Over 1 million tech questions and answers.

2 Trojan Downloaders, Virtumonde, And Possibly More

Q: 2 Trojan Downloaders, Virtumonde, And Possibly More

This is a business computer on a network- so far it's the only client infected. Several hours of work have apparently removed many infections, only to have some reappear from these infections which I can't seem to lick.I have run Adaware (from Lavasoft), Spybot Search and destroy, Trendmicro's free online scanner, and have since installed AVG anti-virus. Hijack this fails to run generating an error, many websites (including this one) are blocked on the affected client- I have to correspond from another client.Here are my Kaspersky log, followed by my DSS logs.--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008 Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, July 21, 2008 18:17:33 Records in database: 981279--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Program Files C:\WINNTScan statistics: Files scanned: 11383 Threat name: 3 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 00:36:31File name / Threat name / Threats countC:\Program Files\xloadnet\xloadnet.exe Infected: Trojan-Downloader.Win32.VB.fuu 1C:\WINNT\system32\aumsDK01\aumsDK011065.exe Infected: Trojan-Downloader.Win32.VB.fao 1C:\WINNT\system32\igqxklws.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aawg 1The selected area was scanned.---------------------------------------------------------------------------------------------------------------------------------------------Deckard's System Scanner v20071014.68Run by Administrator on 2008-07-21 16:18:32Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-21 16:19:21Platform: Windows 2000 Service Pack 4 (5.00.2195)MSIE: Internet Explorer (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\system32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\WINLOGON.EXEC:\WINNT\system32\services.exeC:\WINNT\system32\LSASS.EXEC:\WINNT\system32\svchost.exeC:\WINNT\system32\SPOOLSV.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINNT\system32\svchost.exeC:\MSSQL7\Binn\SQLSERVR.EXEC:\MSSQL7\Binn\SQLSERVR.DLLC:\WINNT\system32\regsvc.exeC:\WINNT\system32\mstask.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINNT\system32\wbem\winmgmt.exeC:\WINNT\explorer.exeC:\Program Files\Vital\POS2000\BIN\vAppCon.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\MSSQL7\Binn\sqlmangr.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINNT\system32\rundll32.exeC:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exeC:\Documents and Settings\Administrator\Desktop\dss.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO2 - BHO: {92d7e7d7-bd04-b288-86f4-76b72465ba31} - {13ab5642-7b67-4f68-882b-40db7d7e7d29} - C:\WINNT\system32\wbjzar.dllO2 - BHO: gooochi browser optimizer - {36bfe620-5f71-7d8a-ff0d-fa00bbe7be4d} - C:\WINNT\system32\garkknzmpqc.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dllO2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)O2 - BHO: (no name) - {E4E34997-4F97-47EC-BC23-2E177D921DFD} - C:\Documents and Settings\Evan\Local Settings\Temp\ljJAPIya.dllO4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [AppCon] "C:\Program Files\Vital\POS2000\BIN\vAppCon.exe"O4 - HKLM\..\Run: [{4e7751c2-121a-ed33-50ff-252d6addcfc6}] C:\WINNT\System32\Rundll32.exe "C:\WINNT\system32\garkknzmpqc.dll" DllStartO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"O4 - HKLM\..\Run: [BM47767480] Rundll32.exe "C:\WINNT\system32\sxtwaqwb.dll",sO4 - HKLM\..\Run: [4445471c] rundll32.exe "C:\WINNT\system32\lgccuyvc.dll",bO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO15 - Trusted Zone: *.sxload.net (HKLM)O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmvax.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216243485675O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8156.7284490741O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://tcgonline.thecomputerguys.com/cryst...tiveXViewer.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{16A92550-0A14-41AC-9D17-E10AF0C7FE2D}: NameServer = 207.172.3.8,207.172.3.9O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLLO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLLO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXEO23 - Service: MSSQLServer - Unknown owner - C:\MSSQL7\Binn\SQLSERVR.EXEO23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe--End of file - 7726 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R0 nlemsql - c:\winnt\system32\drivers\nlemsql.sysR1 cmosa - c:\winnt\system32\drivers\cmosa.sys <Not Verified; Dell Computer Corporation.; Dell? OpenManage Client Instrumentation>-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 MSSQLServer - c:\mssql7\binn\sqlservr.exe-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-07-17 14:57:05 378 --a------ C:\WINNT\Tasks\XoftSpySE.job2008-07-17 14:57:05 464 --a------ C:\WINNT\Tasks\XoftSpySE 2.job2008-07-16 04:00:00 326 --a------ C:\WINNT\Tasks\Spybot - Search & Destroy - Scheduled Task.job-- Files created between 2008-06-21 and 2008-07-21 -----------------------------2008-07-21 14:25:00 0 d-------- C:\WINNT\Sun2008-07-21 14:24:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun2008-07-21 14:23:49 0 d-------- C:\Program Files\Java2008-07-21 14:23:35 0 d-------- C:\Program Files\Common Files\Java2008-07-21 13:58:07 105280 --a------ C:\WINNT\system32\wbjzar.dll2008-07-21 13:58:06 105280 --a------ C:\WINNT\system32\nckrqqef.dll2008-07-21 13:58:03 81184 --a------ C:\WINNT\system32\lgccuyvc.dll2008-07-21 13:55:54 91440 --a------ C:\WINNT\system32\sxtwaqwb.dll2008-07-21 13:55:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_438.dat2008-07-21 13:41:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_24c.dat2008-07-17 17:15:00 81216 -----n--- C:\WINNT\system32\ihvfdfww.dll2008-07-17 17:11:59 105200 --a------ C:\WINNT\system32\isbnsu.dll2008-07-17 17:11:58 105200 --a------ C:\WINNT\system32\wtpgbksk.dll2008-07-17 17:08:58 91440 --a------ C:\WINNT\system32\prbkdwof.dll2008-07-17 15:06:48 0 d-------- C:\Program Files\xloadnet2008-07-17 14:57:02 0 d-------- C:\Program Files\XoftSpySE2008-07-17 13:31:28 0 d-------- C:\Program Files\Alwil Software2008-07-17 11:21:30 0 d-------- C:\Program Files\InetGet22008-07-17 11:17:42 0 d-------- C:\Program Files\Network Monitor2008-07-17 11:17:33 0 d-------- C:\WINNT\system32\vdll2008-07-17 11:17:33 0 d-------- C:\WINNT\system32\dv322008-07-17 11:17:33 0 d-------- C:\WINNT\system32\bin12008-07-17 11:17:33 0 d-------- C:\WINNT\system32\BDE2008-07-17 11:17:23 0 d-------- C:\WINNT\system32\aumsDK012008-07-17 10:54:22 64332 --a------ C:\WINNT\system32\wkzykjswav.exe2008-07-17 10:47:32 830542 ---h----- C:\WINNT\ShellIconCache2008-07-16 18:36:55 0 d-------- C:\Documents and Settings\Administrator\.housecall6.62008-07-16 17:54:14 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f4.dat2008-07-16 17:27:32 0 d-------- C:\WINNT\system32\BITS2008-07-16 17:25:01 0 d-------- C:\WINNT\SoftwareDistribution2008-07-16 17:07:13 105264 --a------ C:\WINNT\system32\ejwvcl.dll2008-07-16 17:07:12 105264 --a------ C:\WINNT\system32\cetgkdsu.dll2008-07-16 17:07:04 81328 --a------ C:\WINNT\system32\jjbojwnm.dll2008-07-16 17:06:49 91440 --a------ C:\WINNT\system32\igqxklws.dll2008-07-15 17:07:24 81184 -----n--- C:\WINNT\system32\ramhqwwd.dll2008-07-15 17:07:14 110080 --a------ C:\WINNT\system32\diwbmsdr.exe2008-07-15 17:06:38 105232 --a------ C:\WINNT\system32\rccxtr.dll2008-07-15 17:06:37 105232 --a------ C:\WINNT\system32\qduninsu.dll2008-07-15 17:06:16 91440 --a------ C:\WINNT\system32\swqcmqnt.dll2008-07-15 13:36:16 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2d8.dat2008-07-15 13:32:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-07-15 11:57:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-07-15 11:54:15 0 d-------- C:\Documents and Settings\Evan\.housecall6.62008-07-15 11:35:35 0 d-------- C:\WINNT\wfrm2008-07-15 11:35:35 0 d-------- C:\Program Files\Common Files\wfrm2008-07-15 11:10:11 0 d-------- C:\Program Files\Webtools2008-07-15 11:10:11 0 d-------- C:\Program Files\CPV82008-07-15 11:10:10 0 d-------- C:\Program Files\Temporary2008-07-14 17:05:47 81168 -----n--- C:\WINNT\system32\dwaseuwr.dll2008-07-14 17:05:41 105264 --a------ C:\WINNT\system32\nmibtx.dll2008-07-14 17:05:38 105264 --a------ C:\WINNT\system32\ddcdotbk.dll2008-07-14 17:04:58 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_380.dat2008-07-14 11:58:28 152197 --a------ C:\WINNT\system32\g72.exe2008-07-14 11:04:58 81152 -----n--- C:\WINNT\system32\msbyktry.dll2008-07-14 10:58:54 0 d-------- C:\Program Files\AntiMalwareGuard82008-07-14 10:58:21 0 d--hs---- C:\WINNT\Qm9iIEpvaG5zb242008-07-14 10:58:18 0 d-------- C:\WINNT\system32\sfig2008-07-14 10:58:18 0 d-------- C:\WINNT\system32\provdll2008-07-14 10:58:18 0 d-------- C:\WINNT\system32\OBDE2008-07-14 10:58:18 0 d-------- C:\WINNT\system32\imp322008-07-14 10:58:17 0 d-------- C:\WINNT\?ppPatch2008-07-14 10:58:12 0 d-------- C:\WINNT\system32\olixds012008-07-07 10:27:12 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-07-03 13:12:00 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_133c.dat2008-07-02 09:33:40 158208 --a------ C:\WINNT\system32\garkknzmpqc.dll2008-07-02 06:32:16 74752 --a------ C:\WINNT\b155.exe-- Find3M Report ---------------------------------------------------------------2008-07-21 14:23:35 0 d-a------ C:\Program Files\Common Files2008-07-17 12:28:18 0 d-------- C:\Program Files\Autopaper2008-07-16 17:25:39 0 d-ah----- C:\Program Files\WindowsUpdate2008-07-15 13:48:28 0 d-------- C:\Program Files\SpywareBlaster2008-07-15 13:33:44 0 d-------- C:\Program Files\Lavasoft2008-07-15 11:43:35 0 d-a------ C:\Program Files\Spyware Doctor-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13ab5642-7b67-4f68-882b-40db7d7e7d29}]07/21/08 01:58p 105280 --a------ C:\WINNT\system32\wbjzar.