Over 1 million tech questions and answers.

Security Suite, Trojan.Hiloti, Trojan.Zefarch, Trojan.Agent.U

Q: Security Suite, Trojan.Hiloti, Trojan.Zefarch, Trojan.Agent.U

I've used Malwarebytes and Norton 360 to scan and re-scan my computer to remove any intrusions. I've also read other posts online to remove particular entries in my registry that were associated with these viruses. So far, my MBAM and Norton is saying my computer is clear, but the programs also said that the other day and found something new today. I've backed up my registry as well just in case. The trouble started when I opened up a flash movie file the other day and the security suite kept popping up. So I researched the suite and I knew (general virus knowledge) not to click yes on anything or to download anything. I finally got it to stop but I feel my computer is vulnerable now. Also my Norton 360 is picking up tracking cookies now when it scans, when I never used to have a lot of tracking cookies detected. I'm not 100% confident that my computer is safe. I haven't really used it since I got the Security Suite virus. I've only been running scans and searching online for more information on the removal. I also used Rkill in the process of removing the Security Suite. Your assistance in removing this issue for good is greatly appreciated.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by James Brinson at 22:45:14.70 on Wed 09/15/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1843 [GMT -4:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\Explorer.EXEC:\windows\system32\ctfmon.exeC:\windows\helppane.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exeC:\Program Files\Microsoft Office\Office12\EXCEL.EXEC:\windows\explorer.exeC:\Users\James Brinson\Desktop\dds.scrC:\windows\system32\conhost.exeC:\windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAuDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNABHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: TFPUPWDBankBHO Class: {030ac7b6-e7ec-40f1-8fb2-c0fd344de0b9} - c:\program files\toshiba\tfpu\TFPUPWDBankBHO.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLLBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dllBHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "c:\users\james brinson\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [<NO NAME>] mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorunmRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dllIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: fafs.com\vendorDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllmASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUPHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\users\jamesb~1\appdata\roaming\mozilla\firefox\profiles\aeqte972.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dllFF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dllFF - component: c:\program files\toshiba\tfpu\firefoxaddin\components\TFPUPWDBankEx.dllFF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dllFF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dllFF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dllFF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dllFF - plugin: c:\program files\opera\program\plugins\np_gp.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\james brinson\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\users\james brinson\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dllFF - plugin: c:\users\james brinson\appdata\roaming\mozilla\firefox\profiles\aeqte972.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-27 328752]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-27 173104]R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-29 47104]R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-10-29 49152]R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-10-29 38400]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-29 7680]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-10-29 860160]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-8-31 692272]S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-27 501888]S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100910.001\IDSvix86.sys [2010-9-13 344112]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-27 116784]S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-5-27 339504]S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-8-4 1807608]S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]S2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-27 126392]S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-26 1153368]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-9-3 185712]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-4 659328]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-2 102448]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-12 38224]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-6-26 66080]S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-10-29 24064]S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-29 51512]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]=============== Created Last 30 ================2010-09-16 02:41:42 0 ----a-w- c:\users\james brinson\defogger_reenable2010-09-13 01:35:03 0 d-----w- c:\users\jamesb~1\appdata\roaming\Tific2010-09-13 01:16:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-09-13 01:16:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-09-13 01:16:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-31 15:23:28 0 d-----w- c:\program files\VSO2010-08-25 13:48:43 571904 ----a-w- c:\windows\system32\oleaut32.dll2010-08-20 20:06:43 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll2010-08-20 03:39:30 0 d-----w- c:\program files\Lexmark==================== Find3M ====================2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll2010-07-05 19:54:55 336 ----a-w- c:\program files\temp995.bat2010-06-30 19:10:51 51716 ----a-w- c:\windows\system32\pdf995mon.dll2010-06-30 19:10:51 249856 ----a-w- c:\windows\system32\pdfmona.dll2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat2009-11-07 17:17:20 14 --sh--r- c:\windows\system32\drivers\fbd.sys2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe============= FINISH: 22:45:35.10 ===============

RELEVANCY SCORE 200
Preferred Solution: Security Suite, Trojan.Hiloti, Trojan.Zefarch, Trojan.Agent.U

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Security Suite, Trojan.Hiloti, Trojan.Zefarch, Trojan.Agent.U

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear: DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"information and logs:In your next post I need the following1.logs from DDS2.log from RKUnHooker3.let me know of any problems you may have hadGringo

Read other 12 answers
RELEVANCY SCORE 136.8

Hello I have an Acer Aspire 5100 laptop running Windows XP Home. All microsoft updates current to Sept 15. Using Avira Antivirus, Malwarebytes, Super Anti Spyware, Spyware Blaster, Spybot Search and Destroy, CCleaner and Windows Defender. All updates current to Sep 15. Windows Defender has disappeared from the task bar.Problems are as follows: all started on Friday, Sept 17 in the morning, no problems before that at all- Ccleaner had entries in registry that looked very suspicous (one included nqagoxiw in the entry) - cannot get to Windows Update site (page says Internet Explorer cannot display the webpage) - could not get Avira, etc to update (some have since started updating)- could not get to forums page (redirect to Godzilla Malware or something close to that) - I connected via the cached link so I could print the instructions- cannot load Task Manager- could not get Control Panel to work (It is now working)- if I try to run Avira or Malwarebytes in safe mode the computer shuts down (also shut down once in regular mode when I was running Malwarebytes)- fixed in time debugger keeps popping up- messages saying Windows Explorer has encountered a problem (could not save error message so this a summary of the message)- gmer runs but freezes and I cannot save the log or copy it - indeed I have to shut down with the power button as laptop becomes totally nonresponsive (I hand copied the last fews lines of the log that were displayed and have posted those at the bottom of this me... Read more

