSpyware , Free Home Version. Save to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPER... Read more

Read other 3 answers
RELEVANCY SCORE 82.4

AVG Free Anti-Virus found this in the filename SVCLauncher.exe on 11/17/2007 and again today (11-18-2007) in filename A0054356.exe.
I'm currently running a Kaspersky on line scan.

The computer is a Dell Insprion 9400 with WinXp sp2.

Thanks in advance for any and all help.

A:Trojan Horse Generic9.vpa Infection

Where did AVG find A0054356.exe?It looks like a file normally found in the System Volume Information Folder (SVI) which is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state. Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive an alert or notification that a virus was found in the System Volume Information folder (System Restore points) but the anti-virus software was unable to remove it. Since the System Volume Information folder is a protected directory, your tools cannot access it to delete these files and they sometimes can reinfect your system if you accidentally use an old restore point.If that is where AVG found the file, to resolve this, you need to Set a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.

Read other 10 answers
RELEVANCY SCORE 82.4

Hello. I have followed the instructions, and am ready to post. I will now describe my problem.

AVG has detected something called "Trojan Horse Generic9.AVRP". The letters after the dot often vary. The location is in system32, and it is always .dll. It seems that AVG detects a fresh batch every time I start up.

Thank you very much in advance for any help you may give me, as I am quite annoyed with this virus. That being said, I am very patient and willing to work through this.

I am posting the following:
1. Hijackthis Log
2. Panda Online Virus Scan Report
3. Main.txt from Deckard's

I seem to have lost the extra.txt file, and after re-running deckard's it was not created a second time.

Thanks again for any help

Sincerely,
James

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:38 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.... Read more

A:Trojan Horse Generic9--detected by AVG

Hello -

I'd prefer to see the first main.txt, along with the extra.txt

They should both be located at C:\Deckard\System Scanner\< a numbered folder >\

Please locate them and post.

Read other 3 answers
RELEVANCY SCORE 82.4

I made a thread awhile ago and I stopped cause I thought I was getting a CD that would store it but it looks like it's not happening. I wouldn't mind if the same moderator who helped on this (thanks Amateur, I noticed that some pop ups are gone ) but if he's too busy I would like help from anyone .

Here's the thread

Need help with trojan horse PSW Generic9 ASRC

I was on safe mode and downloaded the combofix but I had to disarm the avg but I couldn't do it on safe mode so I removed it before I did the combofix scan. When I went online next, I downloaded the free avg anti-virus 2012. I haven't used it for scanning yet. Here's the results from combofix scan.

ComboFix 11-12-13.03 - Amy 13/12/2011 18:27:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.303 [GMT -5:00]
Running from: c:\documents and settings\Amy\My Documents\Downloads\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma In... Read more

A:Re: Needs help with trojan horse PSW generic9 ASRC

Do I download the combofix and windows console thing again?

SystemLook 30.07.11 by jpshortstuff
Log created at 16:55 on 16/12/2011 by Amy
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sy*"
C:\I386\NETBT.SYS --a--c- 157056 bytes [00:32 05/11/2003] [11:00 29/08/2002] D96F3BC5A6E7452B0E3275B560DC8528
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [06:26 06/10/2008] [06:14 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\$NtUninstallKB824105$\netbt.sys -----c- 157056 bytes [00:52 06/02/2004] [11:00 29/08/2002] D96F3BC5A6E7452B0E3275B560DC8528
C:\WINDOWS\ServicePackFiles\i386\netbt.sys -----c- 162816 bytes [06:14 04/08/2004] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys --a---- 162816 bytes [11:00 29/08/2002] [19:21 13/04/2008] 4D2AE08FD92F61A4A53A4DC1E29EF7EA

-= EOF =-

Read other 15 answers
RELEVANCY SCORE 82.4

Hi there guys just wondering if neone knows what the hell kind of trojan this is and how the hell do i go about removing all 8000 of them????
 