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36bfe620-5f71-7d8a-ff0d-fa00bbe7be4d}]07/02/08 09:33a 158208 --a------ C:\WINNT\system32\garkknzmpqc.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4E34997-4F97-47EC-BC23-2E177D921DFD}]07/14/08 11:03a 314752 --a------ C:\DOCUME~1\Evan\LOCALS~1\Temp\ljJAPIya.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Synchronization Manager"="mobsync.exe" [07/14/03 08:00a C:\WINNT\system32\mobsync.exe]"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [07/06/05 09:36a]"NAV CfgWiz"="C:\Program Files\Norton AntiVirus\CfgWiz.exe" []"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" []"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []"AppCon"="C:\Program Files\Vital\POS2000\BIN\vAppCon.exe" [07/30/06 03:56p]"{4e7751c2-121a-ed33-50ff-252d6addcfc6}"="C:\WINNT\system32\garkknzmpqc.dll" [07/02/08 09:33a]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/08 07:19p]"xloadnet"="C:\Program Files\xloadnet\xloadnet.exe" [07/17/08 03:06p]"BM47767480"="C:\WINNT\system32\sxtwaqwb.dll" [07/21/08 01:55p]"4445471c"="C:\WINNT\system32\lgccuyvc.dll" [07/21/08 01:58p]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/08 04:27a][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"xloadnet"="C:\Program Files\xloadnet\xloadnet.exe" [07/17/08 03:06p][HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /QC:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk - C:\MSSQL7\Binn\sqlmangr.exe [2/7/2007 1:34:37 PM][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\DOCUME~1\Evan\LOCALS~1\Temp\ljJAPIya[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]@="Driver"-- End of Deckard's System Scanner: finished at 2008-07-21 16:20:30 ------------Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows 2000 Professional (build 2195) SP 4.0Architecture: X86; Language: EnglishCPU 0: Intel Pentium III processorPercentage of Memory in Use: 64%Physical Memory (total/avail): 509.58 MiB / 180.92 MiBPagefile Memory (total/avail): 775.68 MiB / 269.52 MiBVirtual Memory (total/avail): 2047.88 MiB / 1948.35 MiBA: is Removable (No Media)C: is Fixed (NTFS) - 37.26 GiB total, 33.67 GiB free. D: is CDROM (No Media)F: is Network (NTFS)G: is Network (NTFS)H: is Network (NTFS)I: is Network (NTFS)\\.\PHYSICALDRIVE0 - WDC WD40 0BB-00FJA0 SCSI Disk Device - 37.27 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:-- Security Center -------------------------------------------------------------AUOptions is set to notify before download.-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Administrator\Application DataCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=PACKARDComSpec=C:\WINNT\system32\cmd.exeHOMEDRIVE=C:HOMEPATH=\Documents and Settings\AdministratorLOGONSERVER=\\BANTAMNUMBER_OF_PROCESSORS=1OS=Windows_NTOs2LibPath=C:\WINNT\system32\os2\dll;Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\MSSQL7\BINNPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=0806ProgramFiles=C:\Program FilesPROMPT=$P$GSTATION=PACKARDSystemDrive=C:SystemRoot=C:\WINNTTEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\TempTMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\TempUSERDOMAIN=BJALUSERNAME=AdministratorUSERPROFILE=C:\Documents and Settings\Administratorwindir=C:\WINNT-- User Profiles ---------------------------------------------------------------evan.PACKARD (new local, admin)Administrator.PACKARD (admin)EvanAdministrator (admin)-- Add/Remove Programs ---------------------------------------------------------Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exeAdobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}AnswerWorks Runtime --> C:\WINNT\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOGavast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetupCommand --> wscript "C:\WINNT\Qm9iIEpvaG5zb24\kA62KHDSu3cWvZb.vbs"Corel Applications --> C:\WINNT\Corel\Uninst32.exeDell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" Enhancement Browser Tools Gooochi --> C:\WINNT\system32\wkzykjswav.exeHijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4P2VC9AZ\HijackThis.exe" /uninstallIntel Ultra ATA Storage Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\setup.exe" -INTELUNINSTInternet Explorer Q831167 --> C:\WINNT\ieuninst.exe C:\WINNT\INF\Q831167.infJava™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}LaserJet 1020 series --> C:\Program Files\Zenographics\{2D0E282E-E2CB-441F-A670-5350319C9989}\Setup.exe -u "HPLJInstaller.dll=Hplj1020.inf"LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /UMacromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\swflash.inf,DefaultUninstall,5Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.infMicrosoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /uMicrosoft Office Access 2003 --> MsiExec.exe /I{90150409-6000-11D3-8CFE-0150048383C9}Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}MSDE --> C:\WINNT\IsUninst.exe -fC:\MSSQL7\Uninst.isu -c"C:\MSSQL7\sqlsun.dll" -msql70.mifNetwork Monitor --> wscript "C:\WINNT\uninstall_nmon.vbs"NVIDIA Windows 2000 Display Drivers --> rundll32.exe C:\WINNT\system32\nvinstnt.dll,NvUninstallNT4 nvde.infOrderReminder HP LaserJet 1020 --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"Outlook Express Q823353 --> C:\WINNT\oeuninst.exe C:\WINNT\INF\Q823353.infPOS-partner 2000 Upgrade Ver 6.2.4 --> C:\PROGRA~1\Vital\POS2000\UNUPGRADE.exe C:\PROGRA~1\Vital\POS2000\Upgrade.LOGPOS-partner 6.1.4 W/Database Encryption --> C:\PROGRA~1\Vital\POS2000\UNWISE.EXE C:\PROGRA~1\Vital\POS2000\INSTALL.LOGSoundMAXWDM --> C:\WINNT\IsUninst.exe -fC:\WINNT\system32\ADuninst.isuSpybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstallXoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe-- Application Event Log -------------------------------------------------------Event Record #/Type15083 / WarningEvent Submitted/Written: 07/21/2008 01:42:23 PMEvent ID/Source: 4100 / EventSystemEvent Description:The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 8000401A.Event Record #/Type15075 / ErrorEvent Submitted/Written: 07/21/2008 01:41:33 PMEvent ID/Source: 1001 / SQLCTR70Event Description:Cannot open the Registry Key.Event Record #/Type15072 / ErrorEvent Submitted/Written: 07/18/2008 03:26:07 PMEvent ID/Source: 1000 / UserenvEvent Description:Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator. DETAIL - Access is denied. , Build number ((2195)).Event Record #/Type15069 / WarningEvent Submitted/Written: 07/18/2008 10:41:07 AMEvent ID/Source: 4100 / EventSystemEvent Description:The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 8000401A.Event Record #/Type15061 / ErrorEvent Submitted/Written: 07/18/2008 10:40:17 AMEvent ID/Source: 1001 / SQLCTR70Event Description:Cannot open the Registry Key.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type5139 / ErrorEvent Submitted/Written: 07/18/2008 03:24:15 PMEvent ID/Source: 7031 / Service Control ManagerEvent Description:The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action.Event Record #/Type5134 / ErrorEvent Submitted/Written: 07/17/2008 03:58:18 PMEvent ID/Source: 8032 / BROWSEREvent Description:The browser service has failed to retrieve the backup list too many times on transport \Device\Nbf_{16A92550-0A14-41AC-9D17-E10AF0C7FE2D}.The backup browser is stopping.Event Record #/Type5133 / WarningEvent Submitted/Written: 07/17/2008 03:56:18 PMEvent ID/Source: 8021 / BROWSEREvent Description:The browser was unable to retrieve a list of servers from the browser master \\BANTAM on the network \Device\Nbf_{16A92550-0A14-41AC-9D17-E10AF0C7FE2D}.The data is the error code.Event Record #/Type5121 / ErrorEvent Submitted/Written: 07/17/2008 01:27:39 PMEvent ID/Source: 10005 / DCOMEvent Description:DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""in order to run the server:{E60687F7-01A1-40AA-86AC-DB1CBF673334}Event Record #/Type5120 / ErrorEvent Submitted/Written: 07/17/2008 01:27:38 PMEvent ID/Source: 10005 / DCOMEvent Description:DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""in order to run the server:{E60687F7-01A1-40AA-86AC-DB1CBF673334}-- End of Deckard's System Scanner: finished at 2008-07-21 16:20:30 ------------