A:TR/Crypt.XPACK.Gen3 Trojan ; Trojan.Hiloti ; Trojan.Agent/Gen-Falint

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 28 answers
RELEVANCY SCORE 134

Removed Security Suite using the guide on Bleepingcomputer. Now Trojan.Zefarch!gen keeps popping up.DDS (Ver_10-03-17.01) - NTFSx86 Run by William Bailey at 14:24:26.45 on Sat 09/18/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.408 [GMT -4:00]AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\Program Files\... Read more

A:Removed Security Suite now have Trojan.Zefarch!gen

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 11 answers
RELEVANCY SCORE 132.8

Avast first alerted me to an infection, which I quarantined, called Win32:malware.gen. I followed some forum info after quarantining the malware which suggested I download Malwarebytes and run a scan. I have done this several times and Malwarebytes continues to find infected .dll files described as TROJAN.HILOTI.GEN, TROJAN.AGENT, and TROJAN.VUNDO.I followed all the prescribed methods from this website from here:http://www.bleepingcomputer.com/virus-remo...undo-virtumondeNeither Vundo Fix or VirtumundoBegone found anything. Malwarebytes keeps finding .dll files every time I run it.Note: I had to rename the mbam.exe file in order to run it. I could download it, but it wouldn't run unless it was named something else.I am now following the instructions from here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Note: I can not run GMER without my machine crashing so I can not attach the required ark.txt log. Finally, once when running MBAM my Avast kicked up a warning that it had stopped malware from executing and gave the reason that Malwarebytes had triggered it.I would appreciate any help on this. I'm at the end of my rope. I've been trying to eradicate this for 3 days now. All my important files have been burned on a CD-R so I am willing to nuke the whole drive/OS if that is required.Thanks in advance and I hope to hear from someone soon.So I will now post the DDS.txt report as requested a... Read more

A:Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 4 answers
RELEVANCY SCORE 130

Internet Explorer was popping up windows, 3 at a time, regardless if I was on the Internet. These popups are continuous, making it almost impossible to do anything. I downloaded and installed Malwarebytes, performed the Quick Scan, and 18 infections were identified. They were quarantined and I deleted them. I then performed a Full Scan and it was clean. However, IE is still launching new windows as quickly as it closes them and placing them at the forefront of everything I do.I was not able get a Gmer log as these popup windows interrupt its process. I tried at least 5 times. Following is my DDS log. I am also including the Malwarebytes log in case that might help as well. Please note that I replaced the user name with [name] in the logs.Many thanks!EDIT: If it helps to know this, when I had Task Manager up to kill IE each time it launched it's trio of windows while Malwarebytes performed its scan, every time the URL it launched with was www.webcrawler.com, and then it redirected to another site. It seemed to be referring to a list of sites as some were repeated..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by [name] at 17:51:16 on 2011-08-07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.513 [GMT -7:00]..============== Running Processes ===============.C:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.... Read more

A:IE Popups Still Highjacking My Computer, After Removing Trojan.BHO, Trojan.FakeAlert, Trojan.Hiloti, Adware.Agent, Adware.DeepD...

Hello Alda B. Woods and welcome to BC.

Sorry about the delay, do you still need help?

Read other 8 answers
RELEVANCY SCORE 127.2

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 125.2

My desktop and laptop were recently infected with Trojan viruses (according to malware on my laptop and windows defender on my desktop). My desktop is completely inoperable so this post is in reference to my laptop.My laptop was acting slow and google chrome (my standard web browser) was coming up with unusual error messages (I believe is said "Error, click ok to terminate command". I ran malware and found Trojan Hiloti and Trojan Agent. Here are the files that were infected based on my Malware log;Files Infected:C:\WINDOWS\clefgtu.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\~TM34.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\~TMD.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Kevin\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\monxga32.exe (Trojan.Agent) -> Quarantined and deleted successfully.I told malware to remove all the trojans but my problems are getting worse. My laptop will now display a blue screen and restart itself ra... Read more

A:Infected with Trojan Hiloti and Trojan Agent [Laptop]

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS and Attach Log

Read other 22 answers
RELEVANCY SCORE 122.8

***6/27/10 EDIT: BOTH IE AND FIREFOX ARE AFFECTED. DISREGARD THE TOPIC DESCRIPTION PLEASE.***Just FYI, this is my first time trying one of these post-your-log virus removal forums. Here's a brief history of my struggle with this problem.6/24/101. Symantec Antivirus detects and deletes Trojan.Zefarch in C:\Documents and Settings\Kevin\Local Settings\Application Data\{Random string}\chrome\content\. Detection occurs everytime I boot up Windows.6/26/10 2. I run a full scan and Symantec reports Trojan.Zefarch in C:\Windows in file "[random string].dll". Symantec is only able to partially remove it.3. I attempt a system restore which fails of course.4. I follow Symantec website's removal instructions for Trojan.Zefarch-Disable System restore, Run a full system scan, delete some registry keys. This stop the virus detection notifications. Google and Yahoo links still redirect in Firefox though.5. Both IE and Firefox are affected. I uninstall Firefox and reinstall it. The problem still persists in Firefox.6. I run ATF Cleaner, then Goored.exe, which detects nothing in the registry.7. I run Malwarebytes' Anti-Malware software and it detects and removes 4 instances of Trojan.Hiloti in the registry, C:\Windows, and C:\Documents and Settings\Kevin\Local Settings\Temp\.8. Google and Yahoo links still redirect.Help would be greatly appreciated.DDS (Ver_10-03-17.01) - NTFSx86 Run by Kevin at 2... Read more

A:Google/yahoo redirecting virus (Trojan.Zefarch, Hiloti, and more?)