Read other answers
RELEVANCY SCORE 82.4

The alert of this trojan horse infection keeps appearing whenever i try to access my drives through "My Computer". Even though i click on move to vault, this problem persist repeatedly.

I have run AVG, scanned and remove to vault but problem persist.

I tried to access and del the filename: C:\WINDOWS\system32\winxp.exe but the file reappears each time click on C drive in "My Computer" too!

This process name is stated each time the threat is detected
Process name: C\WINDOWS\system32\wscript.exe

I would really appreciate if anyone out there can help me on this. Thanks a million.


========================================================




DDS (Ver_09-10-13.01) - NTFSx86
Run by Charles Kho at 1:19:25.96 on Wed 10/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2568 [GMT 8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGR... Read more

A:HELP! Trojan horse BackDoor.Generic9.MQL

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

You have an autorun worm onboard. These are typically transmitted via USB flash drive, or other USB devices. Please ensure any USB key recently used is inserted in the machi... Read more

Read other 19 answers
RELEVANCY SCORE 82.4

AVG opening every few min with a new threat! please help! Ive enclsoed Hijack File and attached "attach.txt and dds.txt.
please note there was a process highlighted in red - PING - I killed that process to try to stop the threats every few min. I hope thats ok. didn't think there should be a Ping process going on.

thanks in advance.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:19 PM, on 2/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C... Read more

A:AGV says I've caught the Generic9 Trojan Horse

Read other 16 answers
RELEVANCY SCORE 82.4

Hello,

I just bought a second-hand computer and the only problem seems to be that a pop-up comes up every few minutes. It says the computer found a threat like these:

C:\WINDOWS\SYSTEMS32\svchost.exe

C:\WINDOWS\Temp\xhohpp\setup.exe

Trojan Horse PSW Generic9 ASRC

I have Avg Free 8.5 anti-virus (that needs to be updated) and Spybot Search & Destroy 1.2 installed but I can't seem to used the spybot and I can't get rid of it either. I tried to delete those but Avg couldn't delete them. I don't have a credit card or have access to anti-virus besides that free Avg. How do I delete those? I'm on the safe mode right now cause I don't know what else to do. I would really appreciate it if someone can help me.

Thanks

A:Need help with trojan horse PSW Generic9 ASRC

Hello and welcome to TSF.

We require a comprehensive set of logs to determine the presence of malware or to answer such questions. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 12 answers
RELEVANCY SCORE 82.4

Ok, to start it off i think i have had this since monday, 1/28/08
It started out as a Trojan.Vundo, i ran multiple anti-spyware/cleaners. Then i found a program called "VundoFix" it seemed to have worked, but caused 3 .dll run errors on startup. Yesterday AVG found the trojan horse generic9.aibf, it healed it, but found it again this morning.
I don't know what to do anymore.

A:Trojan Horse Generic9.aibf

RunDLL32.exe is a legit Windows file that loads .dll files which too can be legit or malware related. The "Cannot find...", "Could not run..." or "Error loading..." message usually occurs when the .dll file(s) that was set to run at startup has been deleted and it becomes an orphaned registry entry. Windows is trying to load this file(s) but cannot locate it since the file was removed during an anti-virus or anti-malware scan, or the uninstall of a program. However, the associated registry entry remains and is telling Windows to load the file when you boot up.When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. If the file was removed but not the registry entry, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error... Read more

Read other 3 answers
RELEVANCY SCORE 82.4

I cant seem to get rid of this nasty thing. I have ran AVG and it comes up with like 13409 + .exe files so far. It is located in my Windows\Fonts Folder. It seems like i can keep running the antivirus and it keeps finding more. Is ther any way of "destroying" this thing?
Here is my Hijackthislog; Hope this helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:23 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\PROGRA~1\INCRED~... Read more

Read other answers
RELEVANCY SCORE 82.4

My AVG AntiVirus when I log on to Windows insists in popping up some windows with uknows DLLs (in C:\Windows\System32\... ) that are described as Trojan Horse Generic9.AQNO and "Virus Found Lop" ...In a case, my winlogon.exe terminated and my PC forced to restart. Then again the popping windows.I scanned my computer withSpybot Search & DestroyAVG Antivirus 7.5 (Personal Edition)Counter SpyNow I am attaching my HiJackThis log...Should I be disturbed.....???? Thanx for help [attachment=3673:hijackthis_log.txt]

A:Trojan Horse Generic9.aqno

Anyone!?