RELEVANCY SCORE 200
Preferred Solution: 2 Trojan Downloaders, Virtumonde, And Possibly More

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: 2 Trojan Downloaders, Virtumonde, And Possibly More

Hello Justme- and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Restart your computer.4. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

Read other 16 answers
RELEVANCY SCORE 80

I had been getting various error messages when using windows explorer. I also get an error message when trying to use internet explorer. And subsequently can't use internet explorer. The error message looks something like this.Runtime ErrorProgram: C:\\ProgramFiles\InternetExplorer\IExplorer.exeThe application has requested the runtime to terminate it in an unusual way. Please contact the applications support team for more information.A while later the Mcafee software that I had been using detected a virtumonde virus, but it wasn't able to delete it. I have since unistalled Mcafee and installed the AVG Free edition. I have used the Vundo Fix and the VirtumondeBegone, they removed quite a lot of things in my computer, but I don't think that they got all of it out. So far, after all of this, I have ran the AVG Free antivirus, Spybot, ad-Adware SE, Super AntiSpyware, Ccleaner, BitDefender, Counterspy, and I installed a Zone Alarm Firewall. All of these programs seemed to find and fix different problems. After all of this, Im not getting the error message from using windows explorer, but Im still getting the error message when trying to use internet explorer. The AVG antivirus has been continously finding viruses in my system restore.Here is a recent log from HiJackThisogfile of HijackThis v1.99.1Scan saved at 4:56:55 PM, on 4/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\S... Read more

A:Virtumonde/trojan Downloaders

Please download VundoFix.exeto your desktop. Double-click VundoFix.exe to run it.Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.

Read other 3 answers
RELEVANCY SCORE 78

My computer became infected with several types of things that do not seem to be completely deleted or cleaned by any of the various system scans i have doneOne common thing that my McAfee firewall is repeatedly detecting and removing is the Vundo trojan, which i assume is a result from a trojan downloader that is difficult to removeI'll still get random pop-ups when online and i usually get redirected from my homepage to a random ad site when using Internet ExplorerAny help would be greatly appreciated, thank youHere is my log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:05:51 PM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program File... Read more

A:Infected With Virtumonde, Trojan Downloaders, And Adware/ad Pop Ups

Hi,First of all.. I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.Then, I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your s... Read more

Read other 14 answers
RELEVANCY SCORE 76.4

I have been working on my computer for the two days trying to get rid of virtumonde! I keep getting popups from winpatrol that its is in iifecax.dll and jkhhi.dll in the system32 folder. I try to delete it and it is attached to explorere.exe and winlogin.exe. I try to kill/ unlock the process and the system crashes. I have scanned and deleted it in safemode with adaware 2007, AVG antispyware, and superantispyware several times but each time I start the computer up again there it is!!!!!! PLEASE HELP!!! I guess a HJT log might help?
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.... Read more

A:I need my computer tomorrow at work!:mad: Vicious Virtumonde and Trojan Downloaders!