Hi fishdontbounce,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer. A brief description of the current issue is sufficient.

Read other 29 answers
RELEVANCY SCORE 110.4

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 110

Hi Boopme
Are you here?
Do I need to post everything that I have already posted to you here?: http://www.bleepingcomputer.com/forums/forum103.html
or is someone else going to help me? if so please let me know and I will give details to them.
By the way - this morning before work - I deleted my quarentine folders from SuperAntiSpyware and the logs from my desktop and ran a scan and it didn't pick anything up! But my Malwarbytes will not load again from the task bar when I click on it - it would not let me stop it by right clicking either so hoping it wasn't running a script for the DDS scan? - so I'm afraid my trojans might be back! I was going to run the Rkill one more time - but I didn't
I couldn't run GMER - I have Windows 7 64 bit and it would run but it didn't give me any options to check mark. I was using the 34 bit explorer (does that matter?)
Also the defogger - I'm not sure it worked as it didn't come up for me to click the finish button - it just went back to the little box that says disable? But I did get the DDS logs.
Here is my DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by tamhbrih at 18:15:58.57 on Mon 02/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.802 [GMT -7:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/... Read more

A:Infected with Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake] &Trojan.Agent/Gen-PEC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 23 answers
RELEVANCY SCORE 108

Malwarebytes' Anti-Malware 1.34Database version: 1876Windows 5.1.2600 Service Pack 23/20/2009 4:06:56 PMmbam-log-2009-03-20 (16-06-56).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 119370Time elapsed: 21 minute(s), 29 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 7Registry Data Items Infected: 3Folders Infected: 0Files Infected: 13Memory Processes Infected:C:\WINDOWS\services.exe (Trojan.Agent) -> Unloaded process successfully.C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LO... Read more

A:Trojan.Agent,Trojan.NtRootkit.Agent,Backdoor.IRCBot,Trojan.FakeAlert.H

I have posted at Geekstogo to help you already.
Please do not post at multiple forums for help.

Read other 1 answers
RELEVANCY SCORE 107.2

Both Symantec Anti Virus and Malwarebytes have been ran in order to remove the Trojan.Zefarch risk. Malwarebytes does not find anything. In Symantec, it finds the file and I select to delete it as well as go into the registry and delete it as well. However it seems to keep coming back into the registry? Here is a my log and thanks for any help:DDS (Ver_10-12-12.02) - NTFSx86 Run by Administrator at 10:26:34.46 on Wed 01/19/2011Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2010.1199 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\DTS.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\AtService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe... Read more

A:Trojan.Zefarch security risk

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Read other 4 answers
RELEVANCY SCORE 106.4

Hello, I'm sadly back again. I was here in the summer. My computer has been acting up. Lots of activites that point to infection. I also have seen my CPU usage jump and pretty much stay at 100% with no active applications open, virutally locked up, or locked up. Fan runs like crazy. My firewall was set to off, without me doing it. Poltergeist in this computer! Prep work as listed on the *Before you post* section is complete. I'm sorry that this posting is so long, but I'm including virus scans as well as the HijackThis log. I used Pandascan, and Bitdefender and my own Trendmicro ran overnight as well. Results for Pandascan:Incident Status Location Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Ab scissor.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Broadband comparison.url ... Read more

A:A Boat Load Of Trojans! Smitfraud, Trojan.winshow.js.b, Trojan.winshow. Trojan.agent.em, Troj Agent.oz, Tro Dloader.qf,tro...

Hello pacificoast, Since you are so infected, I want you to run some additonal scans.***************************************************Please download, update and run the a-squared Free 2.0 Select the "Deep Scan" button and press the Scan button.If malware is found, click the button "Remove Selected Malware"and save the log file by clicking on "Save Report". Let it delete whatever it finds. *************************************************** Download and install AVG Anti-Spyware 7.5 (formerly Ewido) 1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray. 6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows". 7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full d... Read more

Read other 37 answers
RELEVANCY SCORE 106.4

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 106.4

Noticed this morning that Microsoft Security Essentials real-time protection was turned off and that I could not get it to turn back on. Also could not get windows update to run. Went to Services and tried disabling and then enabling windows installer. Also tried uninstalling and reinstalling MSE, but still the same problem.

Next ran MBAM full scan and found the first Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader. Clicked remove selected and let it reboot. MBAM log created below. Ran MBAM (quick scan this time) again and found Trojan.Lameshield.124. About to hit "remove selected" and reboot. Will post log after reboot.

I have backup drives that I use (2.5" USB drives). Should I scan those as well (at same time)? Thank you for any help!!!