Read other 2 answers
RELEVANCY SCORE 81.2

Dear friends,
Whenever I start my computer my AVG anti-virus free edition detects Trojan Horse Generic9.AEUA in C:\WINDOWS\sarc.exe and claims to heal them.But whenever I restart my computer at a later time AVG again detects the same trojan horse in the same system file.This trojan horse however hasn't effected the performance of my computer .Pleaze help me get rid of this!!!!!!!!!

A:Pleaze help me get rid of Trojan Horse Generic9.AEUA

Please go HERE and carry out the instructions that are posted.

If you cannot complete any of the Steps, simply move on to the next one - remember to let the Analyst know about this when you post your logs.

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply.

Read other 1 answers
RELEVANCY SCORE 81.2

Hi,

Can anyone please help me. I've got a lot of important information on my computer and I haven't backed it up because I'm useless with PC's and didn't know at the time I needed to, now I think its too late. I have AVG free addition anti virus because my Mcafee ran out. It seems to be picking up both Trojan horse Generic9.AKBO & a virus JS/psyme but when it says heal then restart the PC they come straight back?! I've also tried running Ad-aware but no look, these programs all seem to slow the computer down dramatically, is there a reason for this or should I just delete them? I don't know how to list a Hijack this log either.

Thanks Danny
 

A:Trojan horse Generic9.AKBO & JS/psyme

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 81.2

Thanks for help and my problem with Trojan Horse Generic9.AKUT and everytime i start my pc my AVG detected this Trojan and ask me Heal it..I did and it keep coming back next restart pc . The file look like 4219413.exe and under c/windows/temp/appreciated the help and im newbie with all this stuff pls help I followed the steps i been told !Scanned with Adware and spybot .Housecall Anti Virus - scanned too took me 4 hoursMcAfee Avert Stinger v2.6.0 [1,144,839 bytes] (4/5/2006) scaned tooI got Window Firewall ONLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:47:37 AM, on 1/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\WINDOWS\system32\VTTimer.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\... Read more

A:Inffected With Trojan Horse Generic9.akut

Anyone can help my problem pls ?

Read other 2 answers
RELEVANCY SCORE 81.2

Hi!I am new to this forum, so please correct me if I somehow "misbehave" I usually don't surf with the IE, but recently I had to because my Opera wouldn't play some nba.com video footage.Afterwards my IE displayed two warnings about downloading either PerformanceOptimizer or NeuerSchild (German, NewShield in English) to fix a virus that infected my PC. I didn't download anything, but soon my AVG 7.5 kept popping up reporting a virus called Generic9.AQNO or Virus Lop which are supposed to be trojan horses. I selected "Move to Vault" everytime. But now IE windows keep popping up out of thin air telling me to join a browser-game called "Gladiatus", or to download NeuerSchild.As of now, there are hardly any deficits in performance, though I am still worried about the security of my PC. It is possibly of interest that I run Windows Vista Home Premium.HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:08:01, on 19.02.2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\AVG Antivirus\avgcc.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Windows\OEM02Mon.exeC:\Program Files\Razer... Read more

A:Trojan Horse Generic9.aqno/virus Lop

Hi,let us first take care of your internal HD.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallRegards,Rosty.

Read other 6 answers
RELEVANCY SCORE 81.2

Hello, I hope someone out there can help.
 
My mom downloaded a game from Pogo.com today called The Clumsys 2 Butterfly and AVG Anitivirus Software picked up the following infection: PSW.Generic9.BSIU. 
 