Read other 13 answers
RELEVANCY SCORE 68.4

About my computer: I use a laptop with mozilla fox as my internet. I used to get pop-ups from internet explorer which I never use. The pop-ups stopped after I remove some threats w/ IObit. Now I get frequent pop-ups and lags from mozilla. I've had this trojan called Trohan.Win32/Vundo for about 2 weeks now.IObit Security 360 Scan:Yesterday, I downloaded IObit because I needed something that wouldn't freeze/lag during a scan (I normally use comodo but it takes FOREVER and never finishes). So IObit detected about 86 threats and successfully removed them; however, 1 threat couldn't be removed which was Trojan.Win32/Vundo. I got the location which was in c:\windows\system32\yanohide.dll. I tried finding for it but it wasn't there. Also, whenever I try to load my security programs I get a message from from IObit saying that c:\windows\system32\yanohide.dll wants to connect in order for it to run (I blocked it obviously).Spybot S&D:I also tried scanning with spybot S&D but it's been lagging lately and Idk why... I had to stop it halfway since it lagged and stopped. So far it detected MyWeb.MyWebSearch (I'm guessing this is the cause of the pop-ups) and virtumonde.dll. I wasn't able to remove any of these because like I said S&D lagged and stopped. So I had to exit out of it myself..Malwarebytes Scan:Lastly, I tried to run malwarebytes but I kept getting a window that said that a file was missing (I used this bef... Read more

A:Virus/Trojan infections: Trojan.Win32/Vundo, Virtumonde.dll, MyWeb.MyWebSearch, and possibly more (?)

Hello, ViaSarah.My name is aommaster and I will be helping you with your log.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksWe need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:Log.txtinfo.txt

Read other 54 answers
RELEVANCY SCORE 67.6

Hi,

My sister recently downloaded something from limewire and its given her computer a nasty set of viruses. I tried downloading Malwarebytes Anti-Malware, SuperAntiSpyware and Spyware Doctor.

The virus will not allow me to use the first two programs. I've used Spyware Doctor a few times, initially it found 567 threats and got rid of them, then it found another 30 or so, then again another 30 or so and so on and so on...it's not getting rid of whatever virus(es) are on my sister's computer. She was getting a lot of pop-ups in Internet Explorer and it also seems to be hijacking her browser as well as slowing down her computer significantly. The virus that is showing up the most in Spyware Doctor is the Virtumonde Trojan.

I came to this site and found a thread about this virus and three steps to follow. Obviously I could not perform the first step which involved the Malwarebytes program because the virus is not allowing me to use it. I tried the Vundo Removal tool next and after searching for awhile it came up as finding nothing. I then started the computer in safe mode and tried the VundoBeGone tool and again it came up with nothing.

I need help as to how to go about removing whatever viruses are on her computer. I really wanted to use Malwarebytes but it shuts down after about 5 seconds or so of running.

She has an HP Pavilion dv1000 laptop
Windows XP
Any help would be greatly appreciated as she can't even use her laptop right now and she's current... Read more

A:Virtumonde Trojan, possibly others.

Welcome to BCBefore we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarant... Read more

Read other 7 answers
RELEVANCY SCORE 66.8

my computer started to not letting me open firefox and other programs and it has become slower, i have already eliminated these trojan but they just keep coming back after a reboot.

here's HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:40, on 07-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
G:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
G:\Programas\cFosSpeed\spd.exe
C:\WINDOWS\system32\nsavwdgu.exe
C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Mc... Read more

A:Solved: trojan AOY and possibly virtumonde

Read other 12 answers
RELEVANCY SCORE 66

Hello, for the past few weeks, I think I've been infected with possibly Virtumonde and/or Trojan.Vundo. Everytime I click on search results on Google, I am directed to various ad sites and then eventually sent to the actual link after about 4 consecutive tries. I have tried many spyware detector programs to try to remove this infection (i.e. MalwareBytes, AVG, SUPERAntiSpyware) and nothing has worked. Please help. I am very desperate to get rid of this thing. Thank you!

A:Infected with possibly Virtumonde and/or Trojan.Vundo

Hello, Lets see what we can get here.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Now DrwebBefore we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files cur... Read more

Read other 16 answers
RELEVANCY SCORE 65.2

Hi there,

I've recently been stymied by an array of pop up windows in Firefox that I can't seem to get to go away. I have AVG installed, and upon scanning the software has detected various security threats & malware starting initially with files infected with Virtumonde. After supposively healing these infected files and restarting the computer, a second scan detected a variety of files infected with "Trojan Horse Generic12.AOVI". I sat down this evening to dig a little deeper into the issues when I began getting an Antivirus 2009 pop up screen that hijacks the browser. Occassionaly it attempts to hijack Internet Explorer as well, popping up the program even though I never use it. So needless to say, I'm stumped and quickly losing control of my system. I'm not the only one who uses this computer, so I'm unsure as to how this began. The computer is running quite slowly now as well. If any further info is needed to help solve this issue, just let me know and I'll get whatever is needed. Any help would be greatly appreciated!

Many thanks,
Larry
DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 22:20:18.79 on Wed 01/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.210 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDO... Read more

A:Possibly infected with Virtumonde or Trojan Horse Generic12?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 12 answers
RELEVANCY SCORE 64

Hi,

My XP machine (SP3) was infected last night with malware around 11:30pm (TDSS Rootkit /Zlob) - I didn't figure out what it was until many hours later after many scans and much profanity (4am). Early symptoms: - cd/dvd burner disabled, - symantec corporate AV 11 active protection turned off - can't turn back on, - google results in firefox is redirected to strange search sites, - trying to run on regular boot my system taskbar freezes, cant open folders, - currently in running safe mode.

First attempts at repair: Cleaned temp/reg files with: ccleaner and spybot s&d - found reg entrys for Smitfraud-C & BraveSentry. Ran SmitfraudFix - no improvement.

AV Scans: ran stinger1001624 AV - it found nothing, finally got symantec11 to run full scan in safemode - it found nothing

Malware Scans: Downloaded and ran MBAM- found a few things including TDSS loaded in hidden memory module. it asked to reboot in order to clean - on shutdown got BSOD stop error (something about bad hardware config) rebooted to safemode. Installed trial copy of Spyhunter to see what scan found: 1 instance of VirtuMonde in c:\i386\kb929969.exe -- 120 instances of ZLOB.Trojan in HKLM\Software\Microsoft\Windows\Current Version\Internet Settings\Zone Map\EscDomains -- and Backdoor.TDSS in memory \\?\Globalroot\systemroot\system32\gasfykjenempep.dll. -- ran trial version of unhackme found TDSS in same spot named 'gasfkyoiolholr.... Read more

A:Infected with Backdoor.TDSS Rootkit, Zlob.Trojan & possibly VirtuMonde

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 62.8

Trying to clean up my parents computer. Ran ESET NOD32 and it fixed what it could. Same with Spybot, ABAM, ComboFix...Still reporting infections, Have two logs, HJT and Combo fix. I'm not really sure what to do with the log after I have it. Is there documentation regarding items on the log so I can go through and determine what processes/files/entries are legitimate?Here are the logs... Hijack this log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:53:30 AM, on 4/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\JaBack8\jre\bin\javaw.exeC:\Program Files\BinarySense\HDDlife\HDDlifePro.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files�... Read more

A:Help--Virtumonde,Downloaders,Podnuha detected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 56

Getting pop ups. Virus software detects problems but cannot fix them.AdAware detects "Purity Scan"Spybot cannot fix:DeskbarDownloader.Tsupdate.LHousecall froze while attempting to delete these problems:TROJ_DLOADER.BSKTROJ_GenericADW_Mediamotor.lTROJ_LOWZONES.AKADWARE_BEGIN2SEARCHADWARE_SAFESURFADWARE_MEDIAMOTORHere is the Log from BitDefender:C:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) Infected with: Trojan.Downloader.YMC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) DeletedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 Suspected of: Trojan.Downloader.Small.BCBC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 DeletedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>(Quarantine-4) Infected with: Trojan.Lowzones.CZC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>... Read more