MBAM log attached. Ran DDS but didn't see any option to save the log. Will figure that out and post after reboot. EDIT: rebooted, and reran DDS. The program ran, but then shut down without allowing me to save a log. Any ideas to get more information about my issue?

I run Windows Vista 32-bit. Dell Inspiron E1505 (5 years old). I run MSE and windows firewall (firewall still active as far as I can tell). Removed other malware before reinstalling MSE and followed procedures on microsoft articles about reinstalling MSE.
 mbam-log-2012-12-29 (15-25-09).txt   5.9KB
  3 downloads

 mbam-log-2012-12-29 (18-25-47).txt   2.05KB
&nbs... Read more

A:MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, iseeker I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Read other 16 answers
RELEVANCY SCORE 106

At first it started as pop-up internet explorer windows while browsing in Firefox and re-directs in Google when I clicked on a link (however I can copy the link from a google search and paste it in a new window). Then whatever I have seemed to disable my internet connection after a couple of minutes (almost like it new I was trying to figure out how to get rid of it!). I have done some work at trying to remove the problem and it seems like everything is better EXCEPT that Google keeps redirecting - so I know not everything has been cleaned! I have a spotty and slow wireless connection for this computer so I would rather not use an online scanner if I don't have to but I will do what it takes if that is the case.

Looking forward to some help. Attached is my HiJackThis Log from earlier today. Thanks!

A:Trojan.Agent, VBS/Disabler.NAB Trojan, Win32/Kryptik.AKJ Trojan and maybe others! Google Redirect in Firefox

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 41 answers
RELEVANCY SCORE 106

btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kueHi,My antivirus program, BitDefender Antivirus 2010, has blocked the above trojans. The main trojan that keeps popping up however is: Trojan.Agent.AMPC. It is located in my temp file as 94.tmp. I have deleted my temp files, some of them wouldn't delete so I downloaded and ran CCleaner.After successfully deleting files that windows alone wouldn't allow me to do, I presumed my problems were over. (haven't had the antivirus program pop-up in 12 hrs now)I opened up google and typed in the topic I wanted and clicked on the link I wanted & I was redirected to btcar.com. I closed it, clicked on another link and I was directed to virtualway.info among other annoying sites. So I blocked these sites in IE, and proceeded to download & run SpyBot S&D. 4 Issues were found and I repaired them.I then did a deep system scan with BitDefender and it said no viruses or spyware were found:BitDefender Log File Product: BitDefender Antivirus 2010Version: BitDefender Antivirus ScannerScanning task: Deep System ScanLog date: 5/6/2010 2:36:47 AMLog path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1273077407_1_00.xml Scan paths: Path 0000: C:\ Scan Level: Scan for viruses: YesScan for adware: YesScan for spyware: YesScan for applications: YesScan for dialers: YesScan for rootkits: YesScan for keyloggers: Ye... Read more

A:btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kue

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire r... Read more

Read other 2 answers
RELEVANCY SCORE 106

Getting this message from Symantec Endpoint, I deleted the files the other day but every morning I receive this same message or something similar to it.

Security Risk Found!Trojan.Zefarch in File: C:\Documents and Settings\user\Local Settings\Application Data\{1CA5E96D-ADB0-47F0-872C-852AF9E2D7B2}\chrome\content\overlay.xul
 

A:Security Risk Found!Trojan.Zefarch

Any help?
 

Read other 2 answers
RELEVANCY SCORE 104

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 104

Hi, a friend gave me his machine to look at as it was getting pop ups.

I couldn't run in safe mode as machine wouldn't boot.

I changed the names of malware bytes and super anti spyware as they wouldn't install.

Did the compaq windows system restore and tried again.

I ran them both, mbam found 706 entries, superanti found 698.

I then installed nod32 and it found 5 entries.

I rebooted into safe mode, ran scans again with each - mbam said clean, super anti still says,:

Trojan.Rootkit/Gen - 19 entries
Trojan.Agent/Gen - 1 entry
Trojan.Downloader-TinyProxy/Mstre8 - 1 entry

Any help on removing these would be really appreciated, many thanks.

Regards

A:Trojan.RootKit/Gen Trojan.Agent/Gen Trojan.Downloaded-TinyProxy/Mstre8

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 104

Hello! I am so new to all of these! I already searched for the removal of these viruses and read in a lot of forums. All of these forums have logs, etc. involving the precious system files. I don't even understand the logs and I have read instruction on how to remove these but they do not guarantee anything. I am afraid that the PC might malfunction and be sent to the Repair Shop again. (It just got sent 4 days ago) I ran Malwarebyte's Anti-Malware and scanned my computer and found 46 infections. It shows the option that removes the selected files but I'm afraid because these files are categorized as 'Registry Keys, Registry Values, Memory Modules, and Registry Datas'. Should I delete them anyway?

And so, I want a professional, expert, etc. in all of these since I am such a sucker to all of these virus removal stuff.. I want that pro to walk with me through all of these. From the very first step to the very last and that is when the virus will be wiped out.. Please help..

A:Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Please copy/paste the MBam scn log for us to review.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner... Read more

Read other 10 answers
RELEVANCY SCORE 104

DDS (Ver_10-03-17.01) - NTFSx86 Run by XXXXXX at 14:07:30.08 on Mon 04/12/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1944.966 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\DTS.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\AtService.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC: ... Read more

A:Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 2 answers
RELEVANCY SCORE 103.2

Last week a virus hit my dell lapton hard: In a matter of a minute it changed my desktop, threw a flurry of pop-ups and then crashed my computer and wiped out all my data. I had to re-install windows and reload most of my programs. I have had Verizon Internet Security Suite always running, but this got by it. Since the crash I have been scanning every day, most of the day with the Verizon as well as with Malwarebytes, Windows Defender, Spybot Search and Destroy and IoBit Security 360. One or two programs will scan clean, and the next program will catch a virus/worm, I remove the worm, scan again. It's clean, only to have another program scan and find a different virus. In the last week I have removed 17 virus/worms: MalwarePacker.Gen Backdoor.Agent Trojan.VB.Downloader TrojanInject Worm Kolab Trojan 32FackMS.BDO TrojanHiloti.Gen!D Trojan FYNBEN MalwarePacker RBOT ZLOB.Trojan Trojan.dropper In my IoBit 360 Scan report it tells me that I have 2 security holes which I have been unable to repair. 1. Security Update for Flash Player (KB923789) 2. Cumulation Security Update for Internet Explorer 6 from WindowsXP (KB972260) It asks to download and install these files, and I do, but they don't seems to resolve and both security holes remain This is my first time in water this deep and I really need help getting out. Thanks in advance for any and all help.

A:Trojan.dropper, ZLOB, RBot, Trojan.Hiloti and more

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 103.2

I am the computer tech for a small private high school. I recently received a laptop back from one of the teachers. When I asked what the problem was, I was informed that she could not see any of the desktop icons or any of the files on the C: drive.

This system is an HP Compaq 6710b laptop with a Core 2 Duo processor 1.8Ghz with 1GB RAM. It is running Windows XP Pro SP3.

I pulled the hard drive and scanned it externally using MalwareBytes. It found Trojan.FakeAlert (5 occurrences), Rogue.FakeHDD (5 occurrences), and Trojan.Hiloti.Gen (1 occurrence). I put the hard drive back in the system, scanned it again and found no occurrences of the viruses.

I then ran unhide on the system to be able to see the files and desktop icons again. Ran with no problem. I then checked through the system and found *many* dlls in the Windows directory that concerned me. In searching through other malware posts, it became evident that there were other steps that should be taken. From several of the posts, it appeared that OTL would give some additional information. Therefore, I ran that but was unable to decipher exactly what it was telling me (see attached OTL logs).

Have followed the preparation steps for submitting a new malware topic, i.e.,
- Ran Defogger
- Ran GMER (see attached log)
- Ran DDS (see included and attached logs).

The biggest question, obviously, is does it look like this laptop is clean or is there more to be done? .....

Thanks in advance for all your help!... Read more

A:Rogue.FakeHDD, Trojan.FakeAlert, and Trojan.Hiloti.Gen

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 2 answers
RELEVANCY SCORE 102

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 101.6

From: Eric

I received a computer running XP Media Center Edition from a friend. Its desktop was being hidden automatically unless I told it to "show desktop". I ran SuperAntiSpyware and MBAM on it. They seemed to have removed the viruses. In preparation of this topic I ran GMER, which would not run so I ran TDSSkiller. TDSSkiller got rid of a rookit virus. What I need now is to make sure that the computer is completely clean. Here are the DDS and GMER reports.

Thank you

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by sherri cordry at 20:08:08 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1770 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device S... Read more

A:Comp was infected with Trojan.Agent/Gen-Fake AV, Trojan.Agent/Gen-Hullo[short], Rootkit virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426646 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 26 answers
RELEVANCY SCORE 101.2

Hello BP staff:

This is a problem on my sister's laptop and she posted yesterday as cookiebugs47.

System Info: Dell Latitude E6500 BIOS Rev A12
Windows XP SP3
IE ? (cannot determine)

After watching a program on ABC yesterday her computer started getting popups, opened Task Manager and cancelled every application running and thought she was in the clear. Started having more pop-ups occur that I think was scareware and fake alerts, i.e. 2010 Internet Security. Suggested she run mbam and sas - done and both found Trojans. Then more pop-ups, McAfee disabled, internet access disabled, unable to run .exe files, etc.

Current status: A useless computer
Unable to get to the internet
Unable to execute any program
Many "Application not found" messages when trying to
execute programs.

My question: Can we recover from this? Or should we run rkill and start from scratch?
I would like to try to recover. I read that I should post a DSS log and
a GMER log - can I download the software to a CD on a clean computer
so I can get the process started.

Thanks for your help.

Kathy

Read other answers
RELEVANCY SCORE 101.2

It looks like Thursday afternoon a virus started to take over my laptop.  Initially, the computer slowed way down.  I tried to clean up the hard drive with windows utilities.  Then I ran Malwarebytes, which temporarily improved performance.  The next day, it was once again running very slow.  I re-ran Malwarebytes and then ran SuperAntiSpyware.  As I recall, both times that I ran Malwarebytes, it found trojan files.
 
I never received any messages asking for ransom money or anything else announcing the virus prior to running Malwarebytes.
 
The virus has encrypted all of my files.  Most of my files are on an external hard drive.  I have not found any that are not encrypted.
 
The virus has also used up all of the previously available 30+ gb of hard drive space on the internal drive.
 