It said it was located in the following location: c:\Games\Pogo\The Clumsys 2 Butterly Effect\theclumsys2.ifn
 
The first thing i did was select "Protect Me" on the AVG software, and it said that it had successfully gotten rid of the infection.  I then uninstalled the game and ran a scan with the following programs:
 
--MalwareBytes
--Kapersky TDSS Killer
--AVG Antivirus
--Super AntiSpyware
 
My Mom's System Is:
 
HP Pavillion P6-2350
Windows 8 64-Bit
 
All of the above programs said that the system was clean.  There isn't much info online about this particular threat...but is there any other program that I can use to make sure that this threat is no longer active?  Any and all suggestions are welcome.  Thanks in advance!
 
ON A SIDE NOTE:  My mom tends to get lots of viruses on her computer and she mostly plays games that are from Pogo.com.  Does anyone know whether or not Pogo makes its users susceptible to malware and viruses?

A:How do I Remove Trojan Horse: PSW.Generic9.BSIU?

Hello Ali_bear,My name is Cody and I'll be helping you clean up your computer. I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.==========================================================================Some points for you to keep in mind:Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. ... Read more

Read other 6 answers
RELEVANCY SCORE 81.2

I had left my computer alone this morning.  Firefox was open to a blank tab but minimized.  When I came back, AVG Free 2014 was reporting a malware infection, claiming that TFC.exe was infected with a Trojan horse Dropper.Generic9.SLV.  I told it to fix the problem which sent the file to the virus vault.
Then I left the house for a while and when I came back, another notice had popped up, saying svchost.exe was infected with the same thing.  Here are the details on that second notice.
 
Trojan horse Dropper.Generic9.SLV
c:\System Volume Information\_restore{AED28984-2886-4F12-A886-B7CDBE4CC936}\RP227\A0036475.exe
Process name: C:\WINDOWS\system32\svchost.exe
 
I told it to isolate the problem, and it is once again in the virus vault.  Basically, I think I have a Trojan Horse Dropper, and I need help in getting rid of it/fixing it.  DDS log to follow, with Attach.txt added as an attachment, as per the Preparation Guide instructions.  Thanks in advance for any help you guys can provide.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Owner at 15:27:21 on 2014-01-30
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2043.1236 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sy... Read more

A:Trojan horse Dropper.Generic9.SLV Infection

Hello starblazers I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

Read other 25 answers
RELEVANCY SCORE 80.8

Hi, please help!!

My computer infected with 2 types of trojan horses. Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG.

I updated all my antivirus and antispyware, boot to safe mode and manage to find and remove the trojan horses, but it come back after I boot to normal mode.

My antivirus and antispyware are AVG antivirus, AVG anti-spyware, Spybot, Ad-aware.

here I include my HijackThis logfile.
Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svcho... Read more

Read other 2 answers
RELEVANCY SCORE 80.8

Logfile of HijackThis v1.99.1Scan saved at 21:38, on 1/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Grisoft\AVG Anti-Spyware... Read more

A:Infected With Trojan Horse Downloader.generic2.muz And Trojan Horse Downloader.generic3.hxl

Hello what-the? and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

Can you post the log files from, or write down the information about, whatever program is finding these 2 things and where they are being found (like what files and file locations)?

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 80.4

This computer has constant popups from AVG AntiVirus. They say: Threat Detected! While opening file: C:\WINDOWS\system32\commdl.dll - Trojan horse Generic9.AHKQ. There are options to ingnore, info, heal, and move to vault. When I try to heal it says that to finish the process the computer needs to reboot. However, after I reboot the popups keep coming.

I downloaded the dss scanner, but just as it is about to finish, windows has an error and askes me whether to send the error to mictrosoft or not. So, I do not have a log to post. The computer is running Windows XP SP2, and I did run the Panda Active scan. If you would like that log, let me know. Thanks for your help,

Brandon

Read other answers
RELEVANCY SCORE 80.4

Hi there, I am new to this forum! I used AVG and detected just 1 infection: While opening file: E\\WINDOWS\System32\msimg3.dllTrojan.horse.Generic9.AATH. After healing and restarting my pc, it replicates itself whenever I open IE browser.Here is my HiJackThis log fileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:35:41 PM, on 12/25/2007Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeE:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeE:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeE:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeE:\PROGRA~1\Grisoft\AVG7\avgemc.exeE:\Program Files\Bonjour\mDNSResponder.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS... Read more

A:Can't Remove Replicating Trojan.horse.generic9.aath

Hi Pearce15!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.