A:3 Trojan.downloaders (ym,small.bcb,bkk) And Trojan.lowzones.cz

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 11 answers
RELEVANCY SCORE 55.6

I don't know who to believe. I am running reg cure, webroot spysweeper,defender,McAfee,and windows malicious software removal tool. To start out I noticed my processor was running pretty high from it's norm. I usually use foxfire to log into the net but also use IE for some apps. My IE was redirecting me to a site called mywebsearch.com. I could get on my home page. the is started to do it to foxfire too. Before I lost internet connectivity I downloaded all the programs stated above to run a virus scan. Defender picked up a trojandownloader called win32/small.gen.c, regcure piced up infected registry keys, McAfee would scan then go to blue screen, same with webroot, but it also pics up infected reg keys,shortcuts,ect. and microsoft pics up a trojan called winNT/Alureon.C.
It seems everyday someting else is missing on my computer. I can't run anything from my dvdplayer,process won't start,internet connection is lost, ect. what do I need to do. I can't even dump it and start over. my player won't run now.
I am using my backup computer right now, but it is limited to what it can do.

Almost forgot I am running vista untimate and I do have Hijack This also.

A:trojan downloaders

I was really hoping for some answers to my questions!!!!!!!

Read other 2 answers
RELEVANCY SCORE 55.6

Hi, I have been having issues recently with my Dell laptop. I believe that I opened a malicious file and that I downloaded several Trojans, as that is all my Avast! seems to find every time I start my computer. I don't know how to get rid of them myself and I really need my laptop back! Thanks in advance!KASPERSKY ONLINE SCANNER REPORT Saturday, April 19, 2008 8:34:57 AMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 19/04/2008Kaspersky Anti-Virus database records: 715149 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWSC:\DOCUME~1\Kristine\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 19811 Number of viruses found 6 Number of infected objects 15 Number of suspicious objects 0 Duration of the scan process 00:24:24 Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped ... Read more

A:Trojan Downloaders And More

Hello vidakriss,Welcome to Bleeping Computer Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks,tea

Read other 7 answers
RELEVANCY SCORE 55.6

I'm having trouble with a whole bunch of trojan downloaders and I'm not sure on how to get rid of them.
Trojan-dropper.win32.agent.hl
Trojan-downloader.win32.qoologic.v
Trojan-downloader.win32.apropu.ae
Trojan-downloader.win32.agent.qg
Trojan-downloader.win32.qdown.z

Here is my hijack this log. I hope someone will be able to help me. I'm not familiar with trojans, so any help would be nice.

Logfile of HijackThis v1.99.0
Scan saved at 9:10:36 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\system32\w?nlogon.exe
C:\Program Files\Comm... Read more

A:Trojan downloaders

Read other 7 answers
RELEVANCY SCORE 55.6

Help pls!! I've picked up and can't get rid of several Trojan Downloaders:

Downloader.Dyfica.3Al
.Small.41.J
.lstbar.AP
.lstar.9D

Here's my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:01 PM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sahagent.exe
C:\Program Files\180searchassistant\sais.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\Dwnld exe files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h... Read more

A:Help!!! Trojan Downloaders

Uninstall the following from Add/Remove Programs:

180solutions
PowerScan
SurfAccuracy
YourSiteBar
--------------------------------------------------------------------------
Download: Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now".
Click Spyware scan options.
In that window put a tick by Run a full system scan.
Then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds
(Have it quarantine the items that have that option rather than delete just in case.)
It is a BETA program and there may be false positives.

Reboot.
--------------------------------------------------------------------------
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup,... Read more

Read other 1 answers
RELEVANCY SCORE 55.6

Lol, for a little while i've been getting this Trojan Downloader alert coming from the AVG Anti-Virus folder. I've let it sit for a while, i've scanned and such, and i've tried to handle it myself by healing, sending it to the virus vault, etc, and trying to get it to go away just with having AVG handle it. It hasn't really worked, and I don't want to make the problem worse, so I've come to Tech Guy. :3

Here's the HiJackThis log.

MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi... Read more

A:Trojan Downloaders. :3

Don't mean to be a bother, but the topic nearly dissapeared. Just trying to get it back up, but I don't want to spam.
 

Read other 2 answers
RELEVANCY SCORE 55.6

So I've started cleaning some trojan downloaders out and cleaned out some. Would much appreciate help in eliminating what seems to be remaining in part or full form. Things are much improved now, much less pop-ups, but the concern remains that there are still infections. Running for instance system doctor suggests I have a few items still going, not sure if I may clean these myself or it is worth buying that version to help. Much appreciation for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:25 PM, on 11/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

A:Trojan Downloaders And More!

Hello iwon,Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Read other 33 answers
RELEVANCY SCORE 55.6

Hey everyone, lately there has been a slowdown in my computer and alot of bad possesses.

A:Trojan downloaders?

In order to assist you effectively and identify the offending malware, we need more specific information. Please read Before you post about a problem, Some simple guidelines, then reply back here.What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? What issues/symptoms of infection do you have?What actions have you taken so far?

Read other 1 answers
RELEVANCY SCORE 55.2

Here's the Log of my PC(it runs Vista). It wasn't directly infected, but I think a virus may have piggibacked off the infected Tablet on a USB drive I used. Logfile of HijackThis v1.99.1Scan saved at 10:36:49 PM, on 6/16/2007Platform: Unknown Windows (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Windows OneCare Live\winssnotify.exeC:\hp\support\hpsysdrv.exeC:\hp\KBD\kbd.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Mozy\mozystat.exeC:\Windows\System32\rundll32.exeC:\Windows\ehome\ehmsas.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows S... Read more

A:Infected By Trojan Downloaders on PC

Hi ,

Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed. And please describe why you think you might be infected and any symptoms you may have.

Read other 6 answers
RELEVANCY SCORE 55.2

Hello. I've recently had a large problem with what I think were Trojan downloaders amongst other things. I've followed several of the suggestions on this site and no longer "seem" to have a problem. Previous problems included pop-ups and my Firefox browser trying to connect to a random site. Every time I ran a virus scan it keep coming up with new viruses. However, I think that they may be gone, but I am unsure and could use any help you have to offer. Thanks in advance.I'm not sure what I am doing, but here is my HJT log:(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance. Enthusiast)Logfile of HijackThis v1.99.1Scan saved at 4:30:33 PM, on 31/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1&... Read more

A:Am I Clean? (trojan Downloaders Etc)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.