I have since ordered a new laptop.  I'm ready to move on from the HP Elitebook.  What I really need is to be able to unencrypt the files that are on the external hard drive.
 
Any help would be greatly appreciated!
 
DDS Log
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64  
Internet Explorer: 9.0.8112.16592  BrowserJavaVersion: 10.25.2
Run by 467065 at 15:31:59 on 2015-01-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3887.209 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabl... Read more

A:Infected with Trojan.Agent.0BGen & Trojan.Agent.ED - hard drive files encrypted

I just found the Cryptowall 3.0 files on the hard drive.  I read the FAQ at
 
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information
 
so, I guess that's all I really need to know.  Thank you for the information.

Read other 3 answers
RELEVANCY SCORE 100

Hi all,
Since 2 days I have a nasty thing on my laptop with XP and it really got on my nerves. Usually I can handle the most simple stuff "with a little help from my friends" (forums), but now it looks like I need a real-time help exactly for me.

The symptoms are:
- disabled registry;
- disabled task manager;
- disabled safe-mode;
- Runtime error 6002 on Media player classic and DC++ which requires replacing the *.exe files; also, Spybot doesn't run;
- random-named *.exe files created in \local settings\temp\
- the problematic line in HiJackThis keeps reoccuring:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1.

So the other day I learnt how to re-enable the TaskMan, RegEdit and SafeMode when i need to use them.
Spyware Doctor find the detects the things from the topic name: "Trojan.Agent, Trojan-downloader.agent, Hacktool.spammer".
The thing stays. I'd be very grateful to a little help.

A:Trojan.Agent, Trojan-downloader.agent, Hacktool.spammer, nasty stuff

DDS (Ver_09-03-16.01) - NTFSx86
Run by Alexander at 16:00:39.71 on неделя 26/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1791.1190 [GMT 3:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\wintmlls.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\winxjcakb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ale... Read more

Read other 3 answers
RELEVANCY SCORE 98.8

Ive been fighting the Zlob.Downloader.vcs and Virtumonde-C Viruses for a few days now. Im hoping these logs are telling me that Ive finally won the battle, but I need a second opinion, any help? Greatly appreciated!!Deckard's System Scanner v20071014.68Run by Jack Schmitt on 2008-04-20 18:52:47Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --85: 2008-04-21 01:52:55 UTC - RP85 - Deckard's System Scanner Restore Point84: 2008-04-20 18:10:03 UTC - RP84 - Removed Sunbelt CounterSpy.83: 2008-04-20 17:40:54 UTC - RP83 - Installed Sunbelt CounterSpy.82: 2008-04-19 23:21:58 UTC - RP82 - ComboFix created restore point81: 2008-04-18 18:02:13 UTC - RP81 - Last known good configuration-- First Restore Point -- 1: 2008-04-18 18:01:54 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jack Schmitt.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:35 PM, on 4/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\l... Read more

A:Trojan.vundo, Trojan.agent, Trojan.fakealert

Hello! Welcome!I see you already have Malwarebytes installedDouble-click the Malwarebytes IconOnce the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Please copy and paste the entire report in your next reply. Extra note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.If you have run this tool before please post all previous logfiles.

Read other 1 answers
RELEVANCY SCORE 98.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:36:39 PM, on 8/31/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\tos... Read more

A:Trojan Agent, Trojan Fake, Trojan Generic

HiDisable Spybot's TeaTimer Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck
Resident TeaTimer
and OK any prompts. Restart your computerPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a ... Read more

Read other 2 answers
RELEVANCY SCORE 97.6

It seems I've been infected through my parents' machines when visiting them for Christmas. I am no longer on their network so I've eliminated cross contamination. But here's what's happening:

I think it's a rootkit. Symantec quarantined some files as a Malcol infection and Anti-Malware quarantined some file as Hiloti. The malware has blocked Windows Updates and I'm receiving the error 0x80072efe. The Windows Firewall and Internet Sharing service gets turned off every 20 min or so and I cannot manually restart it (Access denied: error code 5). And on startup I receive the Windows Security balloon notification that SAV has been disabled but only briefly. I think the infection is leveraging svchost PID 1160 as the memory usage for this task is unusually high. I just can't figure out what drivers or dlls this thing is loading to stay persistent. Here are the requested logs:
DDS (Ver_10-12-12.02) - NTFSx86
Run by G$ at 11:20:18.50 on Mon 01/03/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.834 [GMT -8:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.e... Read more

A:Trojan.Hiloti and/or Trojan.Malcol

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 28 answers
RELEVANCY SCORE 97.2

Hi, I?m a newbie and this is my first post. Thanks ahead of time for existing and for helping me!My computer is an HP,AMD Athlon 64x2, 1.0GB RAM, WIN XPsp2 desktop with lots of virus/Trojan/adware/malwareNot sure where they all came from but the surfing the web for fantasy football stuff yesterday morning and landing on www.athlonsports.[com] or www.grogansports.[com] was the final virus that started me crashing and generating the wonderful ?Error Message: Stop c000021a {Fatal System Error} The Session Manager Initialization System Process??After failing to reboot multiple times and not being able to use my XP recovery disks, the computer loaded up somehow in Normal Mode. I disconnected from the Internet and I ran Avast! Antivirus before it crashed again and it found the following virus/etc.Found by Avast! AntivirusJS:Redirector-B[Trj] in a temporary internet fileWMA:Wimad[Drp] in a temporary internet fileWin32:Monder-GB[Trj]? in ?c:windows\system32\opnmlccs.dll? file?Win32:Trojan-gen{Other}? in ?c:\Windows\system32\prunnet.exe? file ?Win32:adware-gen[Adw]? in a program that came with computer that I?ve never used: C:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe\$instdir\ppcttoolbar.dllI deleted/quarantined those viruses and tried to do a system restore to a couple days before and it wouldn't let me do it although I had just saved a system restore on 12/31. And t... Read more