Read other 24 answers
RELEVANCY SCORE 79.6

Hi, My pc acting very strange since a few days and I found with AVG and Ad-Aware about 20 various infected files and malware. Unfortunately, I didn't noted all of these but the last I noted was :

Trojan horse BHO.DFZ (file name : cmp638)
Trojan horse generic9.BESJ (file name : ptch)
Virus found lop (mlljj.dll)
...

I cleaned and removed all those I found but my pc doesn't seems like before, it's slower, many pop-ups comes with internet explorer, maybe keylogging malware are on because somes of characters i write disappear. Maybe the worst is behind me but i'm pretty sure there's again a lot to clean.

Thanks!

Note : I did all the 5 steps suggested on the site.

Panda log file :

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddcbaxu.dll
Potentially unwanted tool:Application/NirCmd.A ... Read more

A:somes malwares(many pop-ups) and virus (ex:trojan horse BHO.DFZ, generic9.BESJ)

1. Download & save this file to DESKTOP - http://download.bleepingcomputer.com...+/ComboFix.exe

2. Double click to run it

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 9 answers
RELEVANCY SCORE 75.6

I think my computer is infected. I ran AVG 8.0 free scan and it found the two trojans mentioned in the title. I deleted them. My computer is slow and acting strangely so I installed hijack this and ran it. Can you take a look and see if it is and what can I do next? I want to thank you for your time and efforts and tell you I appreciate it ahead of time. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:47 AM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Max Registry Cle... Read more

A:trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ

Read other 15 answers
RELEVANCY SCORE 74.8

Symantec Anti-Virus and Spy Sweeper keep appearing stating that the Downloader Trojan Horse or Trojan-Downloader.gen has been quarantined. Symantec rates it very low and Spy Sweeper rates it very high as far as risk level.
I scanned my computer with Spy Hunter, Spy Sweeper, Symantec Anti-Virus (in safe mode) and Trojan Remover, all with the latest definitions. No trojans or other problems found.

If you go to www.artray.com/quarantine, there are three .bmp files there that you can save to your computer that show the quarantined items and names together with the location they keep appearing in, which is c:\winnt\temp

Can someone please help me remove these trojans. I am on a pc running Windows 2000.

Bob
Email is ptaker at gmail dot com
===========================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41 PM, on 3/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\... Read more

A:Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen

Additional Information 3/10/2008 with Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-10 15:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:25 PM, on 3/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ICV\Binn\sqlservr.exe
C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\... Read more

Read other 2 answers
RELEVANCY SCORE 74.4

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 74.4

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 73.2

I appreciate all the help anyone can provide me in cleaning up my computer!I'm running WinXP SP2 with AVG Anti-Virus. With-in AVG's Vault I currently have 22 various Trojan Horse viruses, of three types:Trojan Horse Clicker.SXT with Path = C:\WINDOWS\system32\23lbM227.dllTrojan Horse Downloader.Generic8.ENX with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeTrojan Horse Downloader.Zlob.AGWB with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeLogfile of random's system information tool 1.04 (written by random/random)Run by Elliot at 2008-11-28 10:37:56Microsoft Windows XP Professional Service Pack 2System drive C: has 5 GB (5%) free of 95 GBTotal RAM: 511 MB (14% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:06 AM, on 28/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\AVG�... Read more

A:Infected with Trojan Horse Clicker.SXT, Downloader.Generic8.ENX and Downloader.Zlob.AGWB

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 8 answers
RELEVANCY SCORE 72.8

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 72.4

ok, i got some viruses/spyware messing around with my system, my avg keeps finding these virus

trojan horse BHO.BDJ , .BDP, .BCD, .BBY
obfustat.plc
trojan horse downloader generic4.fhs

i have already scanned with avg, avg spyware, adaware.... im at a loss of how to get rid of these things.

heres my hijackthis log any help would be appreciated.....