Read other 2 answers
RELEVANCY SCORE 55.2

This is the log created by hijack this, this is also my work computer so I'd like to avoid trouble and get it resolved quickly...I have installed AVG anti-virus and ZoneAlarm firewall and I have run AdawareSE and Spybot Search and Destroy.....Please help me.....Thank youNicholLogfile of HijackThis v1.99.1Scan saved at 9:20:44 AM, on 06/21/06Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\csasvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\SOUND... Read more

A:Trojan Downloaders And Worms

Welcome aboard, lets get started Download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.==Then after that, do the following scan and post the results:Please download Dr.Web CureIt to the desktop:Double-click the drweb-cureit.exe file and allow to run the Express scan.This will scan the files currently running in memory and when something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer!! Because it could be possible that files in use will be mo... Read more

Read other 14 answers
RELEVANCY SCORE 55.2

My laptop is running a lot slower than before. Kaspersky Internet Security 7.0 detects lots of malware, mostly trojan-downloaders and other spyware. I choose to delete them, but when I reboot, the same viruses pop up. Also, new viruses pop up too. I've tried using CounterSpy, KIS 8.0, ESET Nod32, but none of them could remove the malware. Please reply. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:23 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\In... Read more

Read other answers
RELEVANCY SCORE 55.2

Introduction and a little background on the problem:

Hello! I am a new member (thank you, thank you) who is prone to having bad things happen to good computers. Ok ... here it is. I have removed viruses and spyware manually a couple of years ago, but nothing recently. This is not my own computer (but ironically, it is one I am using while my computer is getting fixed).

The other night I was looking at one of those sites for myspace greeting icons. A bunch of windows popped up and as I tried to keep up and X out of each one as the computer's speed would allow, something installed automatically. There was an instruction in the details of the program that indicated that if the program was unwanted, I could go to the website and uninstall it. STUPID, I know .... but I did.

I tried to run an anti-virus scan on the computer as this computer apparently has Norton / Symantec; however upon closer inspection, there were no executable files in the Norton folder. I could not get the computer to scan. So ... I went out and bought a cheap $20 Defender Pro 5-in-1 product from a store and ran a scan.

It detected Spyware AND viruses.

Seemingly I have "WinAntiSpyware" and can't get rid of it. I tried going to the Symantec website and it gave me instructions to remove the 2006 version. I have the 2007 version. None of the keys in the registry matched up with what the website said to remove.

It detected the following trojans:

1- Trojan-downloader.java.openconnection.... Read more

Read other answers
RELEVANCY SCORE 55.2

I seem to have gotten new threats of win32 trojans on my anti virus software. I have run superantispyware, but it did not dectect any threats. I am running Windows Pro SP2. Here is my HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:40 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Apple\Mobile Device... Read more

A:More Win32 Trojan Downloaders

Read other 6 answers
RELEVANCY SCORE 55.2

Hello, I am an employee at a dental office. One of the receptionist's computer is experiencing Trojan softwares and frequent freezing problems. The computer uses Windows XP Professional and Internet Explorer as its browser. The computer is used for dental office softwares and for researching insurance details on the Internet. When the computer starts, after the login screen, the following error windows appear.Malwarebytes' Anti-Malware is already installed on the computer. However, it would not start up despite multiple attempts.The free version of Spyware Doctor is installed after the appearance of the freezing problems, and found the following spywares.Internet Explorer is also experiencing problems. Not only Google searches are slow, but also clicking on links opens a window either linking to advertisements or to a blank page with this message,Welcome to the MIVA DLL. Please enjoy your stay.Initialization errors: 0 with an URL similar to thishttp://204.137.28.195/bin/findwhat.dll?clickthroughy=52593x=1ZEJg6mkAsVK1apaET9Z54VbiTxZb7FmACEgEgsln2VXTCEnl47iICFmylE:5Tqv96IyQgSmsayKe4ZyylZSpaEYDtI0EN9LNiaIEJE4TNxqTCITslLLM2IQ5Hr;ABsIeTZdTtPA5aZrLarGDgIYt7bspcP2AlxqQCaguct0b4LwbcFFyJIzbufG3 The computer also freezes, and the freezing happens randomly. Sometimes Internet Explorer is running, while sometimes no programs are running at all.The computer is vital to continuing providing quality service to our patients. We appreciate any help Beeping Computer and its staff and m... Read more

A:Freezing with Trojan-Downloaders

The computer also can not create a restore point. It asks for a restart. However, it still does not work after restarts.

Also, the computer frequently freezes before showing the login screen. The computer must be restarted manually.

We value any help available. Thank you!

Read other 7 answers
RELEVANCY SCORE 55.2

hey can someone plz help me i have a zolob trojan downloader and it keeps giving me nvctrl.exe and mssearchnet.exe and other things i will run the smitrem and everything in windows safe mode it also occasionally gives me spy falcon and i will go through the deleting prccess in windows safe mode and it will be gone for a few minutes but then later it comes right back it shows up on my microsoft spyware remover as spyaxe and trojan downloader i will remove it but it does no good i also use ewido to clean them still no good it goes crazy on ewido. I AM AT WHITS END WITH THIS CRAP.

A:Zolob Trojan Downloaders

You could try A?, a Trojan hunter. Just recommended it a few posts above. Free download.

Read other 5 answers
RELEVANCY SCORE 55.2

need help to remove the following

Trojan Horse Downloader.GENERIC4.TBL
Trojan Horse Downloader.Zlob.KYW
Trojan Horse Downloader.Zlob.KYV
Trojan Horse Downloader.Zlob.KYS

and more similar
Am using AVG free edition and AdAware se

They do find them and Quarintine them but more keep appearing
please help !!!!!
 

A:trojan horse downloaders

Read other 14 answers
RELEVANCY SCORE 54.4

I have recently been hit with trojan horses and have read some other posts on this board and have tried some of the advice, but they still keep coming back.

I am getting AVG alerts informing me of following files:
trojan horse downloader.generic2.cxp
trojan horse downloader.generic2.ahr
trojan horse downloader.generic2.cvc
trojan horse dialer.btg
trojan horse dialer.btc

I have tried running CCcleaner, AVG, Ewido, Smitfraudfix, but have not been successful.
I am willing to run through the steps again and any other tips or advice.

I have just installed and run HJT and included the log. I didn't fix anything via HJT yet.
I also have included my Panda log.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 1:42:03 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PR... Read more

A:Trojan Horse downloaders and dialers

Read other 7 answers
RELEVANCY SCORE 54.4

I recently acquired a virus/trojan that started by dropping my firewall. I'm not entirely certain where I picked it up, but believe it was an application on Facebook.

Either way, it has blocked my access to the registry, and constantly opens new tabs / hidden buttons on my laptop. Many of the new tabs are from http://sagipsul.com/go/?cmp=vm_mg_juan&uid=A7BE4696DE8B11DD8B7C166350CFFFFF&lid[...]&cl=superjuan The information in [...] varies dramatically and is lengthy, but the detail listed is the same from popup to popup.

First, I used AVG Free to scan. It found and removed several files and threats, but not the virus. I then used System Mechanic 4, which shows multiple registry errors. However, it will not fix them as "Registry editing has been disabled by your administrator". I have tried to run regedit, but get the same error message.

Can you help? This is the computer I use for work and my online business. It is critical (to me) to get it fixed.

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:26 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

A:Crypt Virus and Trojan Downloaders

Although I didn't really want to resort to a complete reinstall, it was urgent to resolve the problem.

For everyone who looked at my post, thank you.
 

Read other 1 answers
RELEVANCY SCORE 54.4

I recently scanned my PC with Norton AntiVirus, and I have multiple threats;
most of which include Downloaders and Trojans. It could not get rid of them as repair and delete failed.
AdAware was also no help.