A:Win32:Monder-GB[Trj], Win32:Trojan-gen{Other}, Adware.PopCap, Trojan.Vundo, Trojan.Agent and more

Seneka Rootkit Please read this post by Quietman7http://www.bleepingcomputer.com/forums/ind...t&p=1074915and tell us how you want to procedeYou might want to procede with a partial cleanup so you can finish backing up those pictures

Read other 6 answers
RELEVANCY SCORE 96

Hi,

I was encouraged to post a new topic, after reading the instructions provided here:

http://www.bleepingcomputer.com/forums/topic395475.html/page__st__15

For the past few weeks, I've noticed that my CPU has been running higher than usual, even when I have no open software.

Additionally, upon shutting down Windows 7 (x64 Professional), the screen would darken, asking to shut down open programs, however, whatever process was running, it was hidden and was not identified by Windows.

Last week, I decided to re-install Windows, however it did not solve the problem.

After running several anti-virus, malware removal, anti-spyware tools, SAS identified these:

Trojan.Agent/Gen-IExplorer[Fake] and Trojan.Agent/Gen-PEC

I went ahead and backed up all my data and reformatted the partitions and re-installed Windows 7. However, after being careful to install a firewall and an anti-virus before doing Window updates, I am afraid that the problem is still there. As I shut down Windows, it detects that something is still running in the background.

Please find below the DDS log. Your help is highly appreciated.

Thank you.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by BIGMIG at 22:00:11 on 2011-07-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6126.4776 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
S... Read more

A:Trojan.Agent/Gen-IExplorer[Fake] and Trojan.Agent/Gen-PEC Virus Need Help!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408650 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

Read other 1 answers
RELEVANCY SCORE 96

I have two virus' that I cant remove (Trojan.Agent/Gen-PEC and Trojan.Agent/Gen-IExplorer[Fake]). I have ran Super Anti Spyware a dozen times and it flags these two virus'. However, every time is removes them they come back. Also, they only show up after I run Rkill. Any advice?

A:Trojan.Agent/Gen-IExplorer[Fake] and Trojan.Agent/Gen-PEC Virus

Hello ,lets run these and see. You did update SAS prior to running?Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives select... Read more

Read other 19 answers
RELEVANCY SCORE 96

Hello,
Having some trouble with many trojans. I keep SuperantiSpyware/Malwarebytes/SpyBotS&D quite up to date but recently caught something they are unable to remove. They removed a large amount of other trojans but currently there are a few pesky ones which refuse to budge! namely Trojan HBO, Trojan.Agent & Rootkit.Agent. Other dodgy processes such as BN1.tmp BN2.tmp and many iexporer.exe in the task bar.

Even scanning in safemod under administrator would not budge them.

They seem to be having quite a party redirecting my webpages and even after 1 blue screen explorer.exe has gone on holiday leaving to me to open my own programs manually. Writing this from safemode with networking on and will post a HJT log and hope for some help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:58, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOW... Read more

A:Unable to remove Trojan HBO, Trojan.Agent & Rootkit.Agent

Read other 16 answers
RELEVANCY SCORE 96

Hi there,

First time here
My computer started being quite slow yesterday (all applications) and fan is running on full blast (even though it's clean, I have a fan cooler, and only run Firefox, Skype and a couple of other applications I use everyday that normally work fine). I have had internet connectivity problems as well but could be unrelated? Nothing else major but afraid could be compromised.

Ran a full scan using comodo which came up with above trojan agent. Then downloaded Malwarebytes and same came up. Seems to be moving after quanrantine... but what do I know? I am somewhat useless when it comes to these things... So I need a bit of help to figure out if I should be worried about this, and if so how to remove. Hope I did everything correctly.

Here are my logs. Any help appreciated Thank you for your time!

Karine

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by K at 11:09:07 on 2011-10-19
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: J... Read more

A:[12:17:38 PM] J Webster: Ahk2Exe.exe (Trojan.Agent) & A0039785.exe (Trojan.Agent)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424138 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 95.2

My laptop is infected with this AV Security Suite which Ive found out is a fake antivrus trojan. It has stopped me from opening nearly all of my programmes including the anti malware ones so Im stuck with this. Secondly when I try and boot safe mode it simply goes back to normal mode and asks me to log in.
I would really appreciate any help with this.
Joel

A:AV Security Suite Trojan

To 'kill' the rogue/fake processes from running:

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
Link 1
Link 2
Link 3
Link 4
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.If nothing happens or if the tool does not run, please let me know in your next reply

Next,
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, ... Read more

Read other 18 answers
RELEVANCY SCORE 95.2

My computer has been infected by the AV Security Suite trojan. This happened two nights ago and I was unable to do anything about it. I was not able to open any programs or the internet. I went to buy a USB flash drive and decided I would download rkill from another computer to upload it to the infected computer. When I turned on the computer my AVG asked me if I wanted to heal a trojan found on my computer. I was able to open AVG and perform a scan. Now I am able to open programs but I am still unable to access the internet. Im wondering if I should still go through with the removal. Please Help!!!