Logfile of HijackThis v1.99.1
Scan saved at 9:53:24 PM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ok5wgwugp.exe
C:\Program Files\Microsoft ActiveSync\WCE... Read more

A:trojan horse bho, obfustat.plc, trojan horse downloader generic4.fhs

Read other 16 answers
RELEVANCY SCORE 71.2

My computer is Windowns XP Service pack 3
I always use Firefox and never use Microsoft explorer.
My computer runs AVG 9.0.830 Free.

On 6/30/10 my computer detected Trojan horse Clicker.AJSF. This was followed immediately afterwords with the detection of Trojan horse Downloader.Agent2.YIZ. This was accompanied by the noise of clicking anywhere from every 10 seconds to 2 every minutes. This went away after a few runs of AVG. Occasionally the volume would balance would lower itself to zero. The Trojan horse Clicker.AJSF was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\119889546
C:\Documents and Settings\corboybp\Application Data\Sun\Java\deployment\cache\6.0\4\3c0ae\784-3513414
the Trojan horse Downloader.Agent2.YIZ was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\loader.exe
C:\Documents and Settings\corboybp\Local Settings\Temp\smss.exe

All was quiet until 7/7/10 when Trojan horse Downloader.Agent2.YIZ showed up again however no symptoms were notable. it was located in the following places:
C:\System Volume Information\Microsoft\smss.exe
C:\System Volume Information\Microsoft\services.exe

Today the scan discovered Trojan horse Downloader.Agent2.YIZ located in the following locations:
C:\System Volume Information\Microsoft\smss.exe (1064)
C:\System Volume Information\Microsoft\smss.exe Result: object is inaccessible
C:\System Volume Information\Microsoft\servic... Read more

A:Trojan horse Clicker.AJSF "congratulations you won!" Trojan horse Downloader.Agent2.Y

Hi,

Please do the following:

Download Bootkit remover to your desktop
This is a rar file if you do not have a program to open it then download and install PeazipExtract Remover.exe to your desktop
Double click Remover.exe to run it
It will show a Black screen with some data on it
Right click on the screen and select > Select All
Press Control+C
Now open a notepad and press Control+V
Post the resultant log here please



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and... Read more

Read other 8 answers
RELEVANCY SCORE 67.6

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 67.6

Hello guys, Thanks for the help with this.
I get a Norton AV window that pops up all the time with file names like $055C6D52.t$m for example. When I look in the quarantine folder I find Hacktool, Trojan Horse, w32.Spybot.Worm, Trojan.Startpage, Downloader.Lop,Bloodhound.Overpacked, Infostealer.Wowcraft, Backdoor.Graybird as files in quarantine. I would like to eliminate whatever it is that keeps attempting to re-infect my machine.

I'm running Norton and AVG, Spybot, and Windows Defender.
I appreciate any help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:45 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\... Read more

A:Hacktool, Trojan Horse, w32.Spybot.Worm, Trojan.Startpage, Downloader., Multiple Infe

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

Read other 10 answers
RELEVANCY SCORE 67.2

Evening...I realize that this is a strange way of going about this, but I think in the long run it will be easier to understand. Below is an explaination of what was happening with my PC as of a few days ago. At that time I intended to request your help in ensuring I'd succeeded in removing all malware, however, after having performed all your prep scans, everything appeared to be fine, and since my PC was behaving in no way suspiciously, I thought, perhaps, I wouldn't have to bother you after all, unfortunately, that may have changed. This morning, while removing a couple of unnecessary start up processes via Msconfig, AVG alerted to a virus and then a short time later, to two more, this is what it "healed" and vaulted: C:WINDOWSsystem32Obfustat.EVN C:ProgramFilesLogMeInx86 C:ProgramFilesLogMeInx86update3-00-600bakx86 From what I've been able to glean online, I now suspect that this could be a false positive and somehow was brought about by what I was doing at the time...possibly? I haven't yet deleted these three "viruses" from my virus vault, and hesitate to do so if they aren't actually viruses at all. However, please read on... I originally wrote the following a few days ago, before I ultimately, decided I might just be in the clear. Fortunately, I hadn't discarded it yet. I apologize for how long and convoluted this is... "Hello... Before we begin, I should point out that my comprehension re computer issues is minimal, at best. So, please bear w... Read more