I am running Windows XP and most of the threats are coming from temporary internet files, but the folder is not there.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:33, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\Razer\Habu\razerhid.exe
H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
H:\Program Files\Java\jre1.6.0_02... Read more

A:Downloaders & Trojan Horse (Text[1].dat)

Read other 15 answers
RELEVANCY SCORE 54.4

Currently infected with some sort of Trojan that slows me down and keepd pushing all kinds of ads onto my computer anytime I go online. Any help would be greatly appreciated. Thanks in Advance!Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-12-12 15:16:39Microsoft Windows XP Professional Service Pack 2System drive C: has 24 GB (64%) free of 38 GBTotal RAM: 766 MB (12% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:18 PM, on 12/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Fi... Read more

A:Infected with Trojan Horse Downloaders

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

I recently scanned my computer with superantispyware and it cleaned up a few things. I thought I had scanned with AVG earlier but I don't think I had as it started by itself this morning. I had to leave it - I saw it had found something 'bad' and have been trying to find out what it was now that it was all finished scanning. BUT I can just find records of viruses found in scans from a few months back which I didn't even know had been found.

Anyway, what I have are:
Trojan Horse Downloader.Zlob.MCQ

and

Trojan Horse Clicker.GMC

The clicker one is located in a programme I use a lot. I have had this trojan horse there before and when I 'fixed' it, it deleted the whole programme. Will I have to do this again??

I also posted on the malware thread with my HJT log, before I saw these trojan things. Why did superantispyware not pick these up? Are they really a problem?

Please help. Thanks.
 

A:are trojan horse downloaders and clickers bad? Please help.

sorry - i think I was looking at my virus vault.

The one it found today ('exploit') was also there.

should I empty my vault?
 

Read other 1 answers
RELEVANCY SCORE 54.4

THis i the tablet I mentioned in my earlier post. It got infected by which then proceeded to download a bunch of others. THis tablet is running XP.Logfile of HijackThis v1.99.1Scan saved at 10:42:21 PM, on 6/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ccmsetup\ccmsetup.exeC:\WINDOWS\system32\Dashsvc.exeC:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exeC:\Program Files\Softex\OmniPass\Omniserv.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exeC:\Program Files\Microsoft Windows OneCare Live\winss.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\Window... Read more

A:Infected By Trojan Downloaders on Tablet

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. From your log it appears that you are missing one important program: an antivirus. This is somewhat suicidal in today's digital world. Without one you are at a high-risk of reinfection; while I can try to sort your problem out, if you have no protection, the infections will keep resurfacing. Here are some great free antivirus programs:Antivir, Avast!, AVG, Bitdefender FreeInstall one of these, then run a full scan, letting it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.How to make a permanent folder:Click Start | My Computer | Local Disk (C: ) | Program Files.In the menu bar at the top, go to File | New | ... Read more

Read other 25 answers
RELEVANCY SCORE 54.4

Hey guys --

I have a computer that was infected so I did the necessary things to clean it out, or so I thought. I use TrendMicro's OfficeScan on the computer. After cleaning, it did not find any threats, but the next day the threats started at around the same time(noon). It seemed like a downloader since it pulled 20 threats in under a couple of minutes and stopped once I pulled the network cable out. The first day I had a process named 17PHolmes572.exe which had multiple instances in task manager. Cleared those and the next day it became something like b133.exe.bin . And today I noticed a process mrofinu572.exe which I looked up and it said that it was malware. The types of viruses found by officescan are TROJ_VUNDO.BIN, TROJ_PURITY.AD, TROJ_DLOADER.AER, TROJ_RENOS.FV, TROJ_Generic.A, TROJ_ZEROML.BJR, TROJ_DROPPER.AIO, TROJ_DLOADER.HBK, TROJ_AGENT.HGN (Multiple instances of each). Also ran Ad-Aware which cleaned registry infections and possible browser hijacks. I've cleaned with ad-aware, scanned with officescan, cleared temp files and folders and also the ones under Content.IE5 path. A few of the files wouldn't delete under this path so I ended the explorer process and deleted them through the command prompt. This seemed to rid of them. Heres the posting of my HiJackThis log from today. All help is much appreciated . The process C:\WINDOWS\TEMP\XV7FB1.EXE is what OfficeScan uses to redirect an intruder. Something to do with OfcDog.
Logfile of Trend Micro ... Read more

Read other answers
RELEVANCY SCORE 54.4

Hi...started using this new Anti-Virus tool...AVG. When it ran, says I have 2 infected files, "Trojan Horse Downloaders .Keenval.K" Both from the same game site, both games on my desktop...offline play them all the time...from Game Rival, Skyblocks, Goldmine. AVG directed me to "move to the Virus Vault", quarantine I suppose. When I went to do this, have this error message in AVG that says they both cannot be removed! And no action is taken, still sitting on my hard drive. Norton, nor any other spyware, adware stuff I have going found these, have had the games on my system for about 2 years, if not more now.
My question is: what do I do with these files now? Do I go to Game Rival with this? AVG has no customer support, is a free program, just was trying something new. Now am worried I have these virus-in-waitings.
Wanted to post a "hijack this" log..but for some reason I cannot find the site it is in...even after searching in here...if someone could pass that info along to me..will be appreciated! Thanks for you help with this...really is appreciated...Leeann/parrotplay
 

Read other answers
RELEVANCY SCORE 54.4

Hey guys, listen, I've been a long time fan of this site and what you guys do. You guys are a great help and have helped me greatly in the past, even though this is a new account.

So once again I need your wisdom.

My sister recently downloaded a game from the internet, and I'm sure by doing this, she also downloaded a trojan that came with it.

As I was logging in to my admin account on WinXP Pro SP2, I was greeted by my normal start-up applications and then out of nowhere the command prompt boots up...then a German application pops up (minimized) on my desktop bar...next thing I know McAfee (my anti-virus program) pops up asking if I want to grant the program "Project 1" access to the internet. That's an obvious no. Well McAfee pops up two to three times more prompting the same thing, only with two other programs that I'm sure were viruses/generic downloaders.

So I do my standard clean-up...I run Ad-aware SE Pro, McAfee Anti-Virus '05, and McAfee Anti-spyware. Ad-Aware finished and everything it picked up, I deleted. McAfee anti-spyware finished and I deleted a whole bunch of spyware/adware...pretty standard. McAfee anti-virus pops up with 5 components all which it labled as Trojans or Generic Downloaders. Each trojan, (I believe) was named "Dollar Revenue." McAfee asked me if I wanted to "Clean," "Quarantine," or "Delete" the Trojans. I tried all three options but mcAfee was unable to do any of them. I fi... Read more

A:Generic Downloaders & Trojan Aftermath

Bump.

Read other 6 answers
RELEVANCY SCORE 54

Got some sort of nastiness from a .Doc or .Pdf file a few days ago. AVG is calling them Win/32Cryptor, Trojan/Sheur.2, also have had other downloaders although I've got them gone for right now. Also system services seem to have been infected by something that usually has no name on the AVG readout, winlogin.exe, iexplore.exe, svchost.exe, lsass.exe, services.exe. Also have running in my task manager a 3448584324.exe. Note I am in Safe Mode right now. I am unable to get Malwarebytes Anti-Malware to run at all, no matter if I rename, change extension etc. Also My computer is locked in a dumbed down mode where I am unable to rename extensions, but I am still able to run cmd and rename thru the DOS prompt. Regardless, it hasn't worked. I'm calling in the big guns (IE you guys) now because nothing I've got will even run, nevermind work. Also, when initially infected I was unable to get anything to work, constantly would get iexplore.exe errors, saying Windows is shutting down this program, send message to Microsoft blah blah and would constantly cycle and appear to restart explorer. I was able to get those out for the most part with AVG in safe mode but in my past few days of trying to my fixes with redownloading and reinstalling AVG and MBAM it would occasionally come back and start doing the same iexplore crashing again and would require AVG runs again to remove, unfortunately to don't have those logs. Also have the browser redirect problems I've seen on here numerously where ... Read more