A:AV Security Suite Trojan

PLEASE PLEASE PLEASE HELP!!

Read other 2 answers
RELEVANCY SCORE 95.2

We have a Win 7 laptop and CA Internet security suite was installed but apparently disabled (grrrr) and now neither chrome, nor IE will connect to any sites saying Warning: there is a serious trojan security threat. I started up in safe mode to see if I can run highjackthis and after loading Win tells me it cannot find dinotify.exe.

Can someone please help me? Do I need to download dinotify somewhere, or can I just run highjackthis and then post results?

THX!!!
 

A:Win 7 CA security suite trojan

I guess I have this Win 7 Internet Security Virus as described here: http://www.2-viruses.com/remove-win-7-internet-security-2012

I will follow these solutions and use their fake code and then set date 7 days forward. Any feedback on this?
 

Read other 1 answers
RELEVANCY SCORE 94.8

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 94

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 94

Hello,
 
I am pretty sure my computer has caught the virus.  It goes to the blue screen of death after a minute or 2 and then reboots.  At least when I bootup in Safemode with networking it behaves OK.  In the task manager I can see the following process that I don't recognize:
 
svchost.exe with description winrscmde. Properties of that process says that this file was created today and is located in C:\Windows.
 
In the Event viewer I see the following bugcheck error message:
 
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002efd0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031713-43953-01.
 
I haven't removed the virus or anything using Malwarebytes yet. Just wondering what I should do next.
 
Thanks.

A:Malware bytes detected Trojan.Agent, Trojan.BHO, Rootkit.0Access and PUP.IBryte

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see hereDouble click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create MBR.dat fil... Read more

Read other 17 answers
RELEVANCY SCORE 94

I have been having a huge problem for the last 3 days with trojans popping up and coming back. Everything is loading so slow and I keep getting not only popups but videos that popup and I keep getting fake security warnings. The first day they were popping up I was getting notices from AVG which I clicked to heal them. I am no longer getting notices altho scans of AVG and Malwarebytes both show the trojans. I can scan and heal with malwarebytes every 2 minutes and I will have something new in there. Evidently the fix is only temporary. I have tried to manually clean the files out of my registry but that doesnt seem the fix it either. I am at the end of my rope here with ideas on how to fix it. I would so appreciate any help you guys can offer. I also tried to fix it using vundofix but it didnt see anything on my comp.

Here is a copy of my Hijackthis log and Malwarebytes log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:57 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGR... Read more

Read other answers
RELEVANCY SCORE 94

Good evening, Bleeping Computer Gurus! I have been having this problem for about a month. I thought I cleared it up back on the 8th using Malwarebytes' Anti-Malware, but it keeps coming back. I am a little embarrassed to say that I do IT tech work for a living and can't seem to fix this issue. I've been stubbornly trying to fix my problem by my lonesome, and I'm now swallowing my pride and asking the experts for help. Any questions, considerations, advice, or criticisms are warmly welcome.

I always update both AVG and Malwarebytes' Anti-Malware before scanning. Malwarebytes' updates ok, but AVG must be updated manually via directory each time. Recently, AVG finds nothing. On the 8th, 9th, and 10th, AVG found: Downloader.Swizzor.JVP, Generic_c.AGFX, Downloader.Generic2_XQU, and Defiler. Most of the time Malwarebytes' finds something. However, it doesn't always find anything, and it isn't removing the underlying problem. I can verify infection even when Malwarebytes' finds nothing by clicking through Google to AVG (e.g. search "AVG" in Google) and usually 1 out of about 20 clicks will be redirected. An example redirected URL is <http://www.free-download-place.net/avg/index_promo.php?source=CCN-CD277-MIVA-avg> and <http://us.peeplo.com/search/?q=avg&from=adg5> instead of <http://free.avg.com>. Also used to verify is Steam, as it will immediately close without a crash report when the redirector is active and messing with its network requests.... Read more

A:Browser redirects w/ Steam crashes: Trojan.Gumblar, Trojan.Agent, Backdoor.Bot, etc.

Hi,Uninstall these vulnerable Javas:Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 4Java™ 6 Update 5Java™ 6 Update 7Java™ SE Runtime Environment 6 Update 1Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.Download ATF (Atribune Temp File) Cleaner? by Atribune to your desktop.Double-click ATF Cleaner.exe to open itUnder Main choose:Windows TempCurrent User TempAll Users TempCookiesTemporary Internet FilesPrefetchJava Cache*The other boxes are optional*Then click the Empty Selected button.If you use Firefox:Click Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click NO at the prompt.If you use Opera:Click Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click NO at the prompt.Click Exit on the Main menu to close the program.Download the latest version of Kaspersky Virus Removal Tool* Close all other applications and dou... Read more

Read other 3 answers
RELEVANCY SCORE 94

http://www.bleepingcomputer.com/forums/t/176020/avg-error-after-trojan-removalhijack-file/

A:AVG error after trojan removal/hijack file, was infected with trojan horse psw.agent.vqa

Helped here, closed.

Read other 1 answers