A:Recent Trojan Horse Downloader.generic5.biu (outerinfo, Yazzlesudoku?), Troj_puritysc.bl Type Trojan & (possible) Obfustat...

Hello alassnsane and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Thanks,Johannes

Read other 12 answers
RELEVANCY SCORE 67.2

Hello,

I did some regular scans on my mothers computer and I found some viruses like Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo. In addition to these viruses my mother had her startup to SELECTIVE startup!!!! I do not know why and it shouldn't have been that way. So I put it back to normal, and startup is ridiculous, and I was just wondering what can we do about getting rid of these viruses and cleaning up random junk from starting on startup.

Thank you in advanced, you guys are awsome,

Steve

p.s. should I post a hijackthis log, if so how should i. save to desktop and scan only?

A:Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.First, please do not post your HijackThis log here as they are NOT permitted in this area of the siteLets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is ... Read more

Read other 16 answers
RELEVANCY SCORE 67.2

picked up these bad boys when i was stupid and launched an .exe that i wasn't too sure of in the first place. anyway, nothing i have is getting rid of them. the following is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:19 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windo... Read more

A:Solved: trojan.vundo/trojan horse/downloader virus help.

Read other 14 answers
RELEVANCY SCORE 67.2

Okay, for the past few days I've been having issues with these viruses. I have seen posts here before asking about how to get rid of the same things but since I have those 3 I don't know if there is a better way to do this.

I keep getting random pop ups. I tried downloading VundoFix but it keeps coming back of course. I ran Spybot Search & destroy and the same thing happens.

The Anti-Virus I'm using is Norton AntiVirus Corporate Edition Full version 7.60.926 if thats even necessary. It is up to date and the description it gives me for each one is..

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1\valera[1]
Location: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wed Sep 19 23:37:08 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\CHER4DUR\lkjh[1]
Location: Quarantine
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Wed Sep 19 23:37:10 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\Documents and Settings\s... Read more

A:Virus issues, Downloader, Trojan.Vundo, Trojan Horse

oh god..okay i should probably mention that right now, my antivirus notification is at 89 notifications and counting the same message over

"Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\WINDOWS\system32\byxxutr.dll
Location: C:\WINDOWS\system32
Computer: STARRSCOMPUTER
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Thu Sep 20 00:15:34 2007"

by the time im done with this message its up to 99 notifications total and still counting.
103 now

im trying to delete it but it says the file is busy and im trying to disable anti virus but i cant figure out how
 

Read other 3 answers
RELEVANCY SCORE 66.8

Hi,

We are visiting my parents-in-law and my daughter used their computer to visit a site called MangaReader.net where apparently she infected their computer with 2 trojans - according to AVG which they have installed on their computer (latest updates installed). Here are the specs and other information:

Computer: Dell Inspiron 530
Processor: Intel Core2 CPU 4400 @ 2.00GHz
RAM: 1 GB
OS: Windows Vista Home Premium SP2

Trojans found by AVG
Downloader.Generic11.CILH
PSW.Generic9.JJT

In order to run the programs dds and gmer, I had to go to safe mode. I could not do anything on the administrator or other profiles. I hope this does not make a difference in the information provided by the scans.
============
dds.txt
.
DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Nita at 13:02:08 on 2011-08-20
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1012.568 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:PSW.Generic9.JJT & Downloader.Generic11.CILH

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
When finished, it will produce a report for you.
.
Please include the following... Read more

Read other 5 answers