A:Win32/Cryptor, Trojan/Sheur.2, downloaders

After much frustration I went and followed another similar thread, used combofix, which removed a rootkit UACwxdunwmc.sys among other UAC files in windows system, which allowed me to get MBAM running, which allowed me to get superspyware going. So those logs are definitely too old to use. Latest MBAM from today shows nothing. Here are my last couple logs tho until it ran clean. Superspyware hasn't run clean yet, tho I haven't run it again after last MBAM, so here is that log. Currently running Kaspersky Online scan. I realize that some of these logs won't help and will need another one for assistance, just wanted to attempt to get interest and help since was unable to at first. Firefox is still running pretty crappily, memory hogging way more than I've seen before at about 136,000k and fluctuating wildly. Stuttering graphics are also noted. Haven't tried to play any games or had real time to sit down with it since clean to check other problems but my browser redirects are apparantly gone as of right now. I will update this when the Kaspersky scan completes.http://www.superantispyware.comGenerated 04/02/2009 at 03:08 AMApplication Version : 4.26.1000Core Rules Database Version : 3824Trace Rules Database Version: 1780Scan type : Complete ScanTotal Scan Time : 00:58:17Memory items scanned : 416Memory threats detected : 0Registry items scanned : 5947Registry threats detected : 3File items scanned : 28095File threats detected : 7Rogue.Component/Trace HK... Read more

Read other 12 answers
RELEVANCY SCORE 54

Hi,
I have huge problems on my PC.

I am getting explorer windows pop up automaticly to sites like:

http://securityonpage.com/?gai=hamm...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

and

http://www.protectroom.com/?gai=ham...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

and

http://www.savetheinformation.com/v...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

also i am getting ballons continually poping up with things like:
System Alert : Melware Threats
Security Alert: [email protected]
System Performance Monitor: Warning (summery system slowed 47%)
Security Alert: Spyware Found - WSA Trojan
Security Alert: Trojan-spyware win32.mx

and error messages like:
Security Warning: New Variant of [email protected] Trojan
Fatel Error! Unhandled Exception: Invalid Operation - Would you like to download latest version of antivirus software?

and these 2 icons keep appearing on my desktop, in my start menu and in my internet Favs. as soon as i link my Local Area Connection
they are : Online Security Guide
and Live Security Warning

It Just won't Stop. every 10 seconds or so, something is poping up.

i see that there is alot of other people with similar probs so i tried a few of the solutions and came up empty handed.

Here is a copy of my latest HJT report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDO... Read more

A:Solved: HELP!! Trojan, Downloaders, Worms & Possible Spyware

Read other 15 answers
RELEVANCY SCORE 54

Hi TSG,

I urgently need help: currently both AVG and SUPERAntiSpyware both picking up traces of trojans, downloaders, and tracking/vundo adware. I've already tried using the VundoFix from googling a previous TSG thread, however even after rebooting, removal doesn't work. However, I'll post a fresh HiJack log as well as a SUPERAntiSpyware log, and start from the beginning. Any help would be greatly appreciated! Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:10 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "... Read more

Read other answers
RELEVANCY SCORE 54

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00... Read more

A:multiple trojan downloaders and spyware issues

another problem seems to be spamming - can't see desktop for small email boxes covering it 4 fold when net connection active!

need my pc for uni on monday - typical timing!

Read other 16 answers
RELEVANCY SCORE 54

ok i just Re formated my . Dell Computer .

and im getting all pop ups and something downloaded automaticly on my pc after 20 minutes... i uninstalled and deleted in folder by the name of it

Works fine but one thing now

( i got Avast4! btw just downloaded and installed )

most of the time when i click a link i search on google.com like
i search this website

Google.com > Tech Support Guys > then sometimes it goes to a different website then it should go to....

pop ups seem to under control

I blame norton

LOL I JUST GOT A LITTLE ERROR LOOK-A-LIKE POP UP SAYING

Get Free Viagra

.... please fix that lol

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:27:12 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\ju... Read more

A:Popups / Trojan / Virus / Downloaders / THIS IS MAJOR

Read other 10 answers
RELEVANCY SCORE 54

i went through and i scanned using spybot, norton, ad-aware, stinger, bit defender, and i got alot of trojan horses and downlaoaders and some redirected hosts. But im not sure if i got everything.this log is sort of old, nobody responded to my other post about this. (i think i needed a better title)Logfile of HijackThis v1.99.1Scan saved at 12:33:38 PM, on 3/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) (i need to get ie 7)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exeC:\Program Files&... Read more

A:Trojan Horses, Redirected Websites, Downloaders

Welcome to the BleepingComputer HijackThis forum shinji1146 Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)Exit Hijackthis.*******************************Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.*******************************Please run this online virus scan:Activescan using Internet Explorer.Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Com... Read more

Read other 9 answers
RELEVANCY SCORE 53.2

Hello,
I went on page that, it seems, changed my homepage and the next time i opened IE, I was infected with trojan downloaders. Now, when i open IE, I get a screen where "Second thought" tries to install itself and asks for me to "press enter". And another copy of this page starts every, like, 10 secs, so i have to unplug my router and it stops, so i scan with AVG and SpyBot and clean everything, and change my homepage. But still, when i re-open IE, all the sh*t gets downloaded again and asks me to press enter.

There seems to be no more traces of it but it all comes back with the opening of IE.
So I dont know what to do and I'm asking your help, thanks.

I'l post my Highjackthis log if it can help:

Logfile of HijackThis v1.98.0
Scan saved at 16:09:59, on 2004-07-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BullGuard\BullGuard Scan Server\bdss.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\BullGuard\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program... Read more

A:When i open IE, I get trojan downloaders, even if anti-virus said im clean, help!

Read other 16 answers
RELEVANCY SCORE 53.2

When I looked into my AVG virus vault today I was concerned to see a series of trojan droppers and downloaders. There were 7 entries, and in order here's how they appeared:
trojan horsedropper.agent.CRO (twice)
trojan horse downloader.agent.INL (3 times)
trojan horse downloader.generic.3NPE (twice)
trojan horse backdoor.generic.2AJH
trojan horse dropper.agent.CRP

then when I ran Panda software these 2 viruses were found:
virus: trj/downloader.MSN
virus: trj/killav.FD (this one is located in the system32 file)

looking for more information on these is like wading through muck...
I have ran the AVG,panda software, adware and hjt and here are the results:

Logfile of HijackThis v1.99.1
Scan saved at 2:29:06 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2ev... Read more

A:Trojan horse droppers, downloaders and backdoor- they all appear in my system

i am still on awaiting some direction please!
 

Read other 2 answers
RELEVANCY SCORE 53.2

Hello every, my name is Tracy I am a teacher, as well as a student. I am a bit of a newb when it comes to computers though, and am really hoping someone can help me. I desperately need my computer this weekend to work on several papers for college. My computer was running very fast for the longest time, then the other day Microsoft security essentials picked up several problems, I listed all the description Microsoft essentials gave me after cleaning my computer. After that happened now when I turn on the computer it runs ok for about an hour, then it just gets slower, and slower, finally I have to hit the power button as the whole computer freezes up. Here is the hijack this log.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:19:55 AM, on 9/18/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Prog... Read more

A:Hijackthis log file, desperately need some guidance, Several Trojan Downloaders.

thanks everyone for all the help, luckly another forum isnt as busy as this one.peace

Read other 2 answers